The industry analyst firm Gartner has named Trustwave as a Representative Vendor in its 2023 Market Guide for Digital Forensics and Incident Response Retainer Services. This distinction comes on the heels of Trustwave being named a Representative Vendor in Gartner’s 2023 Market Guide for Managed Detection and Response (MDR).
“Trustwave is honored to be named as a Representative Vendor for DFIR by Gartner,” said Trustwave CEO Eric Harmon. "The rapidly changing threat landscape is leaving organizations vulnerable, and we pride ourselves on not only being able to help our clients stay secure, but on having our world-class SpiderLabs team ready 24/7 to react quickly and decisively if a security incident occurs. Our global SpiderLabs security experts have extensive experience with the tools and techniques used by today's advanced attackers, allowing us to stay ahead of modern threats.”
Trustwave’s global SpiderLabs security experts have extensive experience with the tools and techniques used by today's advanced attackers, allowing us to stay ahead of modern threats.”
Trustwave will be on the floor at the 2023 RSA Conference. Our team is ready to meet with any interested parties to learn more about our DFIR, Managed Detection and Response and other security solutions during the show. To schedule a meeting click here or you can stop by Booth N5480.
To be named as a Representative Vendor for Digital Forensics and Incident Response (DFIR), Gartner said a security firm must offer proactive services (before an incident occurs) to include creation and/or review of incident response policy and processes, configuration of endpoint detection and response (EDR) technology, and other activities to increase incident preparedness. Additionally, reactive services (after an incident occurs) must include forensic collection, notification of relevant government agencies, determining the source of the breach, and other postmortem activities.
“Digital forensics and incident response retainer services are a great way to augment capacity and capability when responding to cybersecurity incidents. Security Risk Management (SRM) leaders should use this research to understand the DFIR market, evaluate trends, refine requirements, and identify market players,” the Gartner report stated.
Gartner defines DFIR as those that help organizations identify the extent of, and deal with security incident investigations, forensic response and triage, and security breaches. They generally offer a combination of digital forensics (DF), incident response (IR), and related proactive and reactive security services. DFIR is mostly delivered as a retainer-based service and is intended to work with the end user’s in-house DFIR processes and procedures.
DFIR solutions providers also must have the ability to:
- Investigate malicious activity;
- Reverse engineer malware;
- Obtain threat intelligence;
- Assist with incident recovery, from initial detection to incident postmortems, that allow for better detection and response processes for future security events.
Gartner’s Guide also notes that DFIR providers must go beyond simple proactive solutions and offer pre-emptive services such as red teaming and tabletop exercises, to prepare for a security incident. Additionally, the analyst firm believes targeted assistance, such as penetration testing and training workshops should be offered.
Trustwave has an extensive Enterprise Pen Testing program that is conducted by the elite Trustwave SpiderLabs team, which is CREST-certified for Penetration Testing and Simulated Target Attack & Response (STAR) Penetration Testing.
Additional recommendations from the Gartner Market Guide for organizations looking to add DFIR capabilities:
- Consider purchasing a prepaid DFIR retainer to ensure preferential response times, reduced rates, and access to services that support their DFIR requirements.
- Check with their cyber insurance policy provider to determine whether they have specific requirements or preferences for incident response services.
- Consult their cyber insurance provider to determine whether having a DFIR retainer in place lowers their premiums.
- Have a list of recommended DFIR service providers in place to ensure coverage in the event of an incident.
Trustwave’s DFIR Solution Delivers
Trustwave’s approach to DFIR is to bring clarity during what will be a very complicated situation for clients. Trustwave DFIR consulting services work with a client to determine the cause, and extent of a security breach quickly, and to better prepare for the inevitable incident.
Trustwave’s services help clients cut through the fog and complexity that surrounds a cyber incident.
A DFIR consulting retainer will ensure that Trustwave SpiderLabs experts are on standby as your first responders to a security breach. Trustwave can launch a forensic investigation at a moment’s notice. With DFIR experts stationed all around the globe, an expert first responder is only a phone call away, ready to determine the root cause of a breach, minimize its impact, and preserve key evidence.
Here is what an organization receives with a Trustwave DFIR retainer:
- Speed: DFIR responder on-call 24/7 with 2-hour remote triage / in-transit within 24 hours if on-site work is required.
- Priority: DFIR Retainer client cases get immediate priority over emergency services work.
- Lower cost: A pre-negotiated rate is lower than standard consulting fees.
A DFIR retainer also offers flexibility in service delivery. In addition to access to all Trustwave SpiderLabs resources and services to ensure the most effective response, unused hours may be redirected to other IR Readiness services (minimum levels apply).
