Skip links

Advanced analysis for critical cyber security incidents

ARE YOU THE TARGET OF AN ONGOING CYBER ATTACK?

If you have found or suspect that a cyber attack is taking place on your IT systems, we invite you to contact us to analyze the situation, identify the characteristics of that attack and propose immediate response actions.

incidente critice de securitate, incident de securitate

Safetech will conduct advanced technical investigations for critical incidents, consisting in expert analysis and recommendations for fast remediation of the security posture of the beneficiary.

Safetech' capabilities in advanced critical security incident investigation

Safetech's capabilities in advanced critical incident investigation are as follows:

  1. Advanced log analysis

    The objective of this activity is to correlate various log sources and log events, for an advanced identification of all aspects related to the analyzed critical incidents.
 
  1. Network traffic analysis

    The objective of this activity is to correlate network traffic data, internal-internal, internal-external, external-internal, for an advanced identification of all aspects related to the analyzed critical incidents.
 
  1. Memory analysis

    The objective of this activity is to correlate RAM memory data at the system level for the purpose of an advanced identification of all aspects related to the analyzed critical incidents.
 
  1. Forensic analysis of storage devices

    The objective of this activity is to correlate the data from the storage devices (HDD) of the system for the purpose, for an advanced identification of all aspects related to the analyzed critical incidents.
 
  1. Analysis of suspicious files

    As part of this activity, Safetech will carry out one or both of the following:
    • Analysis of static properties of a suspicious file (using hashes, file type identification, embedded artifacts, strings, etc.).
    • Analysis of the behavior of the file executed in an automated system to understand its functionality and identify technical indicators of how it interacts with the operating system, registry, network, etc. Reverse engineering of various suspicious files/binaries is not part of this activity.
  1. Security Investigation Coordination and Reporting

    Safetech will coordinate the technical investigation of the security incident, including non-Safetech investigation and response activities (eg customer SOCs, IAM teams, L1, L2 teams, IT teams, etc.). Investigative activities are not part of Activity 6. This activity must be accompanied by one or more of activities 1-5. As part of activity 6, Safetech will issue a short technical report, written for an audience with a solid technical background. The technical report will include a technical summary, technical analysis, a timeline of the incident management process, a list of IOCs and TTPs identified in the incident management process, analysis of the infection vector and lessons learned.

  1. Proactive activities

    As part of this activity, Safetech will perform one or more of the following:

    • Tabletop Exercises (TTX) – “Tabletop Exercises” are a basic element for assessing an organization’s readiness to deal with a potential cyber attack.
    • Develop incident response plan – Incident response plan is critical for an organization and helps to understand the steps to be taken in case of a critical incident.
    • Compromise assessment – Compromise assessment service is a comprehensive technical assessment and analysis of an organization’s infrastructure, endpoints and servers to look for indicators of compromise or any evidence of malicious activities.

The steps of the engagement for advanced critical security incident investigation

The steps of the engagement with Safetech Innovations for advanced critical security incident investigation are as follows:

  1. Contact us by filling in the form below or call us on +40 21 3160565, available on working days in Romania between 9:00 a.m. and 6:00 p.m., communicating the following:
    • Client name, client representative identification, contact details for further communication
    • Summary description of the current situation, the affected location(s), the requested purpose of the Safetech investigations, the requested coverage area.
  1. We will perform a quick assessment of the situation and send you a Statement of Work document (SoW, technical and commercial specification of the proposed advanced security analysis service).
  1. You will verify and accept in writing the terms of this SoW. You will provide us with the access and means of communication necessary for our services.
  1. We will immediately begin the analysis according to the SoW, promptly sending you results and recommendations during our work. Upon completion of the investigation, Safetech consultants will submit a detailed report that provides recommendations on how to improve the security posture, a timeline of events pertaining to the reported incident and a detailed analysis thereof.
ics detect