Incident Response
Keep Your Business Safe & Secure with Blue Bastion™
Key Benefits
Blue Bastion™ has a dedicated team to help you investigate and thoroughly recover from security incidents. Blue Bastion follows a methodology that closely follows the NIST and SANS guidelines. The stages of the methodology consist of the following:
Preparation: develop and test incident response policies and procedures.
Detection and Identification: determine the type and severity of the incident and then choose the appropriate response.
Containment: limit the breadth and width of the incident.
Remediation: utilize people, processes, and tool sets to systematically remove malware from the environment.
Recovery: return to normal business operations.
Reporting: create a report that details how the incident happened, lessons learned, and controls that can be implemented to stop or limit similar events in the future
Compromise / Breach Assessments
Do you feel like you may be compromised? Are you unsure if you are compromised? Did you recently have an event, or breach but are unsure if the threat was completely eradicated?
Compromise or Breach Assessments are there to conduct a threat hunt across your business assets and determine if there are any adversarial footholds in your environment that could be leveraged to conduct another attack.
Incident Response Forensics Services
While there are many ways to discover the answers to these questions, the most reliable approach is to conduct a forensic analysis. During a forensic analysis, we will acquire images or triage data from affected endpoints. We will use the information gathered to thoroughly investigate the incident and provide as many answers as possible, to help you better understand how the incident occurred and what can be done to prevent such an incident from happening in the future.
You may not always be able to obtain all the answers in every scenario, but you can get a better understanding of what went wrong, when and how the event occurred, and what your next steps as an organization should be.
During an Incident, you may have questions such as:
What was patient zero?
How did the threat actor get an initial foothold?
What all machine(s) were affected?
What was the timeline of events?
When did this Incident begin?
Was any data exfiltrated?
Infrastructure Incident Response Services
Are you in the middle of a breach? Do you have an Incident Response Team asking your organization to take on more than they can handle?
We are here to assist!
Restoration of services across a wide variety of items
Rebuilding infrastructure from scratch
Migrating your current workloads to a more secure, or segregated place such as a cloud, back on premise, or hybrid solution
We have a team of infrastructure experts ready to help assist or take over infrastructure-related tasks during an Incident Response scenario.
There are more capabilities beyond just assisting with infrastructure such as assisting with, augmenting, or running point on:
Disaster recovery
EDR / Endpoint Agent deployment
Incident Response Tabletop Exercises
Blue Bastion’s blended adversary emulation teams work with your business, IT, and security teams to better understand your risk profile and security capabilities. This information is utilized to create tabletop incident response scenarios tailored to your organization. Blue Bastion’s teams make the tabletops a learning experience, not a scare tactic.
Triage Agent / Collection Tool Deployment
Forensics triage toolset deployment
Forensics triage toolset data collection
Forensics Triage toolset data analysis
Forensics Triage toolset report
Purple Team Services (Blended Threat Services)
Blue Bastion’s blue team members and offensive security teams work together on both sides of the security fence to help ensure that your defenses are solid. These simulations demonstrate how the blue team would react in a real-world scenario, walking through each phase of an attack while simultaneously highlighting the effectiveness of your existing security efforts. These exercises help us identify limitations of services and areas for improvement, fine-tuning your current solutions for better performance and high fidelity alerting.