What exactly happened and how did it happen? Our consultants will work with you to analyse the available data to identify the root cause.
Please note that this service is a single module that can be delivered on its own for clients who want this specific piece of work. However, it is included as standard as part of the Incident Response Team Service.
You've been breached but how, what was the original attack vector?
Just like Service: Breach Impact Assessment, the first step is to understand the sophistication of the attack and the various attack vectors which have been used to understand the likelihood of data exfiltration occurring, through the standard Tactics Techniques and Procedures (TTP) normally associated with the type of attack.
Where possible, the likely threat actors are identified to understand the motivation and likely outcomes.
Root Cause Analysis projects the attack backwards in order to ascertain how the attack occurred.
As well as the TTP for the evident attack, logs will be analysed in an attempt to verify the source of the attack back to its origins.