Cisco Talos Incident Response (Talos IR) provides proactive and emergency support, powered by Cisco Talos’ global threat intelligence. Organizations can use our flexible retainer for incident response, compromise assessments, tabletop exercises, training, and more. Whether preparing for threats or managing a crisis, Talos IR helps organizations to minimize risk, reduce downtime, and strengthen cybersecurity resilience.
What happens when you engage Cisco Talos Incident Response?
What happens when you bring in a team of cybersecurity responders? How do we turn chaos into control, and what is the long-term value that Talos IR provides to the organizations we work with?
Why a Cisco Talos Incident Response Retainer is a game-changer
With a Cisco Talos IR Retainer, your organization can stay resilient and ahead of tomorrow's threats. Here's how.
Stopping ransomware before it starts: Lessons from Cisco Talos Incident Response
Explore lessons learned from over two years of Talos IR pre-ransomware engagements, highlighting the key security measures, indicators and recommendations that have proven effective in stopping ransomware attacks before they begin.
Talos IR ransomware engagements and the significance of timeliness in incident response
The decision between immediate action and delayed response made the difference between ransomware prevention and complete encryption in these two real-world Talos IR engagements.
Proactive threat hunting with Talos IR
Learn more about the framework Talos IR uses to conduct proactive threat hunts, and how we can help you stay one step ahead of emerging threats.
IR Trends Q1 2025: Phishing soars as identity-based attacks persist
This quarter, phishing attacks surged as the primary method for initial access. Learn how you can detect and prevent pre-ransomware attacks.
Talos IR trends Q3 2024: Identity-based operations loom large
Credential theft was the main goal in 25% of incidents last quarter, and new ransomware variants made their appearance - read more about the top trends, TTPs, and security weaknesses that facilitated adversary actions.
Protecting major events: An incident response blueprint
Go behind the scenes with Talos incident responders and learn from what we've seen in the field.
BlackByte blends tried-and-true tradecraft with newly disclosed vulnerabilities to support ongoing attacks
In recent investigations, Talos Incident Response has observed the BlackByte ransomware group using techniques that depart from their established tradecraft. Read the full analysis.
IR Trends: Ransomware on the rise, while technology becomes most targeted sector
Although there was a decrease in BEC engagements from last quarter, it was still a major threat for the second quarter in a row.
Talos IR trends: BEC attacks surge, while weaknesses in MFA persist
Within BEC attacks, adversaries will send phishing emails appearing to be from a known or reputable source making a valid request, such as updating payroll direct deposit information.
IR Q4 2023 trends: Significant increase in ransomware activity found in engagements, while education remains one of the most-targeted sectors
Talos IR observed operations involving Play, Cactus, BlackSuit and NoEscape ransomware for the first time this quarter.
7 common mistakes companies make when creating an incident response plan and how to avoid them
Avoiding some of these common mistakes ensures your organization’s plan will be updated faster and is more thorough, so you are ready to act when, not if, an incident happens.
Why logging is one of the most overlooked aspects of incident response, and how Cisco Talos IR can help
As the adoption of digital technologies increases, the volume of log data grows, which makes it challenging for cybersecurity teams to identify which logs are most valuable when investigating and analyzing threats.
How Cisco Talos IR helped a healthcare company quickly resolve a Qakbot attack
A healthcare company recently detected a potential Qakbot infection early, and with the help of the Talos IR team, evicted the threat actor from their network quickly before any harm could come to the organization or its customers.
Incident Response trends Q2 2023: Data theft extortion rises, while healthcare is still most-targeted vertical
Ransomware was the second most-observed threat this quarter, accounting for 17 percent of engagements, a slight increase from last quarter’s 10 percent.
How Talos IR’s Purple Team can help you prepare for the worst-case scenario
A Purple Team exercise is a collaborative approach between offensive (Red) teams and defensive (Blue) teams.
Cybersecurity for businesses of all sizes: A blueprint for protection
Developing a robust cybersecurity practice involves implementing multiple layers of security measures that are interconnected and continually monitored, including training and awareness programs to ensure that employees follow best practices.
Quarterly Report: Incident Response Trends in Q1 2023
In 45 percent of engagements, attackers exploited public-facing applications to establish initial access, a significant increase from 15 percent the previous quarter.
Researcher Spotlight: Giannis Tziakouris first learned how to fix his family’s PC, and now he’s fixing networks all over the globe
As a senior incident responder, Giannis helps Cisco Talos Incident Response customers secure and respond to security incidents across the world.
How an incident response retainer can drive proactive security
Whether it be threat hunting, an active defense posture or just improving security instrumentation alerts and logs an organization keeps, it’s best for every user — no matter the size — to be prepared for when a cybersecurity incident or breach occurs.
Increasing trust, commitment, and predictability during a remote incident response
In this blog post, Cisco Talos Incident Response (Talos IR) presents some of the key benefits of remote IR support and offers a list of recommendations for working on a remote incident.
Protecting major events: an incident response blueprint
Cisco Talos Incident Response (Talos IR) is sharing a white paper on the steps organizations should follow to secure any major event. These ten focus areas should help guide any organizing committee or participating businesses in preparation for securing such events..
The Company You Keep – Preparing for supply chain attacks with Talos IR
Organizations must proactively limit supply chain risks through careful selection of the company they keep while preparing to respond to an incident that will invariably originate from the supply chain.
Researcher Spotlight: Globetrotting with Yuri Kramarz
“You have completely different angles in preparing different customers for defense during major global events depending on their role, technology and function,” Kramarz said.
What Talos Incident Response learned from a recent Qakbot attack hijacking old email threads
By Nate Pors and Terryn Valikodath. Executive summary * In a recent malspam campaign delivering the Qakbot banking trojan, Cisco Talos Incident Response (CTIR) observed the adversary using aggregated, old email threads from multiple organizations that we assess were likely ha
Quarterly Report: Incident Response Trends in Q2 2022
For the first time in more than a year, ransomware was not the top threat Cisco Talos Incident Response (CTIR) responded to this quarter, as commodity malware surpassed ransomware by a narrow margin. This is likely due to several factors, including the closure of several ransomwa
Ransomware: How executives should prepare given the current threat landscape
By Nate Pors. Top executives are increasingly dreading the phone call from their fellow employees notifying them that their company has been hit by a cyber attack. Nearly every week in 2021 and early 2022, a prominent organization has been in the media spotlight as their public
Talos Incident Response added to German BSI Advanced Persistent Threat response list
Cisco Talos Incident Response is now listed as an approved vendor on the Bundesamt für Sicherheit in der Informationstechnik (BSI) Advanced Persistent Threat (APT) response service providers list [https://www.bsi.bund.de/SharedDocs/Downloads/DE/BSI/Cyber-Sicherheit/Themen/Dienst
Quarterly Report: Incident Response trends in Q1 2022
Ransomware continues as the top threat, while a novel increase in APT activity emerges Ransomware was still the top threat Cisco Talos Incident Response (CTIR) saw in active engagements this quarter, continuing a trend that started in 2020. As mentioned in the 2021 year-in-revie
Preparing for denial-of-service attacks with Talos Incident Response
Over the years, several extorsion-style and politically motivated denial-of-service attacks increased and still pose a threat to businesses and organizations of any size that can find themselves in the crosshairs of various malicious campaigns. A detailed preparation plan is nee
Talos Incident Response year-in-review for 2021
Cisco Talos Incident Response (CTIR), as with everyone else in the cybersecurity world, dealt with a bevy of threats last year, as responders dealt with an expanding set of ransomware adversaries and several major cybersecurity incidents affecting organizations worldwide, all und
2021: Looking back on the year in malware and cyber attacks, from SolarWinds to Log4j
It seems like we were just recovering from the aftermath of the massive SolarWinds campaign a month or two ago. And now suddenly, it’s been a year since one of the largest cyber attacks in history and moving onto another threat that could last for years. That just seemed to be h
Case Study: Catching threats ahead of time with a penetration test from the Cisco Talos Incident Response Red Team
By Brad Garnett, Miguel Alvarez Esmoris, Terryn Valikodath and Bob Doyle. As we mentioned in a previous case study, relationships are tried and tested during incident response. So, when a customer came to Cisco Talos Incident Response (Talos IR) with concerns about their public-
The features all Incident Response Plans need to have
Having a policy that defines how an organization can respond to cybersecurity incidents, and a plan on how to deal with those incidents can play a major role in resolving them with minimal cost and downtime.
Case Study: Incident Response is a relationship-driven business
Proof that incident response is "the ultimate team sport" By Brad Garnett. Introduction As a seasoned incident responder, and now IR business leader here at Cisco Talos Incident Response (CTIR), I have always said that incident response is the ultimate team sport
Talos Takes Ep. #42: Seriously folks, save your logs
The latest episode of Talos Takes is available now. Download this episode and subscribe to Talos Takes using the buttons below, or visit the Talos Takes page. When Pierre Cadieux steps into a Cisco Talos Incident Response engagement, the first thing he wants to do is check out t
Talos Incident Response announces new, lower price through July 25
Today’s world looks very different than three months ago. More people work remotely than ever before. IT teams work around the clock to expand capacity and new software and services are being deployed to handle the load. Within this new remote environment, we have seen new malwar
Video: What defenders can learn from past ransomware attacks
The Cisco Talos Incident Response "Stories from the Field" video series returns with another entry from Matt Aubert. This time, Matt discusses ransomware infections he's seen in real-time, and shares what defenders can learn from others' mistakes and recovery.
Cisco Talos Incident Response "Stories from the Field" #2: When do lawyers get involved?
The second video in our "Stories in the Field" series from Cisco Talos Incident Response is here, with Matt Aubert talking about lawyers. While getting a general counsel involved may seem like an arduous process for many incident response teams, Matt Aubert argues in t
Introducing Cisco Talos Incident Response: Stories from the Field
By Jon Munshaw. As another way of bringing our boots-on-the-ground intelligence to defenders, customers and users, we are introducing a new video series called "Cisco Talos Incident Response: Stories from the Field." In each entry, a CTIR team member will cover one