You’ve been hacked or maybe you’re not sure. The next steps you take will be vital! The RACK911 Labs Incident Response Team is on standby to help contain, identify and help recover from security incidents.

Incident Response Process

Respond

Respond

As soon as we have access to the compromised server, we begin the process of preserving data and most importantly all system logs. It’s important that we have a rough understanding of what was going on leading up to the incident and what has occurred afterwards.

Access is immediately locked down to prevent further damage. In most cases, we even disable remote access and require connection over a secure KVM/IP or VPN. It’s imperative that while we are performing our forensic audit that nothing further changes.

Containment

Containment

Access is immediately locked down to prevent further damage. In most cases, we even disable remote access and require connection over a secure KVM/IP or VPN. It’s imperative that while we are performing our forensic audit that nothing further changes.

Once the server has been locked down, we begin the painstaking process of identifying who, what, where and when. The ultimate goal is to pinpoint exactly where the intrusion occurred and what data has been compromised.

Recover

Recover

If data loss has occurred, we can assist in restoring from local or offsite backups. Should there be malware embedded into websites located on the server, we have the expertise to clean those files and get everything running back to normal.

A final check is performed of the server to ensure that no hidden backdoors have been left behind or even reintroduced from restoring backups. It’s not uncommon for old backups to contain backdoors or various malware which can lead to another security incident.

Remediation

Remediation

Our team will discuss their findings and give an assessment on the state of security for your server. There’s always room for improvement and we will certainly outline any shortcomings and most importantly, what changes we recommend to prevent further security incidents.

Internet security is a 24/7 job and RACK911 Labs offers several proactive approaches to keeping your server(s) and infrastructure secure. Everything from on demand penetration testing to ongoing server management.

Hacked? Not Sure?

Fill out the form below and our Incident Response Team will get back to you ASAP!