Incident Response Service

Incident Response Service (INRS) helps customers combat cyber attacks and crime. This security tool helps respond quickly to potential malicious attacks that can lead to service disruptions. Verizon INRS is a combination of proactive services designed to prevent incidents before they occur and fast response reactive services after an incident occurs.

• Proactive Services. Verizon proactive INRS consist of onsite consulting, strategic planning, security audits, policy reviews, vulnerability assessments, security advisories and training. This service works to prevent a harmful incident from occurring.
• Reactive Services. Verizon reactive INRS consists of telephone and onsite support for responding to malicious events such as Denial of Services (DoS) attacks, virus, worm, and Trojan horse infections, illegal inside activities, espionage, and compromise of sensitive internal Agency databases.

• INRS Proactive. INRS Proactive service begins with an in-depth vulnerability evaluation of the critical program, procedural, process and technical areas. Following the completion of the assessment, Verizon implements a four-phased methodology:
  • Phase 1. Identify and define the security requirements by reviewing the organization, policy, network and application to help understand business drivers and compliance to determine security requirements.
  • Phase 2. Review of program, policy and procedures, network architecture, application architecture, organizational structure and interviews with key staff.
  • Phase 3. Identify vulnerabilities through comprehensive scanning, penetration tests, and application and host assessments.
  • Phase 4. Develop a strategic response plan based on security shortfalls and analysis.
• INRS Reactive. Verizon provides a state-of-the-art, 24x7 incident response and evidentiary forensic service providing lifecycle incident and forensic management. The INRS Reactive methodology uses a set of predefined processes to thoroughly examine computer systems using software and tools to extract, preserve, and analyze evidence of computer abuse or misuse. Key steps in this process include, but are not limited to:
  • Securing the Scene. Securing technical evidence means taking control of the environment in which the suspected compromise or unauthorized access occurred.
  • Incident Definition (Scope). Onsite briefings are conducted and a chronological timeline is developed to reconstruct the security incident; identify potential suspects or groups known to target client interests; and establish a project plan and timeline with client goals and requirements.
  • Data Collection. Technical forensic methods are used to gather data for analysis. All systems containing potential evidentiary data are secured. Evidence to be acquired and searched for includes: executables, images, messages, etc., possibly linked to a malicious intruder; Internet Protocol network activity; Intrusion Detection System sensor and firewall output; Remote access device diagnostic; and event logs.
  • Data Analysis. Automated tools are used to improve the accuracy of our analyses and to increase efficiency ranging from Forensic Recovery of Evidence Data to Pattern Analysis.
  • Reporting the Findings. The incident report will provide the primary investigative findings, pertinent data discovered, evidence and recommendations. The report is written to provide a general overview of the analysis suitable for both technical and non-technical personnel.