From the compromises of Canada's National Research Council that was attributed to a Chinese APT to Sony Picture Entertainment's breach that has been tied to North Korea's cyber warfare program, compromises of an unprecedented scale affect every industry where hundreds of gigabytes of data are often stolen in matter of hours and the containment measures employed, such as disconnecting an entire organization from the internet, are drastic.

When looking back at breaches of such a scale, numerous questions arise:

• Could the compromise have been prevented?
• How long did it take for the breach to be detected?
• Did incident responders move fast enough to limit the scope and breadth of the compromise?
• Were the containment actions sufficient, or were they too aggressive?

By using our managed Incident Response service as an extension of our SOC2Cloud offering, C3SA's CyberFIRE™ team of experts can assist organizations at all of phases of a compromise – from the time an attack was detected to conducting a post-mortem that will review the steps and decisions that were undertaken during the response to improve all Incident Response processes. At C3SA, we offer a managed 24x7x365 managed Incident Response service where our team of experts can take immediate and proactive measures to protect your vital information. This is achieved through:

• Continuous and inclusive, 24x7x365, off-site cutting-edge attack monitoring and response
• An intelligent and comprehensive assessment of active and immediate threats to ensure that any chosen mitigated action does not tip the attacker and result in a worsened scenario
• Creating and deploying on-the-fly new monitoring and blocking rules for your network perimeter defense devices and critical assets
• Proactively isolating compromised hosts while minimizing impact of mitigated actions on your core business
• Near-instant alerting and documentation using trusted and secure channels for all detected attacks along with any subsequent mitigated actions that may been undertaken

Furthermore, our team of experts is ready to deploy across the planet at a moment's notice so that some of the world's best Incident Response professionals can help you on-site with any situation at hand. We specialize in the coordination and management of an organization's response to a cyber incident, and ultimately offloading the burden and risk of the mitigated decisions and corresponding actions that senior management is faced with, by:

• Assisting your Incident Response team in triaging the breach by conducting a Business Impact Assessment to identify assets that need to be prioritized in terms of containment, analysis and restoration along with any information and data that may have been ex-filtrated
• Identifying, notifying and keeping appraised of any significant development relevant stakeholders with timely communications designed to maintain and preserve trust in the business and undertaken response efforts
• Tasking members of the Incident Response team with duties that best utilizes and maximizes each members knowledge and unique skills that they bring to the table
• Overseeing and the work conducted by member's of the Incident Response team
• Bringing-back to an operational status the most pressing and critically affected components of your business in an expedited fashion while mitigating the risk to the rest of your infrastructure
• Liaising, when authorized and deemed appropriate by your senior management, with Law Enforcement, Intelligence Agencies and Regulatory Agencies to gain additional insights into the compromise, ensure compliance with existing laws and regulations and, if feasible, bring the perpetrators to justice
• Conducting an in-depth post-mortem that will review in a comprehensive fashion the root cause of the compromise along with all decisions and steps undertaken by the entire organization in responding to the incident.  This is achieved by interviewing all members of the Incident Response team; identifying gaps, deficiencies and areas of improvement in a constructive fashion all while highlighting the positive and productive aspects of the response and; by providing actionable recommendations that can aid an organization in improving its overall detection capabilities and response to future compromises