1. /
  2. Managed Services Incident Response
Incident Response
Advanced Threats Require Advanced Incident Response to Help Recover Quickly.
There are many security solutions out there that all address pieces of the vulnerability puzzle, but no single technology that can keep an organization 100 percent safe. It’s not a question of if you will be attacked and suffer a breach, but when and to what extent. Whether it becomes a traumatic event or an anticipated exercise is up to you and your organization’s planning for cyber resilience.
That’s where SymantecTM Incident Response can help. There are proactive and reactive needs, distinct and unique for every organization in terms of incident response.
Our emergency response services provide remote and on-site investigation to help organizations mitigate their impact and quickly restore business as usual. Because every incident is different in vector, scope, and impact, with unique legal, regulatory, and industry requirements, it’s vital to engage a trusted leader in security to help respond and tailor the appropriate response strategy.

Key Benefits

  • Plan and prepare the impact of an incident
  • Address threats, vulnerabilities, virus outbreaks, and incidents
  • Reduce the time between discovery and remediation
  • Deliver timely and measured response with minimal business disruption
  • Support executives with guidance on both internal and external response
  • Execute remediation plans to prevent recurrence
Symantec draws from deep skills and years of experience to help you resolve your incident, return to normal operations, and prevent incident recurrence while minimizing the operational impact. Our investigators will provide management support and communications, empowering your executives to make the right business decisions related to response actions.
Symantec follows generally accepted forensic procedures to collect, preserve, and analyze evidence. In accordance with your objectives, Symantec uses a variety of techniques including log analysis, network and systems forensics, advanced malware analysis, and security intelligence to determine the root cause, timeline, and extent of the incident.
Following the conclusion of response activities, Symantec will provide you a comprehensive report of the response investigation complete with all recommendations and proposals for avoidance of future incidents from observed on-site issues and behaviors, including executive and board-level summaries of our investigation’s findings and recommendations.


Symantec’s Incident Response Retainer Service reduces the time between detection and resolution. We can turn your incident response plan into a proactive program that improves incident response times, lowers response costs, improves overall response effectiveness, and implements a continuous improvement process that leverages lessons learned from past incidents to improve your overall security effectiveness. Response costs often surpass the costs to proactively create and implement an incident response program, especially if you consider the direct correlation between the time to respond and the overall cost of the incident.

Key Features

Incident Readiness Assessment
Assess your existing ability to respond to security incidents and provide recommendations to shrink the time between incident detection and resolution, and ultimately reduce the probability and severity of future incidents.
Specialized Service Management
Receive personalized care with your assigned Service Manager. The Service Manager is assigned based on market segment and organization size so we can most effectively leverage our vertical expertise when helping you through the triage and response process.
Emerging Threat Reports
Stay informed of the threat landscape and assess how your security posture may be impacted with our Emerging Threat Reports.
Pre-Negotiated Terms
While every incident has unique vectors and attack methodologies, the way in which your company needs to proceed may be governed by compliance regulations and laws. Avoid contract negotiation in the middle of an incident and shift to become more proactive and programmatic in your response program.
Pre-Paid Incident Investigation
Stay agile and be ready for the next attack. When outside assistance is needed we offer pre-paid fly-to-site and remote incident support. Pre-paid time may be reallocated and used for other Readiness Services such as Incident Response Plan Assessments, Incident Response Training, Tabletop Exercises, and Advanced Persistent Threat hunting.

Three Incident Retainer offering levels

Alternate Readiness Services

Incident Response Plan Assessment
Symantec will examine your current incident response plan across strategic, operational and tactical angles to identify where, if any, actual or potential gaps exist. This is accomplished through a series of questionnaires, workshops, and interviews over a three or four week period, and a three or four day onsite review. An assessment report with recommended actions is presented at the end of the onsite visit.
Incident Response Tabletop Exercises
Symantec will use a tabletop exercise to test and refine your incident response plan and process. The tabletop exercise is performed onsite with your key stakeholders to talk through your incident response plan without the need to actually deploy equipment or resources. After the exercise, a debriefing will occur to review findings and create a plan for improving your incident response process.
Incident Response Training
Symantec will provide tailored incident response training to assist you in the initial identification and containment of security incidents. Training topics may include security awareness, current security trends, data handling, volatile data collection, or other relevant areas.
Advanced Threat Hunting
Using proprietary hunting methodology and technologies, Symantec will search your network to attempt to uncover the presence of compromises and threat activity previously unidentified in your environment. We will provide you with a better understanding of potential exposures that may have been uncovered and review recommendations for containment and eradication.