COALITION INCIDENT RESPONSE
Get back to business with trusted forensics expertise — fast
Coalition Incident Response (CIR)* gives you the digital forensics and incident response (DFIR) team you need to take back control of your business.
THE CIR ADVANTAGE
Respond to incidents confidently
See how our affiliate — Coalition Incident Response —delivers expert investigation and support
during the uncertainty of a cyber incident.
DFIR experts with insurance experience
When engaged, the CIR team collaborates with an organization's legal and other incident response vendors to help speed investigation and mitigate loss.
Advanced technology and threat intelligence
Once engaged, CIR deploys advanced endpoint protection, detection, and response technology to best assist customers. CIR also combines threat intelligence insights with proven forensics and analysis.
Reduce incident cost
CIR negotiates with threat actors, deploys the latest DFIR tools, and partners with leading cybersecurity providers to help minimize costs and mitigate financial and data losses.
Enhanced cybersecurity services
CIR offers post-incident monitoring to improve a business’s security posture after an attack. CIR also offers add-on service options, including Managed Detection & Response (MDR), IR Tabletop Exercises, Customized Security Assessments and more.**
Experience that minimizes cost and maximizes security
1000s
of incidents handled by CIR’s pressure tested and experienced experts
47%
of reported events handled with no cost to the policyholder1
44%
of ransom demands that resulted in payment were negotiated down by CIR1
+30 days
with CIR, policyholders can stay secure with at least 30 days of post-incident monitoring1
Trusted by businesses and brokers
Businesses can feel confident knowing they have expert support to investigate, mitigate losses, and help them recover from cyber attacks.
RESOURCES
CIR helps businesses prepare, respond, and recover from attacks
Prepare
Explore this primer on cyber incident response planning and guidance. See how the best way to prevent a cyber attack is to prepare for one.
Respond
Coalition’s claims team works closely with panel vendors, including CIR, to help policyholders recover.
Secure
Effective incident response doesn't stop with the investigation, see what services CIR can help a business after a cyber attack.
FAQ
What type of cyber incidents does CIR handle?
CIR is one of several vendors that policyholders can engage in the event of a cyberattack, including ransomware, business email compromise, funds transfer fraud, network intrusion, web application compromise, and more. Policyholders also have access to pre–breach support with incident response planning and tabletop exercises.
What is “digital forensics and incident response”?
Think of digital forensics and incident response (DFIR) professionals as the first responders for cyber attacks. DFIR is a cybersecurity profession that focuses specifically on identifying how incidents occurred, investigating them as well as mitigating damage through expert remediation advice and services.
Can I use CIR if my business does not have a policy provided by Coalition?
Yes, CIR is an affiliate of Coalition, Inc. that offers a myriad of cybersecurity services which are available to businesses even if they don’t have cyber insurance through Coalition Insurance Solutions. Contact us today.
I have an internal IT team and a managed service provider, do I still need DFIR in the event of a cyber incident?
Even the largest companies with well-funded security operations will often need assistance from DFIR partners in the event of a cyber incident. That’s because most internal teams and Managed Service Providers (MSPs) have less day-to-day experience handling live incidents. For good reason, most MSPs primary responsibility is to make sure their client’s IT environment is operational and the defensive technology is configured correctly, maintained and monitored. Digital Forensics and Incident Response on the other hand is a specialization within the cybersecurity field that focuses primarily on investigating, containing and remediating cyber incidents. Because of this, when organizations need help handling cyber incidents, bringing in DFIR specialists is recommended.
Additionally, in the event of a cyber attack there may be legal considerations that your business needs to consider. If a business handles its own investigation could lead to improper handling or loss of evidence that is needed to fully conduct an investigation. Businesses that experience a cyber attack often hire an attorney to lead the investigation and direct the DFIR services vendor. This can help protect the business’ investigative findings in the event of litigation.
What are some things I can do right now to prepare my business for a cyber incident?
There are a lot of things businesses can and should do right now to be better prepared to respond quickly when a cyber incident is developing or when one strikes.
One of the most effective preparation measures for organizations of any size is a cyber incident response plan. There is tremendous value for an organization in planning for a cyber incident to ensure internal stakeholders and decision makers have a trusted roadmap to guide them through the incident response process. The plan doesn’t need to be long or complex but it should be tested to make sure everyone involved knows their role and how they support the process.
We also recommend reviewing the Cybersecurity & Infrastructure Security Agency (CISA) guidance here. It’s organized by role, and provides clear and actionable recommendations for risk reduction. While it’s designed for small businesses, it’s applicable to organizations of any sizes and type.
For more complex organizations, we recommend using a more comprehensive framework such as the Center for Internet Security’s Controls, which can be customized to match your organization’s risk profile. Many of these frameworks are free of charge and help internal teams handle the complexity of modern information security challenges. Learn more.
What is one recommendation to minimize the impact of ransomware on my business?
Maintain well-tested, routine, offline backups of critical business data. Businesses can avoid paying a ransom demand or losing data by implementing and testing offline backups so that in the event of a ransomware incident, restoration of such data is possible without the need to pay the cyber criminal’s demand.