Digital Forensics and Incident Response

S21sec’s team is available 24×7 to support organizations against security incidents. Fully committed in the face of security issues, we will work with you to understand them, assess their impact and both define and action remedy strategies.

S21sec provides the most throrough and innovative service against security incidents. Our DFIR team, S21sec’s incident response capability, is able to provide in situ support in, at most, 12 hours, backed up by seasoned threat intelligence officers.

24x7

S21sec is able to support customers 24×7 making available a full range of capabilities (digital forensics, threat hunting, malware reversing, …).

IN SITU SUPPORT

S21sec provides local support in 12 to 24 hours after incident reporting in all of Spain and Portugal.

QUALIFIED STAFF

S21sec is one of the largest cybersecurity players in Europe with extensive customer references and a highly certified and experience team of incident responders.

BEST-OF-CLASS

S21sec uses best-of-class products and a methodological framework to assess, qualify, contain, mitigate and recover from advanced cybersecurity incidents.

DFIR Service Models

RETAINER

Paid up-front, this service model guarantees quicker in situ response time (max. 12 hours), lower cost per incident and faster overall incident closure.

Initial readiness assessment and provision of specific solutions that speed up incident response is a recommendable option.

ON DEMAND

Paid per incident, this service model does not guarantee the same in situ response (typically, up to 24 hours) and incident closure times, at the same time overall cost will be higher.

As “retainer readiness” is not an option, incident response always depends on an initial time-consuming assessment that limits effectiveness.

The number of days it took for organizations to contain a breach in 2017 ranged from 10 to 164 days, with an average of 66 days.

Key Benefits and Differentiators

AT THE FOREFRONT OF SECURITY

S21sec’s SOC-CERT is part of FIRST (Forum of Incident Response and Security Teams) and the TERENA European network. Collaboration and coordination between member organizations enables S21sec to obtain (and provide) the latest alerts for new threats, enabling improved detection and faster resolution.

PROVISION AND IN-DEPTH KNOWLEDGE OF TOOLS

S21sec’s work is backed by leading vendor technologies and solutions, by our own proprietary tools and by our expert teams that include certified technicians in forensics solutions and other relevant products.

EXTENSIVE CERTIFIED EXPERIENCE AND TECHNICAL QUALIFICATIONS

S21sec possesses extensive Incident Response experience having supported customers of varying sizes, natures and industries over more than 15 years.

S21sec technical staff includes certified DFIR professionals, forensic analysts and reversers.

INTELLIGENCE-FUELED RESPONSE CAPACITY IMPROVEMENT

Threat Intelligence officers backing-up in situ incident responders provide them with actionable insights as updated TTP info, actor profiles, malware hashes, amongst others, so response capacity is greatly improved.

EXECUTIVE LEVEL INTERFACE

S21sec team always includes a member of its ExCom to provide executive-level interface when required and to guarantee the provision of resources and staff as needed.

READINESS ASSESSMENT

The execution of a readiness assessment (available in the “retainer” service model) provides contextual information that allows the identification of most-likely incidents and associated play books, as well as specific solutions and configurations to be provisioned that will speed-up response to incidents.

Contact us