We adequately train team members who will be responsible of solving possible incidents - this is where we establish the guidelines for handling events that may present a security risk.

We monitor security events to detect, alert and report possible incidents. We also set up different alarms for intrusion detection systems, intrusion prevention and monitor the integrity of files.

We collect data from the company’s tools and systems to classify and analyze in depth indicators of compromise (IOC), thus reducing the damages and their effects.

We identify behaviors previously classified as malicious, to recover systems after having suffered an attack or having been exposed to a vulnerability. This stage is the most critical because its effectiveness depends on the IOCs collected in the different analysis carried out and its precision.

We document and analyze the incident to update, change or improve procedures, in order to avoid similar situations happening again. We follow the activities after the detected event, because the actors of the attacks usually appear again.