Security Incident Response Services

Steps To Take

SO, YOU THINK YOU HAVE BEEN HACKED?

Depending on your own personal level of technical familiarity, you may be able to see subtle signs of system compromise:

Considerable, unexpected performance degradation.
A marked increase in disk activity that is not attributable to typical activities (like Windows Update, scheduled AV scans, etc…)
Bizarre/Unexpected errors or dialog boxes that are unfamiliar. Especially if presented while performing familiar tasks.

WHAT SHOULD YOU DO IF YOU SUSPECT A BREACH OR A HACK?

Unless the continued operation of this computer is vitally critical to ongoing business, it should be disconnected from the network.
If you have reason to strongly suspect critically sensitive data is being actively copied from the computer, it is imperative to disconnect the computer from the network even if it is vitally critical to ongoing business.
Disconnecting the computer from the network can include:
a. Disconnecting any network Ethernet cables.
b. Disabling any WiFi, Bluetooth, or cellular radios (preferably with a physical switch, if available)
DO NOT power down the computer unless it is otherwise infeasible to disconnect it from the network. There may be critical, ephemeral data relevant to a suspected compromise that may be lost.
Contact our Incident Response Team at 1-844-711-4225 for further assistance.

How It Works

WHAT HAPPENS WHEN I CALL BULLETPROOF AT 1-844-711-4225?

Step 1: Understanding You and Your Situation

As mentioned earlier this is a serious service for companies who truly feel they have been breached so the initial part of your call will be to determine a few things about you and your situation.

Step 2: Authorization and Commitment

Once we determine that this is a security incident we need to make sure you have the authority to engage your company in a service agreement with Bulletproof.

If you are not an existing customer of Bulletproof we require a minimum engagement fee of $1000, prior to starting work on your case. This fee provides for the initial assessment, triage and scoping. If the engagement will take more than 5 hours to complete, we will provide an estimate for the next phase of the engagement.

Step 3: We Get to Work

After we get through these formalities we will engage a Security Analyst and they will start working on your incident. The analyst will attempt to resolve your issue as quickly as possible and will communicate continuously with you throughout this process. If your incident cannot be resolved immediately, the security analyst will provide you with a scope of effort and a budget required to move forward in resolving your incident.

Who Is Bulletproof?

WHO IS BULLETPROOF?

Bulletproof is a 16-year-old IT services company with SECURITY in our DNA. We offer Cyber Incident Response Security Services as well as proactive monitoring and management for our customers at our 7/24/365 Security Operations Center (SOC). We can provide service to companies of all sizes but our services are most applicable to companies with multiple computer systems or companies that deal with customer information and or valuable intellectual property.

IS BULLETPROOF RIGHT FOR MY COMPANY?

That’s a great question as we aren’t a fit for everyone. Bulletproof employs IT security Superheroes that know their stuff! But security incident response and investigation isn’t for the faint of heart, these are serious conversations and serious engagements and we need to know you are committed and believe you have a serious breach.

We provide what you would call a “corporate” service for companies of many sizes. Although its hard to put a number on how big your company needs to be to engage Bulletproof, if you are a one or two-person company with a couple of laptops we would probably encourage you to find a local IT company to help you solve your issues.

FAQs

WHY WOULD I BE TARGETED?

There are numerous reasons an organization could become a target of a coordinated attack. Direct financial incentive is typically the most likely, either through direct theft or ransomware. Other reasons include corporate espionage, including theft of trade secrets and other intellectual property.

WHAT DOES A BULLETPROOFS CYBER INCIDENT RESPONSE TEAM DO?

Once we confirm that your incident is in fact a security compromise, our team will engage and apply expert strategies and techniques that properly identify compromised systems, recover lost or locked data, provide investigation and containment of a breach, and rapidly remediate the incident. We also have experience in criminal, civil and corporate forensics investigations.

WHAT IS THE AVERAGE TIME BETWEEN COMPROMISE AND DETECTION OF THE COMPROMISE?

Approximately half a year. In fact, most organizations are made aware of a potential compromise through notification by an external party.

IS IT LIKELY THIS IS LIMITED TO A SINGLE COMPUTER?

While this does depend on the attackers’ motives, chances are it’s unlikely. An organization that is the victim of a targeted attack is likely to have multiple internally compromised resources. Unless properly identified and scoped, it’s highly likely that a partial remediation (of a single computer for instance) will only tip off a determined attacker that they’ve been noticed. A determined and skilled operation is likely to adapt and persist.