Security Incidents

Whenever a detection is categorized as a real security threat, the following occurs:

  1. A security incident is registered internally for that customer.
  2. The IRON responder assigns itself to the case.
  3. A quick analysis is done on the detection and escalated in case necessary.
  4. The customer is notified of the security incident details, impact, host and Plan of Action.
  5. Mitigation actions are applied to the endpoint via remote incident response.
  6. Customer is kept up-to-date with the status of the incident.
  7. Incident is closed and summary report provided to the customer.
← Day to Day Operations