On this page
We can support your organisation with the containment, preservation, investigation, remediation and recovery efforts required to get you operational after a security incident. We can also support your organisation in assessing whether there is any evidence of a historic compromise, or work with you to provide ongoing assurance via our retainer or compromise evaluation services regardless of where you are in your cyber security journey. Our experts have undertaken investigations across a range of industry verticals throughout NZ and AU and will work closely with your key internal and external stakeholders.
Incident Response (IR)
Managing and responding to a security incident can be challenging, and engaging expertise early-on is advisable. Incidents can vary from Business Email Compromises (BEC) impacting a limited number of staff, through to ransomware affecting an entire network and causing significant business disruption.
We will work with your IT team (internal or external) to preserve relevant data sources and use this data to inform how the incident occurred and what actions were taken by the threat actor. Our findings will help you make decisions about your next steps, and if in doubt, we can also provide guidance on who to seek advice from. For further information about NZ and AU obligations as it pertains to a privacy breach, please refer to the New Zealand’s Office of the Privacy Commissioner (OPC) website https://www.privacy.org.nz and for Australia, please refer to the Office of the Australian Information Commissioner (OAIC) website https://www.oaic.gov.au/.
We have extensive experience with cyber insurers across NZ and Australia and understand their requirements when breach response, containment, remediation and recovery efforts are warranted.
These days, user’s activity rarely exists on a single device, and the amount of data to sift through can be tremendous. Digital Forensic tools and techniques are often required to fully understand what occurred and provide answers.
Investigation opportunities can be limited if preservation of data activities are overlooked or mishandled, which is why our Digital Forensics practitioners ensure we preserve data at the earliest opportunity, particularly any data that is volatile or set to expire. We can preserve evidence overtly or covertly, depending on your requirements, and can assist with a variety of situations such as intellectual property theft or computer misuse. We have expertise with presenting at NZ courts, should you require Expert Witness support.
When a security incident leads to data exfiltration, or access to sensitive information, it is often necessary to undertake an eDiscovery exercise to understand what further risks the exposed dataset creates for your organisation. For example, the exposure of individual’s sensitive information, account credentials or organisational policies and security practices, can have quite different impacts on your business, or potentially lead to further compromise if the actor can leverage this information. With our expertise, we can help you discover what ongoing risk exposure you may face.
A DFIR retainer with Bastion ensures you can secure capability and expertise from DFIR practitioners when you most need it, as well as having ongoing support throughout the retainer’s lifecycle to ensure both organisations remain attuned. Bastion’s expertise and understanding of NZ Government and business sectors is unrivalled, with consultants skilled in a range of areas, ready to provide support as needed.
Your DFIR retainer journey with us starts with a workshop to understand your environment, security controls, tools, and escalation processes. Here we help identify any potential roadblocks to address before a potential incident. We also recommend further workshops with significant stakeholders such as: IT or managed security service providers, cyber insurer and legal counsel (if applicable).
In the case of an incident, escalating to Bastion’s DFIR team is a simple process providing you with 24/7 support. Our practiced DFIR professionals will assess the situation, determine the appropriate next steps which could include triaging logs, reviewing artifacts from a compromised system, reviewing detections from your EDR console, containment or remediation advice, or escalating the issue and provisioning additional support. Our additional support could include, but is not limited to:
- Incident coordination including internal/external stakeholder management
- Crisis communications
- Ad-hoc managed security services
- Security testing
- Remediation/recovery engineers
If you are worried about the health of a system or your entire network, Bastion offers compromise evaluation services to provide you assurance as to whether your systems or entire network is free from compromise. Our consultants will leverage their internal tooling and threat hunting expertise to determine whether any evidence of prior, or active and current, compromise exists, as well as addressing any pertinent hygiene issues they identify. At the end of the compromise evaluation period, Bastion will provide an assessment report outlining our findings and recommendations.