Embed Size (px)
DESCRIPTION
Rapid Response Retainer Service Overview. Why Verizon Rapid Response Retainer?. Computer security incidents continue to rise Sensitive data breaches, corporate espionage, malware, hacktivism Internal and external threats No company or industry is immune to being attacked - PowerPoint PPT Presentation
Citation preview
Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement.
Rapid Response RetainerService Overview
Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement. 2
Why Verizon Rapid Response Retainer?
• Computer security incidents continue to rise– Sensitive data breaches, corporate espionage, malware, hacktivism– Internal and external threats– No company or industry is immune to being attacked
• Not a matter of “if” but “when” you will have a computer security incident– How prepared are you?
• Benefits of the Rapid Response Retainer:– Trusted relationship established upfront – prior to an incident– Quick to engage: Contract already in place when you need us in an emergency– Guaranteed response SLAs, worldwide– Discounted hourly rates (vs. non-Retainer customers)– Ability to leverage Network-based Intelligence from the global Internet backbone
• No other forensic vendor offers this capability!
Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement. 3
• Forensic Investigations• Malware Analysis• PCI Investigations (PFI)• Mobile Forensics• Electronic Data Recovery and
Destruction• eDiscovery and Litigation
Support• Network Intelligence
RISK Team Services
Reactive Services
Verizon RISK team has investigated 8 of the world’s 10 largest data breaches!*
• Incident Response Plan Development
• First Responder’s Training• Mock Incident Exercises• Industrial Control Systems
Cybersecurity Assessments• IDS 2.0 and Netflow Analysis• Watchlist Matching• Incident Analytics
Proactive Services
*Source: http://www.idtheftcenter.com/
Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement. 4
RISK Team – Global Reach
Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement. 5
Rapid Response Retainer
• 24 or 48-hour investigator “in-transit” response• North / South America, Europe/Middle East, Asia-PacificRapid Response SLA
• Multiple escalation channels• Dedicated Investigative Liaisons• Phone support until investigator arrives onsite
Phone Response SLA
• IR Policy Review and “Gap” Analysis• IR First Responder’s Training• E-Discovery Policy Review and Training
Upfront Discovery
• Access to Verizon’s Risk Intelligence Portal• Weekly Intelligence Summaries, monthly Risk Briefings,
whitepapers, Hot-or-Hype analysis, etc.Security Intelligence
Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement. 6
Triggering the Retainer
Phone / remote support provided until investigator arrives onsite
Incident Occurs
Customer Calls Retainer Hotline
Engagement Letter / Scope Objectives
Investigator(s) In-Transit
On-Site Delivery Commences
Forensic Investigation and Documentation of
Findings
Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement. 7
Retainer Engagement Letter
Engagement Letter:
- Defines scope and objectives
- Obtains customer’s authorization
- Ensures accountability
- Filled out by a member of the Verizon RISK team after initial escalation call
- Customer signs and returns to Verizon
Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement. 8
Retainer Onboarding Process
Escalation Channels Engagement Process Investigative Liaisons Authorized Customer POC’s RRR Email Distro Risk Intel Portal
Incident Reviews / Trigger Points Netflow / CIP Schedule Upfront Discovery
o IR Plan Gap Analysiso First Responder’s Training
Current IR Capabilities
Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement. 9
First Responder’s Training Topics
Current State of Security
Incident Response
Fundamentals
Evidence Handling / Chain of Custody
Volatile Data Collection /
Analysis
Forensic Imaging
Techniques
Basic Forensic Analysis
Malware Analysis for
First Responders
IR Mock Incident / Table-
Top Exercise
E-Discovery Training
Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement. 10
Rapid Response RetainerAnnual SLA Pricing
Response SLA DescriptionAnnual Fee (per region)
24-hour SLA The SLA guarantees an investigator will be in-transit to any location within North America, South America, EMEA, or APAC within 24 hours.
£18K
48-hour SLA The SLA guarantees an investigator will be in-transit to any location within North America, South America, EMEA, or APAC within 48 hours.
£15K
The SLA program components are designed to help Customer enhance their ability to respond to incidents through: 1) quick response from Verizon’s Investigative Response team; 2) built in IR policy review and IR training through Upfront Discovery; and 3) access to Verizon’s Risk Intelligence.
Additional Option
Description Annual Fee
NetFlow Option Verizon collects NetFlow data – from Verizon’s backbone – associated with Customer’s external IP address space, and maintains it for 30 days on a rolling basis. To be used as additional evidence source in investigations.
£7K
Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement. 11
Rapid Response RetainerIR Hours Pricing
T&M (pay-as-you-go)
Flat rate @
£200/hour
Upfront
Flat rate @
£175/hour
OPTION #1: Hours may be purchased on a T&M basis, whereby hours will be invoiced on a monthly basis, for services delivered in the month preceding. If Customer does not trigger the Retainer, hours are not billed.
OPTION #2: Hours are purchased in a block, invoiced upfront. Unused hours will roll over if the SLA is renewed.
Flexible Use: IR hours may be used for any RISK team services
IR hours are used during engagements for which Customer triggers the Retainer service.
Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement.
Questions?
