Incident Response Service
Today, due to the increasingly complex structure of modern systems, the number of undetected vulnerabilities is also increasing. When exposed to a cyber attack, a correct and timely Incident Response is very important.

During a cyber incident, incident response performed by incompetent people, in a panic or too late always causes bigger problems. In such a case;

Data may be lost,
Evidence may be lost,
Backups may become unusable,
Data leakage may reach large dimensions,
Attacker may clean his own traces,
Return of the service may take a very long time.
While the number of cyber security-related attacks is increasing, these attacks have become more diverse, more damaging and destructive. New types of security-related incidents frequently emerge. Preventive activities based on the results of risk assessments can increase preparedness, but it is not possible to prevent all incidents. Therefore, incident response is inevitable. Annanowa offers various CSIRT services to its customers with its professional and experienced staff. Annanowa’s CSIRT Services include not only Incident Response Services, but also many other services that enhance the preparedness of its clients.

Preparedness
Annanowa’s CSIRT Services related to Preparedness can be grouped into two main categories: Proactive Services and Security Quality Management Services.

Proactive services provide assistance and information to help prepare, protect and secure systems. Proactive services will directly reduce the number of future incidents.

Security quality management services augment existing and well-established services that are independent of incident execution and are performed by other departments such as IT, auditing or training departments. These services are generally proactive, but they also indirectly contribute to reducing the number of incidents.

Annanowa’s Proactive CSIRT Services:
Annanowa offers the following proactive CSIRT services to its clients:

Announcements
Attack Alerts
Vulnerability Alerts
Security Advisories
Technology Monitoring
Penetration Tests
Configuration and Maintenance of Security Tools, Applications and Infrastructures
Development of Security Tools by R&D Department
ASMA (Asset Manager)
LODDoS (DDOS Automation Tool)
SİPER (Cyber ​​Intelligence Sharing and Blocking Platform)
7×24 Central Monitoring Service
Level-1 Security Analyst
Level-2 Security Analyst
Dissemination of Security-Related Information
Cyber ​​Threat Intelligence Collection and Sharing
Managed Security Services
On-Site Security Support Service

Annanowa’s Security Quality Management Services:
Annanowa offers the following Security Quality Management services to its clients:

Risk Analysis
Business Continuity and Disaster Recovery Planning
Compliance Audits or Assessments
SOC Analysis
Security Architecture Analysis
Effective Security Controls Analysis
Awareness Building
Annanowa Academy Trainings
Hacker School
Role-Based Trainings
Job-Based Trainings
CSIRT Staff Training

Intervention:
Due to the increasing complexity of modern systems, the amount of undetected vulnerabilities is increasing day by day. When exposed to a security incident, correct and timely Incident Response is very important.

During a cyber incident; intervention by people who do not have the necessary competence or intervention made late always causes bigger problems. In such a case;

Data may be lost,
Evidence may be lost,
Backups may become unusable,
Data leakage may reach large dimensions,
Attacker may clean the traces left behind,
It may take a very long time for the services/services to return to their normal functionality.
The technical team that will work in the incident response process in the incident response team; should consist of personnel with special skills; These personnel should have deep knowledge on malware analysis, forensic information, log investigation, security product specialist, operating systems, databases and network. An incident response team personnel with all these competencies are rarely available within the organization. Therefore, with its experienced and trained staff, Barikat offers professional and timely Emergency Response Services to its customers.

Annanowa’s Reactive Services:
The response part of CSIRT services begins with an incident or request such as a compromised computer, a widely spread malware or a compromised website. Immediately after the incident is detected, the Annanowa Incident Response team begins the correct and timely response.

The Annanowa Incident Response Team consists of personnel with different expertise depending on the size and type of the incident:

A team leader who has received Annanowa Academy and SANS training
SIEM and security product experts
Manufacturer-independent Cyber ​​Security Consultants
Penetration Testers to support in capturing the attacker’s perspective
The Annanowa Incident Response Team follows the Barikat Incident Response Methodology, which is based on the following well-known incident response steps. In addition to the general methodology document, it uses pre-determined detailed playbooks for common attack vectors.

Annanowa-CSIRT PGP Key
Sending Sensitive Information

We recommend that you encrypt sensitive information in email to prevent it from being viewed by unintended recipients. We generally prefer OpenPGP standard encryption, which stands for Pretty Good Privacy (PGP) or GNU Privacy Guard (GnuPG or GPG).

We also recommend checking the PGP signature on emails and documents to verify the authenticity and integrity of mail from Annanowa-CSIRT.