Portcullis firmly believes that effective incident response isn’t just about having a technical capability, it is about working with the client to understand their situation, their requirements, their internal capability and delivering a bespoke solution that provides exactly what the client needs, when they need it. This includes working with the business to manage the corporate risk as well as addressing the technical issues.
In an information security landscape full of stories regarding state-sponsored espionage and high-end criminal activities, it is very easy to leap to the conclusion that each and every incident involves a serious, professional attacker. Such a threat actor could be at the centre of an incident, but it is far from certain. Portcullis proactively tries to avoid making assumptions about who is at the centre of an attack, keeps a range of options open and works based on what is actually known. Working from what is known, the assigned consultants can undertake a logical sequence of works to understand what is really happening and then to eradicate the threat. Portcullis has the capability to handle the largest of incidents, instigated by the most professional of attackers, but is equally adept at handling a smaller incident.
Portcullis was very pleased that CREST values these same virtues under the CSIR scheme. Throughout the application process it was clear that CREST really want to understand that a security organisation can take their client through a controlled, organised, well managed project. As a consultancy, Portcullis appreciates that the CREST CSIR scheme provides the ability to be innovative, responsive and deliver tailored solutions to our clients. It would be easy for a scheme such as this to be mandatory in approach, but this is not the case. The focus is on a high level of management and clear communication with the client, but there is significant freedom in the underlying engagement to deliver what the circumstances demand.
Incident response is just one of a number of services Portcullis offers in this space. There is much that can be done in advance of an incident to either improve security or to make responding to a potential incident quicker and easier. Portcullis is also able to conduct cyber security health checks to provide assurance that networks have retained their integrity or otherwise; valuable information in a world where many attackers wish to subtly exfiltrate data over an extended period.
Come and join Portcullis’ own Linkedin group, The Portcullis Arms.