Report an incident

Get 24/7 incident response assistance from our global team

Talk to sales

Just fill out the form, and our representative will contact you soon.

Join the Cybercrime Fighters Club

Please review the following rules before submitting your application:

1. Our main objective is to foster a community of like-minded individuals dedicated to combatting cybercrime and who have never engaged in Blackhat activities.

2. All applications must include research or a research draft. You can find content criteria in the blog. Please provide a link to your research or research draft using the form below.

Group-IB Incident Response Retainer

One agreement for
all proactive and reactive
cybersecurity services

Get your subscription
24/7 Onsite and Remote Incident Response
APAC
+65 3159 4398
Europe
+31 20 226-90-90
MEA
+971 4 568 1785

Benefit from the best-in-class
Incident Response provider

group-ib Incident Response Retainer benefits

Shortest response time

Signed SLAs to guarantee timely service and 24/7 emergency response
group-ib Incident Response Retainer benefits

Experienced Incident Response team

Human expertise, rich data sources and unique technologies to stop the attacker and restore infrastructure in time
Incident Response Retainer Cost

Discounted rate for extra hours

Flexible terms of the Retainer and discounted rate for additional consulting services
Incident Response Retainer Service

Repurposing unused hours

A variety of proactive, reactive and educational services for repurposing prepaid hours

Agreements that fit various
budget and business needs

to minimize downtime during a cyberattack

Pre-negotiated statement of work provide with synergy of proactive and reactive services related to a security incident. Group-IB designed Incident Response Retainer agreements in different ways to fit various budget and business needs, and to minimize downtime during a cyberattack.

Term
Lite
Standard
Premium
Number of prepaid hours
Talk to sales
Talk to sales
Talk to sales
Duration
1 year
1 year
1 year
Access to 365/24/7 emergence response hotline
Incident Response Retainer benefits
Incident Response Retainer benefit
Incident Response Retainer benefit
Initial Contact SLA
Initial Contact SLA with IR retainer1 Hour
Initial Contact SLA with IR retainer30 Min
Initial Contact SLA with IR retainer15 Min
Remote Response SLA
Remote Response SLA with IR retainer4 Hours
Remote Response SLA with IR retainer2 Hours
Remote Response SLA with IR retainer1 Hour
Onsite Response SLA
Best effort
Onsite Response SLA of IRR48 Hours
Onsite Response SLA of IRR24 Hour
Named Incident Responder
Named Incident Responder
Discounted rate for additional consulting hours
Discounted rates in IRR
Discounted rates in IRR
Repurpose unused pre-paid hours for other services
Incident Response retainer benefits
Incident Response retainer benefits

Outstanding options for organizations
requiring an IRR service with the scale

Services for repurposing prepaid hours

Digital Forensics and Incident Response Lab (DFIR)

Audit and Consulting

Education & Training

Investigations

On a speed dial
with global presence

Distributed team across the world is created to provide our clients with a tailored and prompt Incident Response

incident response retainer global presence
60
countries presence
70K
hours of incident response
80+
incident response specialists over the world
18+
languages spoken by analysts
Own CERT-GIB
authorized international
Computer Emergency Response Team
incident response retainer advantage

Don’t waste a minute

Signed NDA and approved contract allows you to start response engagements immediately without any legal risks or costly delays

incident response retainer experts

Access the Top experts

Have a trusted team ready to assist as the Group-IB team already in the context of your security status and will provide you with consulting and trainings

incident response retainer advantage

Run any service

Get advantage of the wide range of proactive cybersecurity services even if the incident never happen

Get Retainer

Group-IB IR Retainer
is a choice of experts

Group-IB can check out incidents faster than other IRR service providers that operate without an EDR solution. Incident responders can detect previously unknown threats based on Group-IB’s threat intelligence and attribution ability, and proactively search for anomalies, hidden tunnels, and signs of communications with command-and-control servers..Explore the report

Tari Schreider

Aite-Novarica Group Strategic Advisor

IR Retainer that being recognized by international rating agencies:

logo gartner incident responselogo forrester incident responselogo aite-novarica incident response

Given the external threat landscape, as well as the risk of insider threats, organizations should move from being reactive to proactive in their IR preparedness. Incident Response Retainers are critical to organizations that need assistance responding to cybersecurity incidents.Learn more

Quote from: Gartner’s Market Guide for Digital Forensics and Incident Response Services where Group-IB was named a representative vendor

IR Retainer that being recognized by international rating agencies:

logo gartner incident responselogo forrester incident responselogo aite-novarica incident response

Incident Response by Group-IB at a glance

Any cyber incident,
no matter the scale or complexity

Get help from our skilled Incident Response team operating globally to ensure rapid and thorough analysis to support containment, remediation and recovery from the most destructive cyber attacks
Ransomware
Unauthorized access
Theft of data and money
Malware
Crypto currency fraud
Suspected breaches
Phishing and scam
Botnets
APT
Mobile banking frauds
Business email compromise

Adopt a tailored approach to incident response

Group-IB Incident Response combines a power of human expertise, rich data sources and unique technologies to get a first-hand understanding of intrusion tactics and malware samples used in most sophisticated cyber attacks.

Group-IB Incident Response team applies our threat intelligence capabilities to analyze the threat actor’s activities and piece together a coherent attack kill chain to restore business continuity.
Learn more about Group-IB Threat Intelligence

High-level stages of Incident Response

stages of Incident Response stages of Incident Response stages of Incident Response
Step 1 - 24/7 Monitoring and Containment
arrow_drop_down

Track every step of the adversary. Our Incident Response team leverages an in-house solution – Group-IB Managed Extended Detection and Response (MXDR) , which enables advanced protection, rapid collection of forensic data and containment of compromised hosts, as well as 24/7 monitoring and notification supported by CERT-GIB.

Step 2 - In-Depth Forensic and Malware Analysis
arrow_drop_down

Digital forensics analysis of both volatile and non-volatile data, as well as in-depth analysis of identified malware, enables the Group-IB Incident Response team to fully reconstruct the kill chain leveraged by the adversary and recommend on how to harden the infrastructure and rule out the possibility of attacks.

Step 3 - Building Remediation and Recovery Strategy
arrow_drop_down

Detailed attack lifecycle reconstruction based on in-depth digital forensics and malware analysis allows the Group-IB Incident Response team to uncover and understand the affected infrastructure’s weaknesses and detection gaps in order to build proper remediation and recovery strategy for the customer’s technical personnel.

stages of Incident Response

Track every step of the adversary. Our Incident Response team leverages an in-house solution – Group-IB Managed Extended Detection and Response (MXDR), which enables advanced protection, rapid collection of forensic data and containment of compromised hosts, as well as 24/7 monitoring and notification supported by CERT-GIB.

stages of Incident Response

Forensic analysis of both volatile and non-volatile data, as well as in-depth analysis of identified malware, enables the team to fully reconstruct the kill chain leveraged by the adversary and provide recommendations on how to harden the infrastructure and ruling out the possibility of attacks.

stages of Incident Response

Detailed attack lifecycle reconstruction based on in-depth forensic and malware analysis allows the incident response team to uncover and understand the affected infrastructure’s weaknesses and detection gaps in order to build proper remediation and recovery strategy for the customer’s technical personnel.

Experienced IR team that is
always on your side

Everyday we face the most advanced cybercriminal groups. We do know the latest tactics and techniques attackers apply as each team member has years of experience in stopping incidents of various complexity on a daily basis
Anatoly Tykushin photo
Anatoly Tykushin
Head of DFIR Lab, META

Practicing specialist in Digital Forensics, Incident Response, Compromise Assessment, Incident Response Readiness Assessment, Cyber Threat Intelligence and Threat Hunting with 4+ years of experience in the field and 100+ projects completed in different regions (META, Europe, APAC, Africa).

One agreement for
all сybersecurity services

Please fill in the form below to get your subscription for Group-IB Incident Response Retainer

Moving forward
with Group-IB Incident Response

What is Incident Response Retainer?

arrow_drop_down

Incident Response is a set of procedures and actions to prepare for, detect, stop, and recover from an information security incident.

Can you decrypt files after a ransomware attack?

arrow_drop_down

It is possible to decrypt files after a ransomware attack in rare cases only. Usually, if there are no backups it is impossible to recover the data.

What documents do you need to start the Incident response?

arrow_drop_down

We need a signed 3-way NDA (non-disclosure agreement between you, us and the partner) and issued PO (purchase order) or service engagement letter.

How do you price Group-IB Incident Response?

arrow_drop_down

Incident Response service is being priced by hours of the response engagement for each specialist involved.

What are my responsibilities during Incident Response engagement?

arrow_drop_down

We expect our clients to perform following actions:

  • Deployment of Group-IB Managed XDR appliance (if agreed to deploy)
  • Brief our IR team about the discovered incident and your infrastructure details
  • Provide our IR team with necessary access to security controls
  • IT infrastructure manipulation
  • Apply recommendations from our final report

Why should a business work with incident response professionals?

arrow_drop_down
  • Your information security team may not have all the capabilities required. If your company has been affected by an incident, it means that your own team was unable to detect and prevent the incident in time because it lacks certain necessary skills and experience to quickly and effectively tackle modern threats.
  • Your team may not have had experience with complicated attacks. Countering attacks and identifying traces of compromise requires experience gained by responding to incidents daily and knowledge of the most recent tactics, techniques and procedures used by hackers. Most in-house teams have not had the opportunity to gain the skills and experience needed.
  • You are at risk of further incidents. When the active phase of an attack starts, it means that the hackers have been inside the infrastructure anywhere from three days to three months. In that time they could have not only stolen confidential data but also created additional points of entry into your infrastructure. Retracing all their steps and preventing them from attacking you again requires professional incident response teams, solid skills, and extensive experience in digital forensics.

What are the advantages of joined-up work with Group-IB Incident response instead of relying on your own IS team only?

arrow_drop_down
  • If your team has come across an incident, you may need additional resources to quickly counter the attack and identify traces of compromise. When an incident occurs, your team is likely to have their hands full in ensuring business continuity rather than identification of the root causality of an incident.
  • It is likely that you may not have the capabilities to identify and monitor every possible threat and that it will be difficult to trace the hackers back to the initial compromised resource without help from digital forensics specialists who perform these actions daily and track the evolution of threat actors.
  • An in-house team does not always have the necessary incident response skills and experience to quickly and effectively tackle modern threats. Countering attacks and identifying traces of compromise requires extensive experience in incident response and knowledge about the most recent tactics, techniques and procedures used by attackers. It also requires the vast diversified information that has been collated with years of experience.
  • Effective incident response requires advanced skills in digital forensics and in analyzing malicious code along with not just being able to detect the compromises but to attribute them to the correct threat actors and their techniques.

What recognition does Group-IB have for its Incident Response?

arrow_drop_down

Does Group-IB Incident Response require any installations in my infrastructure?

arrow_drop_down

Our Incident Response team leverages an in-house solution – Group-IB Managed XDR, which enables advanced protection, rapid collection of forensic data and containment of compromised hosts, as well as 24/7 monitoring and notification supported by CERT-GIB.

We install EDR agents and for two weeks after responding to the incident, the CERT-GIB team will monitor the infrastructure so your IT team has time to implement our recommendations.

How many Group-IB specialists will be involved in my Incident Response case?

arrow_drop_down

While the incident is going, you will be supported by our account manager. Depending on the type of incident, we will allocate not only incident responder, but digital forensics specialist, malware analyst and a cyber threat intelligence specialist.

On average, there are 2 DFIR specialists allocated for each incident. Depends on a complexity of the incident could be up to 5 specialists.