Symantec’s Incident Response Retainer Service reduces the time between detection and resolution. We can turn your incident response plan into a proactive program that improves incident response times, lowers response costs, improves overall response effectiveness, and implements a continuous improvement process that leverages lessons learned from past incidents to improve your overall security effectiveness. Response costs often surpass the costs to proactively create and implement an incident response program, especially if you consider the direct correlation between the time to respond and the overall cost of the incident.
Incident Readiness Assessment
Assess your existing ability to respond to security incidents and provide recommendations to shrink the time between incident detection and resolution, and ultimately reduce the probability and severity of future incidents.
Specialized Service Management
Receive personalized care with your assigned Service Manager. The Service Manager is assigned based on market segment and organization size so we can most effectively leverage our vertical expertise when helping you through the triage and response process.
Emerging Threat Reports
Stay informed of the threat landscape and assess how your security posture may be impacted with our Emerging Threat Reports.
While every incident has unique vectors and attack methodologies, the way in which your company needs to proceed may be governed by compliance regulations and laws. Avoid contract negotiation in the middle of an incident and shift to become more proactive and programmatic in your response program.
Pre-Paid Incident Investigation
Stay agile and be ready for the next attack. When outside assistance is needed we offer pre-paid fly-to-site and remote incident support. Pre-paid time may be reallocated and used for other Readiness Services such as Incident Response Plan Assessments, Incident Response Training, Tabletop Exercises, and Advanced Persistent Threat hunting.
Three Incident Retainer offering levels
Alternate Readiness Services
Incident Response Plan Assessment
Symantec will examine your current incident response plan across strategic, operational and tactical angles to identify where, if any, actual or potential gaps exist. This is accomplished through a series of questionnaires, workshops, and interviews over a three or four week period, and a three or four day onsite review. An assessment report with recommended actions is presented at the end of the onsite visit.
Incident Response Tabletop Exercises
Symantec will use a tabletop exercise to test and refine your incident response plan and process. The tabletop exercise is performed onsite with your key stakeholders to talk through your incident response plan without the need to actually deploy equipment or resources. After the exercise, a debriefing will occur to review findings and create a plan for improving your incident response process.
Incident Response Training
Symantec will provide tailored incident response training to assist you in the initial identification and containment of security incidents. Training topics may include security awareness, current security trends, data handling, volatile data collection, or other relevant areas.
Advanced Threat Hunting
Using proprietary hunting methodology and technologies, Symantec will search your network to attempt to uncover the presence of compromises and threat activity previously unidentified in your environment. We will provide you with a better understanding of potential exposures that may have been uncovered and review recommendations for containment and eradication.