Check Point Incident Response Service

When the worst happens and you get attacked, trust Check Point to mitigate your risk with our Incident Response Service. Just call our dedicated hotline anytime you experience a security threat and our 24x7 experts will instantly respond to help you contain the threat, minimize your losses and return to business as usual. Our Incident Response service will also help you mitigate future risks with post-incident reports and security best practices advisement.

Benefits
Features
Specifications

Dedicated 24/7 experts instantly respond to any security attack

Real-time log capture and analysis
Digital forensics analysis
Denial of service response and mitigation
Malware, virus and data loss incidents
Botnet identification and counteraction

Speed your recovery and return to business as usual

Reduce downtime during a security attack
Accelerate your ability to contain threats
Limit damages, loss and cost from attacks

Mitigate future risks with post-incident advisement

Apply industry best practices to strengthen security controls
Improve your coordination and ability to respond to security incidents
Leverage the latest intelligence from ThreatCloud and your Incident Response portal

Multi-threat analysis

Check Point is the only company to offer insight and remediation for several different typs of threats.

Check Point is the only company to offer insight and remediation for several different types of threats including:

Firewall
IPS
Applications
Data Loss
Malware
Botnets
Unauthorized access
Denial of Service

Real-time Remediation

Real-time remediation is only possible with access to real-time data.

Real-time remediation is only possible with access to real-time data. We collect your logs, and then encrypt, compress and store them for immediate access to data should an attack occur. Your logs are refreshed every 30 days to capture the latest information and speed remediation time so you can get back to business. Customers can always view their logs via the Incident Response portal.

Documentation and Guidance

Incident Response customers receive detailed documentation and best practices guidelines to improve processes, communication and ability to respond to an attack and meet compliance and reporting requirements .

Incident Response customers receive detailed documentation and best practices guidelines to improve processes, speed ability to respond to an attack and meet compliance and reporting requirements including:

Incident Response Analysis and Recommended Remediation
Incident Response Best Practices Guidelines
State of Preparedness Report
Annual Summary of Event Activity vs. the Check Point community
Attack Profiling

Incident Response Portal

The Incident Response portal offers eveything you need to prepare for and respond to a security attack. Via the Incident Response portal customers can view actionable attack remediation data.

The Incident Response portal offers everything you need to prepare for and respond to a security attack. Via the Incident Response portal customers can view actionable attack remediation data including:

Summary of the Security Event
Summary of Alerts during the last 24 hours
Message Board
Report Repository

Customers upload their raw data (logs) to the Incident Response portal for encrypted storage and analysis.

Custom Security Controls

In addition to real-time attack remediation assistance, we also provide expert recommendations to enhance your security protection.

In addition to real-time attack remediation assistance, we also provide expert recommendations to enhance your security protection including:

Custom signatures
Traffic and attack analysis
Rule-base protection activations
Custom protection development
How to protect 3rd party systems and service providers

ThreatCloud Intelligence Feeds

ThreatCloud is a real-time security intelligence database, and the first collaborative network to find cybercrime.

ThreatCloud is a real-time security intelligence database, and the first collaborative network to find cybercrime by analyzing over 250 million addresses for Bot discovery, 4.5 million malware signatures, and 300,000 malware-infested websites. ThreatCloud is dynamically updated using a worldwide network of threat sensors to provide the very latest security intelligence.

Incident Response Service Specifications

Scope

Within thirty (30) minutes of receiving the call, an Engineer will contact Customer and a conference bridge will be established where all parties can join in on the private conference call.

Once initial contact has been created, an Engineer will work with the customer to identify the type of incident and proceed through the analysis phase, which can include investigation of anomalies associated with:

System resources
Network Patterns
Application performance
Device operation

Engineer may also perform log analysis from Check Point products, network equipment and device operating systems and applications. Additional investigative efforts may include reviews of full packet captures and binaries

Deliverables

Within 48 hours of an Incident being closed, Check Point will provide a full report of the circumstances of the Incident to the Customer. The clock will start once the Customer has indicated that the incident is closed. The report may include:

Incident overview and executive summary information
Event description and behavior
Details of call log and work performed
Data and system/network behavior analysis
Recommendation and analysis
Raw log information

Products A-Z
- Appliances
- Appliances Overview
- 2200 Appliances
- 4000 Appliances
- 12000 Appliances
- 21000 Appliance
- 61000 Security System
- DDoS Protector Appliances
- SecurityPower
- Secure Web Gateway Appliance
- Threat Prevention Appliance
- Series 80
- UTM-1 Edge
- IP Appliances
- Virtual Systems
- Safe@Office
- Smart-1
- Smart-1 SmartEvent
- Integrated Appliance Solution
- IAS Bladed Hardware
- Software Blades
- Software Blades Overview
- Security Gateway
- Firewall
- IPSec VPN
- IPS
- Mobile Access
- Application Control
- Identity Awareness
- DLP
- Web Security
- URL Filtering
- Anti-Bot
- Antivirus
- Anti-Spam & Email Security
- Advanced Networking & Clustering
- Voice over IP (VoIP)
- Threat Prevention
- ThreatCloud™
- Security Management
- Compliance
- Network Policy Management
- Endpoint Policy Management
- Logging & Status
- SmartWorkflow
- Monitoring
- Management Portal
- User Directory
- SmartProvisioning
- SmartReporter
- SmartEvent
- Multi-Domain Security Management
- Virtualization Security
- Security Gateway Virtual Edition
- Cloud Security
- Virtual Appliance for Amazon Web Services
- Security Systems
- Security Systems Overview
- Endpoint Security
- Endpoint Security
- Full Disk Encryption
- Media Encryption
- Anti-Malware & Program Control
- Remote Access VPN
- Firewall & Compliance
- Check Point WebCheck
- Check Point GO
- Solutions
- Remote Access
- Consumer Products
- ZoneAlarm Antivirus
- ZoneAlarm ForceField
- ZoneAlarm Internet Security Suite

We'd Like to Help!

Resources