The FINANCIAL — Dell SecureWorks, consistently recognized by industry analysts as a leading provider for cybersecurity services, on October 5 announced a new on-demand Emergency Cyber Incident Response (ECIR) capability for clients deploying assets on Amazon Web Services (AWS).
The new offering from Dell SecureWorks is in response to the growing enterprise adoption of production workloads on AWS and the customer demand for on-demand incident response solutions that are optimized for the dynamic and agile operating environment of the cloud, according to Dell.
Designed and refined through collaboration with AWS, Dell SecureWorks’ Emergency Cyber Incident Response helps organizations investigate cyber incidents affecting their assets deployed on the AWS Cloud. Though cloud infrastructure does not change the fundamentals of incident response and digital forensics, cloud infrastructure requires modifications to the process for efficient and effective containment, mitigation, data collection, and analysis within the cloud. For example, AWS provides unique methods to contain compromised instances and credentials, mitigate propagation of threats, snapshot and collect data, and quickly stand up resources for analysis. As a result, Dell SecureWorks has codified these techniques in order to perform highly efficient and scalable cyber incident response investigations.
“Our Incident Response team is comprised of an elite group of individuals with backgrounds in cyber investigations, technical analysis, research, and crisis management spanning national, military, and organizational Computer Security Incident Response Teams (CSIRTs), as well as law enforcement agencies,” said Jeffrey Carpenter, director of the Incident Response and Digital Forensics practice at Dell SecureWorks.
Since 2008, Dell SecureWorks has offered an Incident Management Retainer that expedites responses to cyber incidents. Within four hours of receiving an incident report from a retainer client (which may be conveniently reported via the Dell SecureWorks IR Hotline or online Client Portal), the Dell SecureWorks Incident Response team initiates remote response support and takes action on a mutually defined scope of tasks. If necessary, incident responders can be onsite within 36 hours for locations within the U.S. and UK and in transit within 48 hours for other international locations. As an added benefit, retainer hours may also be used for response plan reviews, testing exercises, and a wide variety of other Incident Management services at any time during the term of the contract.
Since 2005, Dell SecureWorks’ expertise in incident response has been recognized by the following industry and government organizations:
Accepted as a member of the Forum of Incident Response and Security Teams (FIRST);
Approved by the Payment Card Industry (PCI) Security Standards Council (SSC) as a PCI Forensic Investigator (PFI);
Accredited by the Government Communications Headquarters (GCHQ) Communications-Electronics Security Group (CESG) and the Centre for Protection of National Infrastructure (CPNI) as a Cyber Incident Response (CIR) scheme provider; and,
Accredited by the National Security Agency/Information Assurance Directorate (NSA/IAD) as a Cyber Incident Response Assistance (CIRA) service provider under the NSA/IAD National Security Cyber Assistance Program (NSCAP).
“We are honored to complement the expertise of the AWS Security Team by providing resources to clients that need additional investigative support,” said Carpenter. “As more organizations deploy production applications and business critical data in cloud computing environments, it is critical that they protect these assets as much as they protect information hosted onsite.”