Skip to main content

Incident management

What happens if an incident occurs involving a security breach or malicious code activity? We will respond around the clock via our Computer Emergency Response Team who will assist you in handling your incident.
Service detail
Scenario... Your company has been hit with a new virus that your antivirus software is not detecting. Widespread incidents are being reported to your Help desk. Every attempt to clean it only spreads it further to your employees, customers and business partners resulting in confidential data being sent outside your company. What do you do?
 
Highlights
Incident management support
Security alert service

Helping our subscribers manage risk is a key component of what managed security services has to offer. But what happens if a suspected or real incident occurs involving a security breach or malicious code activity? This activity can be a virus attack, an internal or external hack attack, a denial-of-service or Web page vandalism. Managed security services will respond around the clock via our Computer Emergency Response Team who will assist you in handling your incident. This involves technical phone consultation and/or on-site coverage at your location, working with your technical staff to assist and resolve your incident.

Incident management support

In the event your organisation has an occurrence of unauthorised use, denial-of-service, disruptive code episode, exposure of sensitive information, or security risk that originates within a computer communications network and affects your TCP/IP-based communications network(s) and computer system(s), IBM security experts will work with members of your staff providing advice and assistance for the duration of the intrusion.

Available 24 hours a day, seven days a week, 365 days a year, we can:

  • Help you respond quickly to intrusions and exposures across secure Internet connections
  • Help you respond quickly to malicious code activities in your organization
  • Place IBM experts at your disposal for technical and procedural assistance during and following an incident
Security alert service

In an effort to assist you in keeping apprised of developments in the information security arena, IBM offers a security alert service for the purpose of communicating general information, alerts from information security product vendors, as well as serious alert notifications based on security incidents in the industry.

We call these e-mails security advisories and they are issued several times per week, under the following categories:

  • FYIs (For Your Information) - Our general information advisories are primarily malicious code oriented. These can include details on new viruses or hacker tools. Many of the malicious code FYIs have an 'IBM Comments' section which provides information we have obtained from lab testing, antivirus vendors and world-renowned IBM Research.
  • OARs (Outside Advisory Redistribution) - No software is perfect or invulnerable to hacking attempts. All major vendors release warnings, patches, and updates surrounding fixing these vulnerabilities. Our OAR advisories address this special need for information. IBM has agreements with other companies to redistribute their security advisories. These include companies such as Microsoft, HP, Cisco, RedHat, FreeBSD, ISS, government agencies such as NIPC (FBI), and incident response organisations such as FIRST.
  • SVAs (Security Vulnerability Alert) - Our SVA e-mail advisories contain information about threats which could put your organisation at risk.

With the information in these three types of advisories, our clients will be well informed in one of the most dynamic, complex and dangerous areas of computing.

To find out more about this service, including pricing and how to sign up, please complete and submit this request form. Please indicate that you are interested in the Security Alert Service.

IBM Denial-of-Service - Alert and Response

Popular Internet sites have been subjected to a form of cybervandalism called distributed denial-of-service attacks - coordinated assaults that repeatedly send vast amounts of distributed data packets to flood a system or complete network - degrading performance or shutting it down.

IBM's Denial-of-Service - Alert and Response can assist IBM customers in detecting and responding to denial-of-service attacks and similar problems.

IBM’s experienced specialists will conduct an Internet security assessment, to help your organisation minimise the risk of a hacker causing damage to your network.

IBM's "ethical hackers" can simulate a real intruder's attacks, in a controlled, safe way for you. They'll tell you what they find and what actions to take to keep intruders out. This comprehensive assessment covers the intruder's view of the system, and examines the configuration and management of the systems to reduce exposures and help prevent future denial-of-service attacks.

Should an attack occur, our managed security services team can identify suspicious activity using network intrusion detection. It immediately alerts IBM security experts who analyze the information and, if necessary, notify you while initiating a response. With network intrusion detection, you will know about potential intrusions as they are happening, instead of finding out about them after they have occurred.

Finally, to ensure you can answer quickly to a potential intruder attack, IBM’s security specialists will help you define and document an incident management process which enables your security objectives to be realised.

Service includes
  • A review of your overall network design to determine how it effectively isolates your internal, trusted networks and systems from intruder access and denial-of-service attacks.
  • Advice on how to tune your network devices to minimise the impact of denial-of-service attacks.
  • A review of the security design of your selected platforms to determine if any functions provided by them could cause undesirable security exposures.
  • A test designed to exercise all components within the scope of the project in an attempt to gain unauthorised access to your network.
  • A review of the security management controls for the included components covering policy, organisation, operating procedures and documentation.
  • An assessment of your current incident response process, followed by a formal definition of it using IBM’s business process methodology.
  • 24x7 incident management support to help you respond quickly to potential denial-of-service attacks, intrusions and exposure.
  • A monthly vulnerability test, weekly policy compliance testing and a security alert service.
  • A real-time intrusion detection system that centrally monitors network security, and allows IBM to detect and respond to unwanted network intrusions and denial-of-service attacks while they are happening.
  • A report describing the strengths and weaknesses found in all of the above activities with recommendations for short and long term improvements
Antivirus consulting

All of our enhancement workshops are customizable to your enterprise needs.

Antivirus migration workshop
  • A service offering to customers who are migrating from one antivirus product to another, or
  • Customers who are preparing for a new installation of antivirus software within their enterprise. Topics to include:
    • Review of customer policies and audit requirements
    • Customer configuration review
    • Distribution process
    • Technical solutions
Antivirus policy and CERT structure
  • Designed for customers who wish to strengthen their formalised antivirus corporate posture.
  • Virus experts will provide advice for setting up a global CERT structure and corporate policy to enforce proper antivirus measures.
Antivirus product training
  • Managed security services has a wide range of experience with various antivirus products and implementations.
  • Please contact us for additional information on this workshop.

Printable version
E-mail this page

E-mail IBM

E-mail IBM