Incident Response & Forensics
NTT Security, through NTT Communications, has immediate response capabilities in Australia. If you are currently experiencing a security incident and need immediate assistance, contact us.
NTT Security's incident responders are certified, experienced security experts who understand the need to identify, contain, and mitigate the impact of a security breach as quickly, thoroughly, and efficiently as possible.
All incident response and forensics services delivered by NTT Security's consulting team are backed by the Security Engineering and Research Team (SERT) and leverage NTT Security’s R&D investment in proprietary, purpose-built analysis, and investigation tools.
Proactive Incident Response
Proactive Incident response services include prior planning, integration of NTT Security and client incident response teams, and testing of the incident response plan. In the event of an incident, response teams allow for quick identification and containment, and preserves important forensic evidence about the attack to aid law enforcement if appropriate.
Proactive Incident Response service provides:
- Pre-established legal and engagement agreements
- Priority Service Level Agreements for incident response
- Remote and/or on-site incident responders
- Advanced log and malware analysis using proprietary, purpose-built tools
- Evidentiary grade digital forensics
On-Demand Incident Response
Early detection and response is the key to protecting critical assets and your response needs to be swift when an attack happens. In the unfortunate event of an incident, NTT Security, through NTT Communications, provide on-demand incident response teams to quickly help you manage and contain damage.
On-demand Incident Response provides:
- Immediate responses to assist your organisation get back up and running as quickly as possible
- A team of cybersecurity analysts and incident responders when you most need them
- A breach remediation plan based on the nature and scope of the attack
In a Compromise Assessment engagement, NTT Security's security experts will use their Global Threat Intelligence Platform (GTIP) to identify any indicators of compromise (IOC) in your environment and a comparative analysis to identify non-IOC specific anomalous behavior.
In a Compromise Assessment engagement, our security experts will:
- Identify internet egress points, critical servers and endpoints
- Implement and configure analysis tools
- Identify any IOCs, including malware artifacts or network traffic activity
- Report any red-flag indicators
The only thing worse than discovering your environment has been compromised, is, once contained, not thoroughly analysing the compromise. It is vital that responders identify the full scope, impact, and root cause to remediate the compromise.
In a remediation and verification engagement NTT Security's security experts will:
- Work with incident responders and client IT staff
- Identify and document all impacted networks, applications and systems
- Build a plan for restoration, rebuild and validation
- Perform a security architecture and design review
Incident Response Planning
Technical expertise, trained personnel, and the ability to act quickly is required to minimise the impact of a security incident. Faster detection means the scope of the incident can be identified, the damage contained and swift remediation instigated.
Incident Response Planning and Preparation service provides:
- Integration between your staff and NTT Security incident responders
- Third-party incident response plan validation
- Static incident simulation and plan walk-through
- Effectiveness testing of your security controls, logging and alerting
- Priority SLA for incident response
Incident Response Plan Assessment & Validation
Knowing what to do in the event of an incident can reduce the duration and mitigate the impact of an attack. NTT Communications and NTT Security improves cyber breach responses, preventing the spread, and minimising the impact of an incident. We assess incident response plans and procedures, and test their effectiveness and execution by working closely with your existing incident response team. This provides you with an efficient and effective response to future security incidents.