Incident Response
What is Incident Response?

Incident response is a service that requires urgent response from threat response experts when a security incident or attack occurs. The goal of incident response is to handle cyber security incidents efficiently and effectively. Efforts are made to minimize damage and reduce recovery time and costs, and to learn from the incident to proactively prepare measures to prevent similar incidents in the future.

S2W's global threat analysis group, Talon, operates an incident response center to proactively respond to the recent surge in ransomware and various cyber attacks. S2W, as an official partner of Interpol, has contributed to the actual arrest of ransomware organizations that have caused significant domestic and international damage, such as Clop, GandCrab, and Sodinokibi, and continues to support many affected companies and institutions.

Additionally, Talon is an organization comprised of analysts from the National Police Agency, Financial Security Institute, Korea Financial Telecommunications & Clearings Institute, and Korea Internet & Security Agency. With years of expertise and experience gained through incident investigations, Talon supports smooth incident investigations and post-recovery. If you suspect an incident or have been breached, please request help immediately. We will respond promptly.

Process
  • service-1
    01
    Incident Investigation Request Reception

    Assign investigator and deploy to the site (within 1 day of request)

  • service-2
    02
    Initial Analysis of the Incident

    Identification and collection of malware, identification of the attack group, provision of information on the attack techniques of the identified group, etc.

  • service-3
    03
    Confirmation of the Incident Damage Status

    Check and track whether the data of the affected company is being leaked and sold on the deep/dark web

  • service-4
    04
    Confirmation of Intrusion Path

    Support for removing vulnerabilities used for intrusion, identification of additional affected devices not identified in the initial analysis

  • service-5
    05
    Creation of Detection Policies for Attacker Tools and Malware

    Support for comprehensive search and removal of attacker tools and malware

  • service-6
    06
    Removal of Residual Attacker Tools and Malware

    Support for identification and removal of additional attacker tools and malware not previously discovered

  • service-7
    07
    Defense Against Similar Attacks Through Attacker Profiling

    Provide methodologies that can detect unidentified attacks based on the intelligence of the attacker's previous attack techniques

  • service-8
    08
    Prevention of Additional Intrusions

    Provide proactive defense methods against additional intrusion attempts by attackers

Request Incident Response

Please select all the difficulties your company is currently experiencing.*

Please elaborate your inquiry in detail*

All information provided will be governed by S2W's privacy policy.
Please see our Privacy Policy regarding detailed terms and conditions.