As a member of CDW’s cybersecurity incident response team, I spend much of my time working with organizations in the heat of a crisis.
Whether they’re in the middle of an active network compromise or they’ve fallen victim to a ransomware attack, my team steps into emergency situations and helps companies get back on their feet as quickly as possible. In that respect, our team is much like a battalion of firefighters.
Stories from the Trenches
Recently, I had the opportunity to work with a large manufacturing company that needed help after it experienced unusual symptoms on its network. The company’s IT team wasn’t able to shut down operations and needed to address a problem that was raging on its live systems. Everything the IT team did seemed to make the situation worse — the equivalent of throwing water on a grease fire. When we were called in to help, we discovered that there were actually two separate malware infections on the company’s network at the same time. Our incident responders quickly eradicated those infections and then helped the company secure its network. Our team worked with the company’s IT team to develop a plan to better prepare the organization for its next cybersecurity incident.
Earlier this year, my team assisted a large school district struck by a ransomware infection. The district discovered that the malware had not only taken out its primary systems, but also encrypted some backups. Fortunately, we discovered that the district also had tape backups, and we were able to use them to restore operations.
CDW Incident Response Services
CDW offers three types of incident response retainer agreements that put all of the paperwork in place to help us respond quickly when disaster strikes. Our zero-dollar retainer provides you with a toll-free number to directly access our incident response team. We are typically able to respond to those calls within four hours. Other customers prefer a paid retainer that provides them with a firm service-level agreement guaranteeing an immediate response. Many organizations find that their cybersecurity insurance covers the cost of these incident response services.
While I do spend much of my time fighting cybersecurity fires, I greatly prefer engagements where I have the opportunity to work with CDW customers in advance to help them prepare for their next incident. Organizations that have playbooks in place prior to an incident are able to respond more quickly and effectively, limiting the damage caused by an incident. We offer our customers four types of preparedness services:
- Incident response planning is our most popular service, helping organizations develop up to five customized playbooks that define their response to the cybersecurity incidents they are most likely to face.
- Readiness assessments help organizations that already have an IR plan in place test that plan to ensure they are ready to respond to an incident. Think of it as a fire drill for first responders, allowing them to hone their craft.
- Tabletop exercises combine readiness assessments with knowledge transfer, helping customers who already have playbooks verify that everyone on the team knows what they need to do and that there are no gaps in their current plan.
- Compromise assessments use threat hunting techniques to look for dormant malware on a network as well as other indicators of active or past compromises.