P1 Security assists enterprises, governments and operator with Incident Response missions during difficult times where response time, efficient management and quality actions are key.

  • Our Incident Response service enable to have a network-ready Quick Reaction Force (QRF) with knowledge and expertise on security and critical infrastructure deployments.

      • Intrusion monitoring, tracking and live forensic
      • Windows, Unix and legacy OS support
      • GPRS and Mobile data intrusion tracing/tracking
      • Post-mortem intrusion forensic
      • Datacenter-ready intervention (optical interfaces, large size infrastructure, high speed networks)
      • Fraud monitoring and mitigation
      • Internal network suspicious traffic monitoring
      • Network crash incident response
      • System-related root cause analysis
      • Communication management on technical incident with crisis management team
      • Live, internet based, intrusion tracking
      • Network Element & systems backdoor analysis
      • Database theft or modification forensic analysis
      • System and data recovery

    We follow industry best practices for Incident Response from FIRST, CERT/CC, ENISA and NIST along with IETF Network Incident Response principles in RFC 2350.
    We work with selected partners for some specific areas such as white-room hard disk or hardware work and flash-based hardware memory recovery.
  • Incident Response Team
    Team size
    • Total: 2 to 8 incident response worker
    • Typical: 2 to 4
    Deployment time & Availability
    • 1 hour online actions
    • 2 hours local presence (same city/region), currently only available in France for Paris/IDF and Montpellier/PACA area
    • 4 hours national deployment, currently only available in France
    • 12 hours international deployment
    • Best effort for first contact
    • Add one hour potential delay for night start of mission (2300-0700 CEST)
    Technology support
    • Unix, Windows, Mobile platforms, legacy systems
    • Forensic tools (log, network, system, file carving, …)
    • Quick support system deployment servers and laptops
    • Network technology support: TCP/IP, MPLS, SS7, SIGTRAN, IMS, Mobile (GTP/S1AP), LTE, X25, Frame Relay, STM/ATM/SDH, ADSL/FTTH/GPON
    • Optical network taps (GBIC, 1 Gb, 10 Gb, DWDM, …)
    • Ethernet network taps
    • Media converters
    Instant Forensic Capture Capability, Imaging and Forensic capability
    • 20 hard disks (500 Gb each), SATA and USB-3, total 10 Tb (10 terabytes)
    • 4 NAS (Gigabit Ethernet and wifi)
    • Disk mirroring
    • Hardware interfaces (SATA, SCSI, DMA, Firewire…)
    • In memory forensics (Volatility, DFF, …)
    • Linear and non-linear imaging for backdoor/booby trapped hard-disk firmware evasion
    Instant IRT Infosystem size
    • Incident Project management VM
    • 12 “drop” network taps & drop laptop
    • 6 transparent analysis network devices
    • Independent, covert and secure wireless mesh network (10 mesh-network Wifi Access-Point nodes)
    • Independent, covert and secure long-distance hi-speed microwave links (6 links, 12 routers, 224 Mbit/s, 2.4 GHz and 5GHz technology)
    • Independent, covert and secure GPRS/3G/LTE based internet access (6 access points)
  • We have delivered Incident Response missions in many industries including: Mobile Network Operators, Governments, Communication, Legal.
    Customer names are never released, yet we can do 1:1 introduction for reference qualification.