Incident response
Incident response advisory from the customer side of the bridge, before, during, and after an incident.
What we deliver
- Incident response retainer
A named contact, an agreed customer-side response time, and a monthly cadence call between incidents.
- Tabletop exercises
Scenario-based dry runs for your leadership and IT team, with a written action list afterwards.
- Post-incident review
Root cause, which control stopped the incident, and what we change now.
- Board and regulator communications
NSM reporting, NIS2 notification obligations, and customer letters during an active incident.
- Coordination with CrowdStrike Falcon Complete
Local escalation contact in Norwegian during an active case, while Falcon Complete runs the bridge.
- Forensics support with external DFIR
We coordinate with an external DFIR firm when the case needs full investigation, and hold the customer side together.
How we deliver this service
- In a project
A tabletop exercise or a post-incident review with a defined deliverable and a final report.
- In a role at the customer
An incident response retainer with a named contact and an agreed response time over twelve months.
- As part of a service
Included in the Secured by FM CyberSecurity bundle for organisations up to ~100 employees.
The platform we offer
Recent insights on Incident response
- What a SOC is, and when you need your own
A plain-English guide to what a Security Operations Centre really does, what one costs to run, and why most Norwegian SMBs should rent rather than build.
- What SIEM is, and when an SMB needs one
Most Norwegian SMBs do not need a standalone SIEM. Here is when you do, when your EDR already covers it, and what to do next.
- EDR and antivirus, what the difference is, and what you need
Antivirus names a known bad file. EDR shows what the attacker did next. Against modern attacks you need the second answer.