Incident Response

The moment you suffer a cyber attack is when you most need quick, professional and comprehensive help. This is why ReeVo provides the Security Threat Orchestration Response and Monitoring (STORM) service for Incident Response activities.

Learn more

During an attack, in a high-stress situation, in addition to blocking the threat, ascertaining the extent of the damage, and concerns about how to speed up the restart of IT operations, the victim is also called upon to respond to countless seemingly collateral issues, such as impacts to the business, image fallout for the company, consequences for the extended value chain, or communication tasks to be fulfilled.

Our best specialists act, according to NIST standards, for the containment of the security incident and the subsequent steps necessary for resolution, continuing to follow you automatically up to more than 30 days after resolution.

This is the typical workflow that we put in place immediately on the IT side:

1. Preparation

  • Allocation of a dedicated Incident Manager
  • Allocation of 24x7 Incident Response team
  • Allocation of 24x7 SOC team
  • Allocation of Malware Analysis team to identify decryption keys (where possible)

2. Detection & analysis

  • Identification of Indicators of Compromise (IOC) and Attack (IOA) through forensic analysis
  • Ransomware family identification
  • Deployment of MDR, SIEM, SOAR, CTI, VA tools for anomaly detection
  • Data Breach analysis, detection of exfiltrated data published on Clear/Dark/Deep Web
  • Vulnerability Assessment for vulnerability detection

3. Containment, eradication & recovery

  • Ransomware removal via MDR
  • Isolation of compromised systems via MDR
  • Supporting secure system recovery

4. Post-incident activities

  • Sharing Incident Reports
  • Definition of remediation plan and security improvements

But this is not enough

Our Legal Forensics team moves in parallel with the IT team and with this workflow:

  • Technical-legal analysis of post cyber attack effects (by reasoned and comparative examination of technical reports issued by the ReeVo cybersecurity team); analysis of compromises and/or exfiltrations

  • Analysis of the IT structure, critical points, possible access points, vulnerabilities (through reasoned and comparative examination of the technical reports issued by the ReeVo cybersecurity team).

  • Drafting and filing a complaint alleging unauthorised access to computer systems and any other information systems.

  • Coordination with the competent Postal Police for investigation activities.

  • Data breach impact assessment

  • Preliminary notification to the Privacy Authority to be made within 72 hours of learning of the personal data compromise as a result of the attack
  • Supplementary/conclusive notification to the Privacy Authority to be made within 14 days of learning of the personal data compromise as a result of the attack

  • Analysis and possible communication to interested parties (employees, customers/suppliers, third parties)

  • Gap analysis of documentation (processing registers, data controllers, data breach, appointees, system administrators, privacy operations manual, IT manual, etc.).

  • Possible reorganisation/update of privacy documentation (enhancement following point 1)

  • Legal coordination of forensic investigation and acquisition activities

  • Management and coordination of external institutional relations / CNAIPIC / Government Agencies / Research Centres / Prefecture / Postal Police / Trade Unions / Trade Associations

  • Press management and coordination

  • Defining strategy and critical issues in relations with Customers, Suppliers, Employees and third parties

  • Assistance in preparing CDA minutes


Cyber incidents are becoming increasingly frequent and happen to companies of all sizes or sectors.

Don't get caught unprepared!