What is incident response?

Incident response is an organization’s approach to addressing cyberattacks and cybersecurity incidents. The goal of incident response is to contain and minimize damages caused by a breach and to reduce recovery time and costs.

What is an incident response plan?

An incident response plan is an organization’s predetermined plan for addressing a cyberattack. It should include a list of incident response team members with roles and responsibilities as well as tools and technologies, steps to detect and identify cyberattacks, steps to contain and minimize damage (including reputational damage) and for recovery.

What are the steps of an incident response plan?

There are six key phases of an incident response plan: 1. Preparation: Preparing users and security staff to handle potential incidents. 2. Identification: Determining whether an event qualifies as a security incident. 3. Containment: Limiting the damage of the incident and isolating affected systems to prevent further damage. 4. Eradication: Finding the root cause of the incident and removing affected systems from the production environment. 5. Recovery: Ensuring no threat remains and permitting affected systems back into the production environment. 6. Lessons learned: Completing incident documentation, performing analysis to learn from the incident and potentially improving future response efforts.

Incident Response from BlackBerry

BlackBerry Security Services Incident Response

We can help you resolve cyber incidents.

The best outcomes following a cybersecurity incident occur when organizations have current and comprehensive incident response plans and an incident response consultancy they can trust in place before an incident.

Incident Response

BlackBerry® Security Services can enhance your incident handling and response capabilities, while supporting the development of efficient and robust processes to minimize the impact of any breach. We provide answers to the questions you have so you can protect your environment during the current attack as well as defend it against future attacks.

How did the attacker get into your environment?
How did they laterally move within your environment
What was the timeframe of the attack?
What systems and/or data did they access?

What were their actions and objectives?
Did any data exfiltration occur?
How can you minimize the risk of a future attack?

Digital Forensic Services

The BlackBerry Security Services team performs a wide variety of Digital Forensic/Incident Response (DFIR) services for our Clients. We have a world-class forensic laboratory that we use to securely and efficiently process your forensic matters.

Pre-breach, during a breach or post-breach, the BlackBerry Security Services Digital Forensics/Incident Response team will work with you to quickly secure the chain of evidence and process your data and devices. We also provide data recovery and media analysis services.

BlackBerry Incident Response Retainer

The worst time to find an Incident Response provider is when you are dealing with an Incident. Act now to lock-in access to our Incident Response Experts, and achieve peace of mind.

When you have an incident response retainer with BlackBerry, you get the benefit of reduced rates, service level agreements and guaranteed availability. BlackBerry Security Services offers four levels of Incident Response Retainer with varying levels of prepaid hours to suit your needs and budget.

BlackBerry Security Services Incident Response

We can help you resolve cyber incidents.

Incident Response

Digital Forensic Services

BlackBerry Incident Response Retainer

Business Email Compromise

Corporate

Developers

Blog

Legal

Languages