In the event of an Incident, Cybriant can prioritize which systems are targeted.  If the customer runs out of retainer hours during the investigation, then the customer will have the option to purchase additional hours to continue the investigation at a discounted negotiated rate (with the exception of Tier 1 Retainers).  Should the customer choose, Cybriant can cease the investigation once all retainer hours have been utilized.  If an investigation ends before the reporting stage all evidence will be given to the customer.

Yes, IR and ICS services can be purchased without a retainer.  However, a retainer offers Cybriant’s ICS and IR services at a discounted rate.  More importantly, once a breach occurs time to response and containment are crucial factors to minimize data exfiltration, reducing the spread of ransomware, and minimizing damage to an organization.  A retainer provides a guaranteed SLA.

 Additionally, by having a retainer you can prove to your insurance organization that you have a proactive cybersecurity posture, and you can assure your customers that you take the security of their data seriously.

Cybriant’s Security Engineers have seen hundreds of thousands of systems with various next-gen antivirus platforms, AI-based EDRs, HIDS based detection technologies, and various other buzzwords.  If any single system were foolproof and caught all of the bad guys, then they would have a monopoly over the market.  Obviously, while many people are passionate (or zealous) about the technology they utilize a monopolistic technology that keeps the bad guys out 100% of the time hasn’t been created. 

 As such, an IR or ICS retainer provides an additional perspective from seasoned Security Engineers utilizing industry best practices to contain and evict a threat once it has taken root.  Our analysis involves significantly greatly scrutiny than AI and next-gen machine-learned models can provide.  As a result, our methodology often discovers things that technology can miss.  When you’re trying to find a threat that doesn’t want to be found you can’t leave any stone unturned.

While we often use IR and ICS interchangeably they are two different things, but they are both covered under the same retainer.  More specifically, Incident Container is typically seen as a subset to Incidental Response and should be part of any good Incident Response policy.  IR involves policies, procedures, escalation contacts, and actions an organization should take in the event of a breach (even including contacting legal counsel).  Incident Containment is part of the actions an organization should take to stop the bleeding, and ultimately to both contain and eventually evict the threat.

An organization may utilize retainer hours to have Cybriant build or assist in creating a full Incident Response program.  Note:  It is always recommended to have a buffer of retainer hours to cover a breach if the organization decides to utilize retainer hours for other consulting services.

If the retainer hours are fully utilized during an active investigation, then yes, you would be entitled to the negotiated discounted rate and SLA up to end of the investigation.  However, if hours are utilized and a new retainer is not purchased then Cybriant cannot guarantee any SLA.

 To avoid loss of coverage, Cybriant recommends opting to have the contract auto-renew once hours are fully utilized.  This ensures that you will always have the guaranteed SLA coverage and negotiate a discounted rate.