A security incident can occur even if you're prepared and your employees are trained. When a cyberattack occurs, it is of central importance that you react immediately and purposefully.

Our security specialists will help you prepare for a cyber attack. During an attack, you can also count on the support of our team for Digital Forensics and Incident Response (DFIR) . We make sure that no valuable time is lost and that your company suffers as little damage as possible.

Contact the Incident Response Team!

Have you been hacked? We are available 24/7 to assist you.

+41 31 511 37 51

For companies only. Guaranteed availability with prior written agreement.

Incident response team – you're not alone in an cyber emergency

Our specialists for Digital Forensics and Incident Response (DFIR) support you around the clock in containing and analyzing cyber incidents, especially in the event of a ransomware attack, and in restoring your business operations.

Our incident response team has all the expertise that is required (technology, regulatory provisions, etc.) and is constantly in contact with the authorities and other IR teams.
We ensure a structured process and level heads.

  • Guaranteed availability and on-site presence (up to 24/7 if required)
  • Formulation and implementation of immediate measures for containing the incident
  • Coordination of the activities and parties: support in formulating the communication measures and ensuring compliance with legal and regulatory notification obligations, preparation of bases for decision making, contact with the authorities
  • Technical analysis of the incident
  • Support in restoring ICT systems and business operations
  • Documentation and summary of findings (debriefing, lessons learned, final report)
  • Support with optimised preparation at the technical and organisational levels

Member of FIRST

Our Cyber Security Incident Response Team (Redguard-CSIRT) is now officially part of the international FIRST community. FIRST brings together incident response and security teams from all countries around the world to ensure a secure Internet for all and limit the damage of security incidents.

Service Plans

All Models, Availability – 24x7: Guaranteed response times during 7 days a week and on public holidays. Acceptance of new incidents 24x7.

Service Plan
Contractual Response Time (after initial report)
Included Additional Services
Rapid Response
On Demand
(24x7)
  • No contract costs
  • Start of Intervention: Best Effort
  • On-Site Intervention: Best Effort
 
Rapid Response Standard
(24x7)
  • Start of Intervention: max. 60 minutes
  • Start of Intervention (non-office hours): max. 60 minutes
  • On-Site Intervention: the next business day
  • Hour Pool
    (8 hours / year)
Rapid Response Priority
(24x7)
  • Start of Intervention: max. 15 minutes
  • Start of Intervention (non-office hours): max. 30 minutes
  • On-Site Intervention: max. 8 hours

Our Services

Incident readiness – perfectly prepared

In addition to preventive measures, we support you also in building up a suitable cyber incident organisation and the creation of a Cyber Incident Planning:
  • Preparation of an incident management strategy
  • Raising of awareness and training of the target groups (management and specialists)
  • Determination of responsibilities and roles
  • Creation of templates (Incident Response Playbook) for realistic scenarios (immediate measures, communication channels, communication guidelines)
  • Planning and implementation of simulations and exercises, e.g. Table Top Exercises (TTX), possibly in combination with an attack simulation
  • Building up of an internal incident response team
Incident Management Checklist: Preparation and Response

Compromise Assessment – Gaining Certainty

A compromise assessment is a targeted investigation of your IT systems and infrastructure to determine whether a security incident has occurred and how serious it is.
  • Determining whether an attack has taken place: Attacks often go undetected for a long time. An assessment reveals hidden malware, unauthorized access, or other signs of compromise.
  • Determining the attack vector: It is analyzed how the attackers entered your system, which vulnerabilities they exploited, and which systems are affected.
  • Assessing the extent of the damage: It is determined which data has been stolen or manipulated and how high the financial and reputational risk is.
  • Development of recommendations for action: You will receive concrete measures to close the security gaps, restore the systems, and prevent future attacks.

Forensic Services – Identifying Perpetrators and Causes

In the event of a cyberattack, it is important to react quickly and effectively. Our Forensic Services help you to comprehensively analyze the incident and identify the cause and take the necessary steps to mitigate damage:
  • Securing digital traces: We secure and document all relevant data and evidence in accordance with forensic standards.
  • Reconstructing the attack: We analyze the attack path, identify the attack methods, and reconstruct the course of events.
  • Identifying the attackers: We analyze available data to identify the attackers and understand their motivation.
  • Damage analysis: We assess the damage caused and support you in remedying security vulnerabilities.
  • Court-admissible documentation: We prepare comprehensive and court-admissible documentation of the incident.

Cyber Incident Simulation – Simulate a crisis, be prepared

Test your cyber defenses! With our Table Top Exercise, you can identify gaps and optimize your responsiveness to cyberattacks.
In a realistic simulation:
  • identify gaps in your security measures
  • train your responsiveness and coordination in case of an emergency
  • raise awareness among your employees about cyber risks
  • minimize damage through targeted preparation
We offer:
  • Scenarios based on real attack patterns
  • Support by experienced and certified security experts
  • Comprehensive analysis of your strengths and weaknesses

Do you have general questions about the Redguard CSIRT? Contact the team directly via email.

Do you want to be prepared for an attack and benefit from a structured process? Additionally, minimize the damage and resume business operations as quickly as possible? Contact us for an offer regarding guaranteed availability of our CSIRT or support for your incident readiness.