ConnectWise Incident Response Service: Expert Help for Security Incidents
Incident Response Service
When a worst-case security incident strikes, expert
help is ready—24/7!
“It’s not a question of if, but when.”
•
Assume a serious security
incident is inevitable
•
Lack ability to develop incident
response plan for every client
•
Lack incident response expertise
and experience
•
Security incidents increase stress
on staff stress
•
Rushed decisions have resulted in
costly missteps
•
Lack incident response tools
•
Hindered visibility and
understanding of the incident,
slowing down resolution
•
Fire-drills pulls limited resources
away from other important
business activities
Voice of the Partner
Sometimes we need an expert backup!
ConnectWise Incident Response Service
•
Direct access to expert incident response analysts, 24/7
•
Real-time management and guidance to contain and remediate worst-
case incidents
•
Recovery procedures will determine extent of compromise
•
Gain insights on IR processes, attacker tactics, and how to better
defend clients
•
Your force multiplier — an extra set of hands armed with advanced
tools and analytics
•
30 days post-incident monitoring of environment for re-infections
Speedy
Remediation
Offset
Staffing
Costs
Be Prepared for
the Inevitable
Retainer-based
•
Pre-paid for a defined block of hours
purchased at a discounted rate
•
Guarantees the fastest response times
under a Service Level Objective (SLO) –
2 hours
•
Includes an ‘Incident Readiness’
onboarding process
“On Demand”
•
A contractual agreement guaranteeing
a specified hourly rate prior to work
occurring on an incident that falls
outside of existing SOC incident support
•
Allows IR activities to begin unhindered
with charges applied after engaging
ConnectWise IR Team (4 hour SLO)
Rapid Response — Flexible Service Options
Incident Response in Action — An Extension of Your Team
1.
Security incident at client site initiates Partner incident response (IR) processes. Severity of incident requires expert assistance.
2.
Partner makes outreach to ConnectWise Incident Response Service team via a.) phone or b.) form on web page or c.) if existing ConnectWise SOC customer, ticket in Security
Portal.
3.
Partner works with dedicated IR lead to assess and triage incident using various best practices, processes, real-time guidance and deployment of tools into environment as needed.
4.
Incident is contained and remediated.
5.
Recovery and review of incident, extent of compromise and summary analysis report
FAQ
FAQs
What is the Scope of Services?
•
Remote Services (at launch) with plans to offer On-Site Services at a future date
•
24x7 Phone and Email access for assistance
•
Call-back Service Level Objective (SLO) 2-hours for retainer-based service; 4-hours
for on-demand
•
Emerging threat reports
•
Incident Investigation
•
Analysis of pertinent data / logs
•
Operation of tools to collect network/ log data
•
Malware analysis and reverse
•
Client personnel discussions
•
Incident timeline analysis
•
Written reports and presentations
FAQs
What is Out of Scope for IR Services?
•
Regulated services that require a certification or a license
•
Forensic data collection from:
•
Mobile phones, mobile operating systems, tablets or e-readers
•
Litigation Support Services
•
Depositions, fact witness testimony, expert witness testimony, affidavits, declarations, expert reports
•
Responding to discovery requests, subpoenas
•
eDiscovery services
•
Other forms of litigation support or participation in any legal proceeding relating to the subject
matter of the engagement (including those involving a governmental entity)
FAQs
What are the Partner Requirements for IR Services?
•
Partner is not required to have any pre-existing ConnectWise product solutions
•
Can be sold as a stand-alone offering
•
Highly recommended that partner has managed SOC services
•
Partner must identify and provide the names for Authorized Personnel and other Incident
Response resources
•
Partner must ensure that ConnectWise IR Services has access to the following:
•
Materials and resources related to the business and technical environment
•
Software design documentation, current design diagrams, and other information required to deliver
the Service
•
Access to all operating systems and network and computing environments necessary to complete the
Service (e.g.; user accounts for relevant applications, list of relevant IP addresses, URLs and any
means for user authentication)
FAQs
What is the initial communication process?
•
Partner will have access to a 24x7 phone number to contact the Incident
Response delivery team to request incident response assistance (“Incident
Response Assistance Call”)
•
Partner may also contact the Incident Response delivery team 24x7 by email at
irservices@connectwise.com
•
For On-Demand Emergency Services, partner will submit a webform form
questionnaire that will be then be routed for initial discussion and contract
execution
FAQs
What products are used for the IR Services?
•
ConnectWise will use different strategies and methodologies to complete the
Services depending on the nature of the incident
•
The IR Services team will have access to use several software tools, utilities and
platforms in order to assess, contain & remediate issues during the course of an
incident
•
Such tools may include a combination of existing ConnectWise product offerings,
enterprise cyber incident response tools & open-source solutions
Title Slide - Dark
ConnectWise Incident Response Service offers expert assistance 24/7 for handling worst-case security incidents. Gain direct access to incident response analysts, real-time management, recovery procedures, insights on attacker tactics, and post-incident monitoring. Choose from flexible service options like retainer-based or on-demand for rapid response and efficient remediation. Be prepared for inevitable security incidents with ConnectWise at your side.
Download Presentation
Please find below an Image/Link to download the presentation.
The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author. Download presentation by click this link. If you encounter any issues during the download, it is possible that the publisher has removed the file from their server.
E N D
Presentation Transcript
Incident Response Service When a worst-case security incident strikes, expert help is ready 24/7!
Voice of the Partner Assume a serious security incident is inevitable Lack ability to develop incident response plan for every client Lack incident response expertise and experience Security incidents increase stress on staff stress Rushed decisions have resulted in costly missteps Lack incident response tools Hindered visibility and understanding of the incident, slowing down resolution Fire-drills pulls limited resources away from other important business activities Sometimes we need an expert backup!
ConnectWise Incident Response Service Direct access to expert incident response analysts, 24/7 Real-time management and guidance to contain and remediate worst- case incidents Recovery procedures will determine extent of compromise Gain insights on IR processes, attacker tactics, and how to better defend clients Your force multiplier an extra set of hands armed with advanced tools and analytics 30 days post-incident monitoring of environment for re-infections Speedy Remediation Offset Staffing Costs Be Prepared for the Inevitable
Rapid Response Flexible Service Options Retainer-based On Demand Pre-paid for a defined block of hours purchased at a discounted rate Guarantees the fastest response times under a Service Level Objective (SLO) 2 hours Includes an Incident Readiness onboarding process A contractual agreement guaranteeing a specified hourly rate prior to work occurring on an incident that falls outside of existing SOC incident support Allows IR activities to begin unhindered with charges applied after engaging ConnectWise IR Team (4 hour SLO)
Incident Response in Action An Extension of Your Team 1. Security incident at client site initiates Partner incident response (IR) processes. Severity of incident requires expert assistance. 2. Partner makes outreach to ConnectWise Incident Response Service team via a.) phone or b.) form on web page or c.) if existing ConnectWise SOC customer, ticket in Security Portal. 3. Partner works with dedicated IR lead to assess and triage incident using various best practices, processes, real-time guidance and deployment of tools into environment as needed. 4. Incident is contained and remediated. 5. Recovery and review of incident, extent of compromise and summary analysis report
FAQs What is the Scope of Services? Remote Services (at launch) with plans to offer On-Site Services at a future date 24x7 Phone and Email access for assistance Call-back Service Level Objective (SLO) 2-hours for retainer-based service; 4-hours for on-demand Emerging threat reports Incident Investigation Analysis of pertinent data / logs Operation of tools to collect network/ log data Malware analysis and reverse Client personnel discussions Incident timeline analysis Written reports and presentations
FAQs What is Out of Scope for IR Services? Regulated services that require a certification or a license Forensic data collection from: Mobile phones, mobile operating systems, tablets or e-readers Litigation Support Services Depositions, fact witness testimony, expert witness testimony, affidavits, declarations, expert reports Responding to discovery requests, subpoenas eDiscovery services Other forms of litigation support or participation in any legal proceeding relating to the subject matter of the engagement (including those involving a governmental entity)
FAQs What are the Partner Requirements for IR Services? Partner is not required to have any pre-existing ConnectWise product solutions Can be sold as a stand-alone offering Highly recommended that partner has managed SOC services Partner must identify and provide the names for Authorized Personnel and other Incident Response resources Partner must ensure that ConnectWise IR Services has access to the following: Materials and resources related to the business and technical environment Software design documentation, current design diagrams, and other information required to deliver the Service Access to all operating systems and network and computing environments necessary to complete the Service (e.g.; user accounts for relevant applications, list of relevant IP addresses, URLs and any means for user authentication)
FAQs What is the initial communication process? Partner will have access to a 24x7 phone number to contact the Incident Response delivery team to request incident response assistance ( Incident Response Assistance Call ) Partner may also contact the Incident Response delivery team 24x7 by email at irservices@connectwise.com For On-Demand Emergency Services, partner will submit a webform form questionnaire that will be then be routed for initial discussion and contract execution
FAQs What products are used for the IR Services? ConnectWise will use different strategies and methodologies to complete the Services depending on the nature of the incident The IR Services team will have access to use several software tools, utilities and platforms in order to assess, contain & remediate issues during the course of an incident Such tools may include a combination of existing ConnectWise product offerings, enterprise cyber incident response tools & open-source solutions
