Incident Response During Coronavirus
While the Coronavirus pandemic continues to strike chaos across the global economies, threat actors keep on launching cyberattacks on organizations from all sizes and verticals.

IR providers face a unique challenge when approached by these organizations since, due to the Coronavirus mass quarantine, conducting incident response engagements by arriving physically to the customers' offices is impossible.

Cynet 360, a tool of choice for a number of IR providers (offered to IR providers for free), enables responders to compensate on the lack of physical access with the ability to conduct a full IR operation remotely (learn more here) by seamless and rapid remote deployment, complete visibility into the attacked organization's environment, automated threat detection, and integrated MDR services.

Attackers always seek easy opportunities, and it's no wonder many threat actors take advantage of the current mayhem of the Coronavirus pandemic to increase their attacks' volume. As the need for 3rd party increases, IR providers need to consider how to best handle the new situation in which physical access to the customer's premises is inaccessible.

"Incident response almost always starts with an independent investigation," says Eyal Gruner, CEO, and co-founder of Cynet, "it's very rare that the victim knows exactly what is broken. Actually, engaging the IR provider in the first place means that someone in the security team has a clear indication that something is wrong but not much beyond that – they need the IR expert to make it concrete."

Gruner explains that in order to reach this certainty, the responder should gain a bird's eye view into the attacked organization's IT environment – host activity, file execution, user logins, and network traffic.

Having this perspective enables the IR expert to spot suspicious parts and gradually zoom in to unveil the infected entities. The Coronavirus quarantine introduces a significant difficulty here.

'Most to all incident responders would choose to conduct this investigation on site,' says Gruner, 'it's much easier to gather what you need from the IT and security systems in place. IR guys face a real problem now. Cynet 360 can be extremely useful here'.

IR providers are long using Cynet 360, taking advantage of its unique usage model in which incident responders can use it with no charge for IR operations. As it turns out, Cynet 360 capabilities make it an ideal tool for fully remote IR:

  • Seamless and rapid remote deployment across thousands of endpoints in minutes
incident response tools
  • Immediate visibility into all user, network and process activities withing the monitored environments
incident response
  • Ability to serve as a distribution platform to any open source IR tool
  • Automated detection of active threats
  • MDR services as an integrated part of the offering

Both active IR service providers, as well as MSPs, or integrators that seek to enter the growing IR services market, can make use of Cynet 360 to provide their customers with remote IR operations without compromising quality.

Learn more about Cynet 360 for Remote IR here.

Found this article interesting? This article is a contributed piece from one of our valued partners. Follow us on Twitter and LinkedIn to read more exclusive content we post.