Practice area

Investigations & Incident Response

Investigations & Incident Response

Accredited by the CIR and CSIR schemes, the MWR incident response team provides rapid assistance for security breaches to allow effective remediation and recovery

Need immediate assistance?

Call our CIR/CSIR accredited incident response team or email CIR@mwrinfosecurity.com

United Kingdom: +44 (0) 330 223 3292

United States: +1 (917) 341-2116

Singapore: +65 3159 1795

To communicate securely with MWR, please use this PGP Public Key.

Prepare & Respond

Cyber security incidents are on the rise, with the average total cost of a data breach to organizations in 2016 amounting to £2.53 million*. When breaches occur, the business impact can range from merely a distraction through to devastation. It is the agility, experience and technology to rapidly identify and contain attacks that largely influence resulting business impact.

MWR’s dedicated and highly experienced global incident response team is equipped with industry-leading technology, world-leading approaches and current intelligence to handle any cyber security incident, large or small. Supported by our 24/7/365 Incident Response Hotline and rapid remote response technology, you need never be without expert support in an emergency.

“We help companies drive rapidly-moving cyber security investigations towards successful outcomes.

Our significant experience in forensic investigation and incident response enable us to substantially improve ground-zero situations and support effective decision making and containment. Taking the appropriate action at the time of an emergency is key in minimizing business impact.” 

Paul Pratley, Head of Investigations & Incident Response, MWR


When your business is under attack, it is critical you have the expert support needed to rapidly recover and minimize impact. Knowing that experienced investigators and responders are available when an incident occurs should be part of any organization’s incident response plan. Our core solutions ensure that your business is fully equipped to respond to an incident with the agility and efficiency attackers bring to bear.

Verizon DBIR Contributor

C394 Verizon ContributorLogo 170425 06 5.1jpgMWR is a regular contributor to the annual Verizon Data Breach Investigations Report (DBIR), comprised of real-world data breaches and security incidents. This year's report, available here, is based on the analysis of over 40,000 incidents, including 1,935 confirmed data breaches.

The CIR and CSIR schemes

MWR achieved Cyber Incident Response (CIR) and Cyber Security Incident Response (CSIR) accreditation in 2013 specifically because of its understanding of the threat posed by highly skilled threat actors and its experience of full incident response lifecycles. Its 24/7/365 Incident Response Hotline and rapid remote response technology ensures that appropriate action at the time of an emergency is taken to minimize business impact.

Originally launched by the Communications-Electronics Security Group (CESG), now part of the UK National Cyber Security Centre (NCSC), CIR-certified providers protect against and respond to sophisticated, targeted attacks against networks of national significance.

The CSIR scheme focuses on appropriate standards for incident response suited to industry, the wider public sector and academia. It is administered by The Council of Registered Ethical Secuity Testers (CREST) and endorsed by NCSC. 

MWR CSIR memberMWR CIR member 

 

 

Core Solutions

Comprehensive IR

Our CIR/CSIR team supports you from technical investigation, containment, and remediation through to crisis management and managing business risk.

IR Retainer

Our Incident Response Retainer ensures guaranteed on-site response and 24/365 hotline access to our Cyber Incident Response experts to provide rapid help in an emergency.

Compromise Assessment

Helps to thoroughly understand the effectiveness of existing security controls and whether attackers are currently on your network.

Incident Readiness Programs

We'll assist to identify gaps in your incident readiness, and provide training to help improve resilience and the ability to respond to attacks.

Ransomware Prevention & Response

MWR’s easily deployable endpoint protection technology is designed to stop ransomware attacks as they happen providing a final line of defence.

Technical and Executive Cyber Simulations

We facilitate mock incident scenarios to test and exercise incident response processes, training, and management decisions through both technical and executive streams.

Our thinking on Investigations & Incident Response

Blog

Examining Microsoft’s latest patch release

Article

Fatboy: Ransomware-as-a-Service becoming weapon of choice

A new variant of ransomware was discovered last week, further highlighting the proliferation and advancement of ransomware technology.

Article

Shadow Brokers: Observations on the EastNets Operation Notes

Article

Inside the 2017 Verizon DBIR

Article

Yet Another Breach – Crisis Management

 

Accreditations

MWR is an accredited member of The Cyber Security Incident Response Scheme (CSIR) approved by CREST (Council of Registered Ethical Security Testers).
MWR is certified under the Cyber Incident Response (CIR) scheme to deal with sophisticated targeted attacks against networks of national significance.
We are certified to comply with ISO 14001 in the UK, an internationally accepted standard that outlines how to put an effective environmental management system in place.
MWR is certified to comply with ISO 27001 to help ensure our client information is managed securely.
As an Approved Scanning Vendor MWR is approved by PCI SSC to conduct external vulnerability scanning services to PCI DSS Requirement 11.2.2.
We are members of the Council of Registered Ethical Security Testers (CREST), an organisation serving the needs of the information security sector.
MWR is a supplier to the Crown Commercial Service (CCS), which provides commercial and procurement services to the UK public sector.
MWR is a Qualified Security Assessor, meaning we have been qualified by PCI to validate other organisation's adherence to PCI DSS.
As members of CHECK we are measured against high standards set by CESG for the services we provide to Her Majesty's Government.
MWR’s consultants hold Certified Simulated Attack Manager (CCSAM) and Certified Simulated Attack Specialist (CCSAS) qualifications and are authorized by CREST to perform STAR penetration testing services.