Home / Cloud security & compliance / Compromise recovery
Cyber incident aftermath
Compromise recovery
Regain control of your IT environment after a cyber incident. Let our experts show you how to do it right.
Your organization has been hacked: Nobody wants to find themselves in this situation. But when it happens, the most important question is: What’s our next step? In this exceptional situation, it’s essential to have an experienced partner at your side. With a compromise recovery, our experts have helped numerous companies from various industries and successfully returned them to optimized, normal operations. We support you in eliminating the attackers from your systems, coordinating the reactivation of the IT landscape and restoring a productive IT environment.
Based on forensic information, we work with you to prepare the defense, cleanup and hardening of your systems. We establish contingency plans and processes and comprehensively protect critical assets such as machines, accounts and Active Directory content. Once the compromise recovery has been completed, you can get back to work and benefit from a higher level of security.
Compromise recovery phases
The following procedure has proven itself in practice:
1. Define scope
- Review the results of the investigation
- Identify business-critical data and processes
- Preliminary analysis of the Active Directory
2. Critical hardening
- Active Directory
- Defend against identity theft and lateral movement
- Command and control (C2) lockdown
- Protect privileged accounts
- Implement tiering model
3. Tactical monitoring
- Login activities of accounts
- Azure Advance Threat Protection (ATP deployment)
- Monitor critical systems such as AD
4. Rapid implementation
- Convert infrastructure step by step
- Customized password policy
- Block C2 channels
- Remove malicious code
Project process
Depending on the complexity of your IT environment and the severity of the compromise, a compromise recovery project typically takes 4 to 6 weeks. It includes the following phases:
Planning phase
2 weeks
- Assess risks
- Identify stakeholders
- Coordinate next steps
Staging phase
3 weeks
- Prepare to remove the attackers from the environment
Cleanup phase
1 week
-
Implement cleanup plan → Remove from IT environment
Optional services
Our experts are happy to help you with other tasks to set up your environment from scratch and optimize it with a focus on security. This includes, for example:
- Server cleanup incl. restore from backup, hardening and reinstallation
- Setting up management systems such as backup, monitoring, antivirus, software distribution
- Implementing additional security services such as advanced threat protection, endpoint security, identity and access management
- Setting up administrative AD forests
- Implementing one-way trust
- General infrastructure services (firewall, hypervisor, storage, network)
- Azure and Microsoft 365 services
- AWS services
Contact us
Do you need help recovering from your compromise?
Our experts will get back to you as soon as possible.