Incident Response types
The following types of Incident Response options are available for request:
Service | Description |
Points |
---|---|---|
Incident Response Support | Incident Response for assistance in case of a security incident. The FortiGuard Incident Response team will set up a scoping call leading to definition and delivery of a plan of action associated to number of a service points. |
1 |
Incident Response Readiness Assessment |
This Incident Response Option is a custom-tailored evaluation of an organization’s current security posture and incident response plan. The Fortinet Incident Response Readiness Assessment is designed and delivered by the Fortinet Incident Response Proactive Team built using real-world experiences and industry standard best practices. The assessment is organized into six domains that each incorporate people, processes, and technology. The assessment will incorporate a mixture of document review and stakeholder input through workshops that will help to identify additional areas of improvement.
|
10 |
Incident Response Playbook Development |
This Incident Response Option provides assistance to the Customer in the development of a step-by-step playbook to be used in the event of an impactful cybersecurity incident on its network based on the most likely incidents. This playbook is meant to help Customer’s security analysts to handle a security incident from detection through eradication and recovery and may be part of an organization’s larger incident response plan. Some of the current probable events may include:
The plan of action and associate number of Service Points are based on a scoping call. |
1 |
Cyber Security Tabletop Exercise |
This Service Option assists the Customer in testing its incident response plan and identifying security gaps in tools or processes. The Cyber Security Tabletop Exercises are designed and delivered by the Fortinet Incident Response Team and leverages their experience and expertise handling Incident Response engagements such as:
Cyber Security Tabletop Exercises are then separated into several incident scenarios and then verbally discussed during a roundtable discussion to enhance the Customer’s understanding of actions to be taken, and by whom they are performed under its incident response plan. At the end of this exercise, a report will be provided that includes policy recommendations based on the discuss held during the exercise. The plan of action and associate number of Service Points are based on a scoping call. |
1 |
Security Operations Center (SOC) Assessment |
This Service Option is a custom-tailored evaluation of an organization’s current security operations center. The Fortinet Security Operations Center Assessment is designed and delivered by the Fortinet Incident Response Proactive Team built using real-world experiences and industry standard best practices. The SOC Assessment is organized in four areas of focus that each incorporate people, processes, and technology. The assessment will incorporate a mixture of document review and stakeholder input via workshops that will help to identify additional areas of improvement. Focus Areas:
|
20 |
Ransomware Readiness Assessment |
This Incident Response Option is designed to help organizations gain greater visibility and understanding of their current risks to a ransomware attack. The Fortinet Ransomware Readiness Assessment is designed and delivered by the Fortinet Incident Response Proactive Team built using real-world experiences and industry standard best practices. The assessment focuses on the implementation and management of incident response cybersecurity practices specific to known ransomware attacks. This includes the TTPs of known ransomware as well as common issues and forensic evidence from across ransomware incidents investigated by the FortiGuard Incident Response team. Each assessment provides guidance on the approach to cybersecurity incident response maturity. Focus Areas:
|
10 |
Compromise Assessment |
This Incident Response Option is designed to identify hidden but active cyber threats in our customers’ enterprise environment. It provides detailed threat hunting in Client infrastructure to discover the anomalies that could be signs of a past or ongoing compromise. This allows to identify past breach attempts and incidents, ongoing and/or undetected attack activities, including threat removal and provides advice and prevention plans to avoid future incidents. The Compromise Assessment ('CA') is conducted by the Fortinet Incident Response Proactive Team and can be combined with automated detection tools and further threat intelligence to create a clear view of the actual threats in the network and what needs to be done to ensure attacks are not repeated. The CA provides organizations with a clear and decisive answer to the question, “are we breached?”. It provides all the information needed in case there is a compromise. What makes FortiGuard IR team powerful is the independent of other third-party tools, especially on the collection phase. 99% of the used software are developed by Fortinet. The below list mentions the products that may be used during a CA engagement:
The plan of action and associate number of Service Points are based on a scoping call. |
1 |
Active Directory Security Assessment |
This Incident Response Option provides a third-party, objective, review of the security posture of an Active Directory ('AD') installation. It helps to identify critical issues and areas of the highest concern. It also provides the organization a means for tracking the continuing improvement and maturity of the Active Directory security posture. The Service is organized in five areas of focus that each incorporate people, processes, and technology. Each of the areas consists of a number of maturity practices that are used to assess the AD installations security and fit for purpose within the larger business mission, current threats, and capacity to evolve efficiently over time. Focus Areas:
The plan of action and associate number of Service Points are based on a scoping call. |
1 |
Vulnerability Assessments |
This Service is designed to identify known vulnerabilities within information systems or services. With this assessment, you’ll understand the known vulnerabilities within your organization’s internal and external networks and applications. Our experts use various automated tools and manual techniques to systematically examine your environment to determine the effectiveness of your current security measures, identify security gaps, and provide data to help you predict how impactful the safeguards you have in place today will be in the future. After the technical phases of the assessment are completed, our team prepares a report, sharing the potential issues found during the assessment along with recommended remediation procedures. As a result, it’s easy for your team to prioritize remediation efforts according to identified severity levels of Critical, High, Medium, or Low—following the Common Vulnerability Scoring System (CVSS) standard—and the overall risk each vulnerability represents to the organization.
|
1 |
Penetration Test |
This Service is a specialized assessment our team conducts on networks, systems, and applications to identify unknown vulnerabilities that an adversary could exploit. Penetration testing mimics real-world attacks to pinpoint potential ways that threat actors might impact the confidentiality, integrity, or availability of your networks, systems, and applications. When conducting a penetration test, our team of experts uses various tools and techniques commonly utilized by attackers to detect vulnerabilities and test the resilience of your organization’s network.
|
1 |
More information about each Incident Response option is available in the Service Points description available in the Customer Service portal at https://support.fortinet.com/Information/DocumentList.aspx.