Fast threat detection & remediation

Incident Response

What happened, how it happened & How to resolve it

Our team will perform a comprehensive forensic and log analysis to identify what happened, how it happened and the best course of action to resolve the breach. We will work with your organisation and any incident response procedures that are in place to provide assistance (Annual IR retainer options available).

Forensic & Log Analysis

Our team will perform a comprehensive forensic and log analysis to identify what happened, and how it happened.

INCIDENT RESPONSE RETAINER

Enable your business to access the technical resources required to respond to a breach in an agreed timeframe.

TIMELINE based reports

All findings are documented in a timeline-based report, detailing all findings and recommended remediation actions.

SIEM Integration

We use industry-leading siem software to detect & Analyse threats

Our team has extensive experience with a wide array of industry-leading SIEM platforms and are ready to assist you with everything from a brand new implementation through to specific use case integrations.

WHAT IS A SIEM?

A SIEM (Security Information and Event Management) service centralises logs within an environment for both security monitoring & incident response purposes.

IMPLEMENTATION

We will design and implement an effective SIEM tailored to your business.

MATURING YOUR SIEM

We will identify key areas to mature the detection capabilities effectiveness of your SIEM.

case studies

problem
solution
impact
product used
testimonial
The Problem

EVENTS AND LOGS are not monitored to detect attack

While most businesses have numerous security controls in place, the events and logs from these sources are not centralised, correlated or monitored to detect various stages of a cyber-attack.
The Solution

Alchemy identify critical assets and design a SIEM

Alchemy worked with key stakeholders to identify business critical assets, information and processes. Using this information a SIEM was designed and implemented to centralise logs and events while enabling the business to proactively correlate and identify threats within all tiers of their environment.

The Impact

effective identification & Defence against attack

This gave the business granular visibility across their environment, enabling them to proactively identify and defend their business against advanced attacks.

Product Used

Splunk was used to mature defensive capabilities

Splunk is still considered the industry standard SIEM product on the market, we have utilised the flexibility of this product across a wide range of customers to dramatically mature the defensive capabilities of our customers.

Testimonial

They UnderstooD emerging tecHnology and threats

AlchemySec is my go-to Cyber Security Consultancy, Every. Time. They are quick to answer an email for the “easy” questions, or give you the detail you need to convey an issue to a client. Having worked in both the Enterprise space, as well as the Small-to-Medium business, they understand what you are trying to achieve and knows how to get the job done. I can’t recommend them highly enough.

How It Works

Our Unique Process We Developed Over 10 years.

Alchemy Security Consulting Pty Ltd provides a broad range of security assessment services to assist our customers in identifying vulnerabilities and maturing their defensive capabilities.

scoping

The scope will define the objectives, constraints, scheduling and reporting requirements for the assessment.

assessment execution

We will execute the assessment in line with the agreed scope.

reporting

All findings will be documented in a risk prioritised report detailing all findings and recommended actions.

remediation testing

A retest of key findings is performed to validate that remediation actions by the customer have successfully mitigated identified vulnerabilities without introducing further vulnerabilities or risks.

The Benefits

List all the benefits

Both SIEM and incident response processes prepare and enable your business to detect, mitigate and eradicate threats both proactively and reactively.

IDENTIFY THREATS

A well implemented SIEM allows you to proactively detect and defend against cyber attacks.

LIMIT THE IMPACT

Performing incident response allows us to identify & limit the impact of a cyber attack against your business.

RETURN ON INVESTMENT

A SIEM will identify what security controls are providing the most value to your business. Allowing you to more strategically mature your defensive capabilities.

PEACE OF MIND

An incident response retainer gives your business the peace of mind that should an incident occur, we have the resources available to quickly react and reduce the impact.

Frequently Asked Questions

Still got questions? Contact us
contact us
What is incident response?
This reactive service allows a business to identify the extent of a breach, respond appropriately to eradicate a threat actor as well as report on the extent of the breach. 

Further to that it also gives an opportunity for the business look at lessons learnt to mature their internal incident response procedures.
What is a SIEM (Security Information and Event Management)?
A SIEM platform allows you to centralise all of your security information and events. Gathering all relevant logs from within your environment and implementing monitoring strategies to alert and report on threats within your environment.
How long does it take to complete an incident response engagement?
Incident response assessments vary in time depending on the motives and capabilities of the threat actor. Generally these engagements involve a minimum of 5 days of hands on time, followed by 2-4 weeks of monitoring to ensure the threat actor has been eradicated.
What is an incident response retainer?
By engaging our Incident Response services on a retainer you can ensure that in the case of a breach, we are prepared with resources on hand to respond appropriately and protect your business. 

Our retainers are tailored to your requirements and allow you to maximise the return on investment by allowing you to utilise your retainer to consume other services through us such as penetration testing or architecture reviews.

It’s free to chat

Send us a message and we will be in touch as soon as possible. And it’s free to chat

Recent Post

Detecting and defending against advanced persistent threats utilizing the latest in industry-leading tools and techniques to strengthen and mature the security posture.

Please Sign Here - Why NTLM Relaying Is Still a Risk in 2021

The Windows Name Resolution Flow You may be under the impression that turning host names into IP addresses is simple. You check:  The Hosts file; then  Your system’s DNS (Domain Name System) resolver  That’s it right? If you don’t get a response from your local file or DNS, then the system doesn’t exist. Well, no; the name resolution flow in Windows looks something like this:  Well, that’s a […]

Read More

The benefits of Red Teaming

Red teaming is not a new concept within the cyber security community. However in Australia, Red Teaming is a relatively new term for most organisations. In this blog post we'll take a dive into: What differentiates a Red Team engagement from a Penetration Test. Why you shouldn't consider a red team engagement (You totally should.) […]

Read More

Stealing Password Reset Tokens for Fun and Profit

When adding a “Password Reset” function to your application it is especially important to ensure this has the same security considerations as any other critical function within the application. Due to the nature of resetting a user’s password, along with many security considerations being overlooked, it is not uncommon for attackers to spend extra time […]

Read More

MITRE ATT&CK Framework Primer

The MITRE ATT&CK framework is an incredibly powerful framework that organisations can utilise to improve their cyber security capabilities.

Read More