Optimize Incident Response

Swimage Monthly Newsletter

Incident Response

In today’s world, it’s not a matter of if your company is going to be attacked, but when.

Dealing with a sophisticated cybersecurity attack is a daunting task, even for large organizations with a high level of maturity. A strong incident response capability significantly reduces the damage caused to an organization when catastrophe strikes. Swimage performs various activities in the four stages of incident response.


  • Instrumenting the environment with tools to listen for triggers of suspicious and malicious activity
  • Establishing baseline systems; understanding “normal” activity so defenders can identify deviations
  • Developing and testing courses of action (COAs) for containment and eradication
  • Establishing means for collecting digital forensics and other data or evidence

Detection & Analysis

  • Safeguarding agents on endpoints; automatically healing any compromised agent
  • Monitoring, detecting, and alerting on anomalous and suspicious activity on known-good data sources
  • Collecting and preserving data from affected endpoints for incident verification, categorization, prioritization, mitigation, reporting, and attribution
  • Capturing a memory and disk image for evidence preservation

Containment, Eradication, & Recovery

  • Isolating impacted systems from each other and/or from non-impacted systems and networks
  • Updating firewall filtering; blocking of unauthorized accesses; blocking malware sources
  • Closing specific ports and mail servers or other relevant servers and services
  • Changing system admin passwords, rotating private keys
  • Rebuilding affected systems from ‘known-good’ sources; eliminating rootkits; installingpatches
  • Reconnecting rebuilt/new systems to networks, tightening perimeter security (e.g., firewallrulesets)
  • Restoring systems to normal operations (e.g., put applications and data back in place)

Post-Incident Activity

  • Creating rule sets based on lessons learned from the previous incident
  • Enforcing appropriate triggers and actions based on lessons learned from the previous incident
  • Creating collections based on most vulnerable groups
  • Applying enforcement of the rule sets to the collections

Swimage optimizes your incident response capabilities by providing many functionalities, some of which are not available from any other solution. In the unfortunate event of a cybersecurity attack, Swimage automatically and simultaneously rebuilds systems so your organization can recover quickly.

To learn more, visit www.Swimage.com/use-cases/incident-response/ or email Info@Swimage.com.

Swimage Is Traveling to Japan!

Swimage is pleased to announce its participation in the Illinois Trade Mission to Japan at the beginning of December. We are looking forward to meeting in person with our existing contacts in Tokyo, as well as potential new partners and customers.

Kyle Haroldsen, CEO of Swimage, said, “We are very excited and honored to participate in the Illinois Trade Mission to Japan. This opportunity will assist Swimage in expanding into Japan, the third largest economy in the world. Japanese businesses can significantly benefit from our PC automation and recovery software. Much thanks to the State of Illinois for inviting us to be part of the trade mission delegation.”

We’ll share photos and narratives from our visit in the December newsletter.