We’ve written before about the importance of taking a proactive approach to cybersecurity.

Whether it be threat hunting, an active defense posture or just improving security instrumentation alerts and logs an organization keeps, it’s best for every user — no matter the size — to be prepared for when a cybersecurity incident or breach occurs.

We saw this recently with a customer in the education industry vertical. The customer leveraged their Cisco Talos Incident Response retainer after conducting some proactive threat hunting to notify us that they identified some suspicious activity on their network. Talos IR responders quickly noticed that just a single box on the customer’s network alerted, and we isolated the intrusion to a single endpoint within the network. Talos IR concluded with high confidence that the adversary had compromised just a single endpoint with a single, compromised credential. This strong collaborative approach from the customer and Talos allowed us to quickly contain and eradicate the adversary from the environment.

Our Talos IR 2022 Q3 Quarterly Trends reflect pre-ransomware and ransomware activity being the top threat and this continues a trend that we’ve seen across the threat landscape where adversaries are increasingly carrying out pre-ransomware activities to establish a foothold on a network rather than diving in head-first with a full-blown ransomware attack. Regulation and small-medium business targets may be factors for adversaries evolving extortion tactics versus deploying ransomware within a compromised environment. Potential attack targets may just see smaller, potentially innocuous activities from an adversary that doesn’t have to include the encryption of files on a network and request for a ransom payment.

As outlined in Talos’ 2022 Year in Review, education is a particularly vulnerable sector and we expect adversaries to increase the targeting of schools and universities over the summer when students start to return to classes after break.

If you want to detect, quickly respond and eradicate an adversary like this customer, you need to have incident response expertise in place. Cisco Secure’s Security Outcomes Report recently found that there was 11 percent difference in average resilience scores between organizations that have an external incident response retainer versus those that don’t.

A foundational component of this proactive plan is a Cisco Talos Incident Response Retainer. If a Talos IR retainer customer sees something suspicious, we’re there immediately to respond and determine what containment actions are appropriate and if a further forensic investigation is required. Just because you are not experiencing file encryption in your environment does not mean that an adversary doesn’t have the capability to deploy ransomware leading to a business-impacting cybersecurity incident. It is common for an adversary to gain initial access to a target organization and maintain access.

With an incident response retainer, an organization doesn’t have to conglomerate a plan or response together. Instead, it’s a one-size-fits-all package that includes tabletop exercises, cyber range training, purple teaming, intelligence on-demand, and much more. Then, if (more likely when) your worst career day occurs and your organization is the target of a cyber-attack, Talos IR stands at the ready to help the team respond immediately to detect and eradicate an advanced or determined adversary.

We covered more about Incident Response retainers in our Talos IR On Air Stream from April. You can watch the replay below.

With a retainer from Talos IR, organizations and users will have peace of mind that they have a trusted digital forensic and incident response team ready at any time. There’s no need to purchase emergency incident response services from one vendor, training exercises from another and a third vendor to assist in the creation of an incident response plan to prepare for the next time there’s an incident. Talos IR offers all these services in one package with a retainer.

If a customer doesn’t have a breach or an incident, there are many ways to leverage Talos IR proactively by enlisting us to lead your team through a hypothetical tabletop exercise or conducting a compromise assessment to identify potential gaps in your network before the adversaries can.

Even if your organization doesn’t already have Cisco products in place, Talos IR can work with you — we’re completely vendor-agnostic. Whatever tools and software you have, we’re here to help.

No matter what tools you must detect or scan for the next threat, our responders can start their work immediately to remediate the threat. If you require new hardware or software solutions, our team can always help with that, too.

If you are already a Cisco customer, a Talos IR retainer is the perfect way to continue your security journey with us and become more resilient. We’ll find the full capabilities of your security team and then develop a prescriptive plan for how your security team can best work with us over the lifetime of the retainer. The team that starts working with you from the first day you sign onto a retainer will be there with you.

If you’d like to learn more about a Talos IR retainer, please reach out to us through our website, and tune into the next Talos IR On Air to hear more about this service.