SYMANTEC™ CYBER SECURITY:
INCIDENT RESPONSE DATA SHEET
KEY FEATURES
Symantec Global Intelligence to
Identify Threat Trends and Targeted
Campaigns
u
u
Every organization operates under the threat of a major security incident. The
ever-evolving threat landscape is populated with skilled, highly motivated, wellarmed adversaries focused on overcoming your defenses and achieving their
objectives. Stealth, evasion, misdirection, and multi-pronged attacks are just a
few of the strategies used by attackers to challenge and stretch the capabilities
of your security team to their limits.
u
u
When security incidents occur, response teams face immense pressure to outmaneuver
and defeat skilled opponents while also juggling the needs of stakeholders including
the organization’s management, employees, customers, and legal teams. It is
essential when responding to incidents that you respond quickly, appropriately, and
effectively in order to minimize the damage to your brand, intellectual property, and
other organizational interests. Simply put, failure is not an option.
u
Advanced Threats Require
Advanced Response
Organizations rely on Symantec’s Incident Response Service to help them
prepare, respond and recover from incidents. We combine our own expertise
in threat intelligence and incident response with strategic partnerships with
leading global incident response firms to deliver the full breadth of capabilities
you need to redress critical incidents.
If you are currently experiencing an
incident and need a response please contact:
[email protected], or call (855) 378 0073
Incident Scope and Impact Analysis
and Counteraction
Documentation of Response Actions
and Recommended Post-Incident
Improvements
Post-Incident Technical and
Management Briefings
KEY BENEFITS
Expert-level Incident Response from
the Trusted Global Leader in Security
u
u
u
u
u
Proportionate. Informed. Complete.
The specific approach used to respond to each incident depends on a number
of factors: The size and nature of the incident, legal, regulatory, and industry
requirements; and management goals and objectives are all considered when
developing specific response strategies. Symantec draws from deep skills and
years of experience to help you resolve incidents, return to normal operations, and
prevent incident recurrence while minimizing the impact on your organization.
Advanced Malware Analysis
Reduced Downtime
Documented Incident Reports
Improved Response Coordination
with Internal and External Resources
Actionable Recommendations to
Avoid Incident Recurrence
Vol. 1.0
May 1, 2014
Go.symantec.com/incidentresponse
Copyright ©2014 Symantec Corporation. All rights reserved. Symantec, the Symantec logo are U.S. registered trademarks of Symantec Corporation.
SYMANTEC™ CYBER SECURITY: INCIDENT RESPONSE DATA SHEET
We work with you through
the following:
Assessing and defining the
parameters
Establish a baseline understanding of
the current facts of the incident and
your objectives for response activities.
The product of this step is the initial
plan of action that will guide subsequent
activities.
INCIDENT RESPONSE FRAMEWORK
Process
Stages
Scope
Collecting and analyzing the data
Symantec follows forensically sound
procedures to collect, preserve, and
analyze evidence. In accordance with
your objectives, our incident responders
use a variety of techniques including
log analysis, network and systems
forensics, advanced malware analysis,
and security intelligence to determine
the root cause, timeline, and full extent
of the incident.
Correlation with Security Intelligence
Symantec’s Global Intelligence Network
is made up of approximately 41.5
million attack sensors and records
thousands of events per second. This
network monitors threat activity in over
157 countries and territories through
a combination of Symantec products
and services such as Symantec Cyber
Security: DeepSight Early Warning
System, Symantec Cyber Security:
Managed Security Services and Norton™
consumer products, and other thirdparty data sources.
Advanced Malware Analysis
Especially in cases involving advanced
attackers or targeted attacks, it is not
uncommon to discover the use of highly
customized malware as part of the
Symantec World Headquarters
World Headquarters
350 Ellis Street
Mountain View, CA 94043
United States
Phone: +1 (650) 527 8000
Specialty
Areas
Detection
& Analysis
Containment,
Eradication,
& Recovery
Post-Incident
Activities
Preventative &
Detective Controls
Event Monitoring
& Analysis
Evidence Collection
& Analysis
Incident Reporting
& Lessons Learned
IR Plans &
Team Training
Triage & Document
Incident
Incident Scope &
Containment Strategy
Remedial Actions
IR Technologies
& Partners
Incident Notification
Mitigation, Recovery,
& Verification
Evidence Archival
Preparation
Security Intelligence | Advanced Threat Protection | Advanced Malware Analysis | Global Operations
attacker’s tools and tactics. In these
cases, Symantec incident responders
leverage our security research centers to
provide unparalleled advanced malware
analysis.
Providing executive and
management support
Symantec will work closely with
your organization’s management to
achieve established incident response
objectives, help facilitate PR activities,
and communicate clearly during every
step of the investigation, empowering
your executives to make the right
business decisions related to response
actions.
Remediating the incident
Symantec will provide you with a detailed
remediation plan that addresses each
aspect of the incident, then assist with
the implementation.
Reporting and assisting
with litigation
Following the conclusion of response
activities, Symantec will provide you a
full report of the response investigation
complete with all recommendations
and proposals for avoidance of future
incidents from observed on-site issues
and behaviors. This report package
will include executive and board-level
summaries of our investigation’s findings
and recommendations. If requested,
Symantec Partners will provide litigation
support for the incident in accordance
with your organization’s executive
direction and the requirements of
insurers or regulators. .