Incident Responses


From Andubay we want to give you maximum confidence and make you feel safe. When your company has detected an intrusion in your system causing a security incident and has to treat the problem with the utmost discretion and delicacy possible, in the shortest time, as these types of incidents require ... You will find us to solve said incidents.

The speed with which we can recognize, analyze and respond to an incident will limit the damage and reduce the cost of recovery. The experience of the human capital that we have in Andubay, is familiar with the compromised systems and therefore with being more effective in the coordination, recovery and proposing mitigation and response strategies.

There are several methods of action in response to an incident, so once analyzed the problem that has detected in your system structure, causing the security failure, we will follow the internal action protocol to give you the best and fastest solution. The functions and actions we handle are both reactive and proactive to help protect and secure the critical assets of your organization.

Incident management includes two functions:

  • The notification of incidents.

  • Incident analysis and incident response.

    Types of action:

  • Telephone service. It will be the first contact that will serve to analyze and collect data for its solution. As long as, through telephone instructions, can not be corrected.

  • Remote interventions.From our headquarters or remote team, we will intervene in the affected system of the company in such a way that, without moving, we can intercept the threat. This allows to shorten the time of action considerably, since, it is not counted the time of transfer to the facilities of the client.

  • Advice before crisis. We will provide the responsible of the company with the necessary information to guide you to the best way to proceed in the face of a vulnerability that may arise in the company. In this way, with our support and advice, you will be able to overcome the problems arising from the attack on your infrastructure.

  • Forensic analysis. It will help us identify the author who has violated the system, the causes and the method used to carry out this intrusion. At the same time, we will grant the company the necessary measures that must be taken to prevent events of this type from happening again.

  • Post-incident reports (technical, executive and expert). Once the task of identifying the causes and methods used when violating the system is completed, a technical, exhaustive and detailed report of the information collected is made. With the intention that said report may be used expertly, in the event that the company decides to take legal action.

    If necessary, we will follow the chain of custody of all procedures. It is of paramount importance in those cases, that the intrusion in our network infrastructure has been violated and the procedure of analysis, location and repair of the damages suffered in the infrastructure, will be used to take actions that go beyond a simple repair and incident analysis. It is when, we want to take reparatory and legal actions against the person or company that caused the incident.

    Areas of action in an Incident Response (IR).

  • Internal IR: provide incident management services to your parent organization. Suitable for a bank, a manufacturing company, a university or a federal agency.

  • Coordinated IR: coordinate and facilitate the handling of incidents through various Incidents Response that the company or organization has.

  • Analytic IR: they focus on synthesizing data from various sources to determine trends and patterns in incident activity. This information can be used to help to predict future activity or to provide early warning when the activity matches a set of previously determined characteristics.

    International Incident Response (IIR) Our response to an incident is not only limited to the national territory, but also in the international area we also offer our service with the same quality standards. Telephone support, remote interventions, Crisis Counseling, Forensic Analysis and Forensic Reports. All of them will be displayed before an incident notice coming from abroad.