PwC Cyber Emergency package includes both Threat Intelligence services and CSIRT (Computer Security Incident Response Team) assistance. Our work aims to provide the insight of a Threat Intelligence approach and the expert resources to deal with security incident response through our CSIRT.
Our Threat Intelligence services help organisations gather the information required to anticipate and identify threats concerning them or the industry in which they operate. This approach consists in collecting external data in order to analyse and transform it into useful information. We monitor relevant sources including the deep and dark web to search for traces of data breaches, hacking attempts or other indicators of compromise which concern you. It allows us to quickly detect data breaches and alert your organisation. You will get a notification when a breach or critical vulnerability is detected and, if necessary, our CSIRT will deliver enhanced and rapid incident response capabilities.
Our CSIRT services help you accelerate the incident response. Our experts assist you in the identification of incidents, scoping, containment, remediation and recovery. The team can lead the overall incident response process in both a reactive or proactive Threat Hunting mode. Since each breach has a unique scope and consequences, we tailor our incident response process to match with your business operations constraints and sensitive assets integrity. When required, our team appropriately handles digital evidence and follows strict standards to perform comprehensive forensics investigations. We can then determine the incident root causes and document the kill chain.
In order to keep pace with the market, organisations must interconnect and expose systems that process more and more data. The amount of data, its variety and the infrastructure needed to manage it, require a great deal of effort towards security controls. Moreover, new mobility-based models, such as cloud solutions, contribute to blurring the system perimeter, making its protection increasingly complex. The challenge is not to know if you have exposed data but rather which of your data is exposed and how it can impact your company.
Our Cyber Emergency services help you tackle such challenges by answering essential questions:
Do you have the intelligence needed to inform your cyber security operations and strategy?
Have you been the victim of a data leak?
Have you been targeted by an advanced cyberattack?
Is there a critical vulnerability affecting components of your infrastructure?
Do you know how to react to an IT security incident?
Have you noticed suspicious activity on your network?
Do you have an emergency recovery plan?
Do you need to conduct a digital investigation?
Our Cyber Emergency portfolio includes the following range of services:
You will receive a monthly report, which summarises the trends in the field of cybersecurity. They can then be used to monitor and manage security threats inside your organisation. The goal is to allow you to find meaningful actionable information about the potential threats in your sector and align your strategy accordingly.
Client outcome: monthly report
We monitor the deep web (i.e. pasties, forums) and dark web (i.e. TOR, black markets, leaks) to search for traces of data breaches, hacking attempts or other indicators of compromise which concern you. Our keyword-based monitoring tools allow us to detect traces of all kinds (e.g. leaked emails/passwords/private messages, compromised IPs/domains, etc.), and to find indications of cyber threats targeting your organisation. We set up alerts based on detected data, allowing you to quickly make effective and educated decisions.
Client outcome: email alert when a breach is detected
We set up a wide list of potential typosquatting domains along with you, then use our own monitoring tool which runs several times a day. This tool alerts on potential typosquatted domains, allowing us to investigate promptly and detect threats such as identity theft or phishing attacks. Our tool has already proved its worth by detecting malicious lookalike domains, enabling us to quickly warn the clients who, in turn, took the required measures to mitigate the social engineering attempts.
Client outcome: emergency email alert when a typosquatting attempt is detected
You will receive a notification if we identify a new critical vulnerability that may affect perimeter components. We prepare a technical analysis (impact/probability) in order to quicken your decision making. We also provide all the online resources needed to correctly address the problem. We collect information from a wide variety of sources: RSS feeds, Twitter, official websites (e.g. changelogs, security advisories), specialised websites (e.g. exploits, CVEs etc.) and other CERTs websites.
Client outcome: email alert when a critical vulnerability is detected
Our offer includes incident handling and post-mortem analysis. Our experts assist you in the identification of incidents, scoping, containment, remediation and recovery. The team can lead the overall incident response process in both a reactive or proactive Threat Hunting mode. When required, our team engages in forensics analysis with respect to standards and proper chain of custody. In addition, we can also help you define precise playbooks and generally get prepared for cyber incident response.
Client outcome: operational support and expertise during incident handling, detailed reports (timeline, kill chain)
Threat Intelligence & CSIRT Leader, PwC Luxembourg
Tel: +352 62133 43 55