Incident Response Retainers

Blackpanda Digital Forensics & Incident Responders are available on a retained-hours basis, on call to respond more quickly and with the appropriate pre-breach measures in place to efficiently manage cyber incidents.

White Gradient


average cost of a data breach 



average breach savings with an IR team and plan in place


Blackpanda offers a range of retained digital forensics and incident response services tailored to a variety of business needs and financial commitments—including zero cost retainers, pre-paid hours, or as the named responders on a cyber insurance policy.

All retainers include no-cost deployment of Pandarecon risk analysis and remote response technology. 

Zero-Cost Retainers

With no money down, our zero-cost retainers help save both time and money during a response.


  • No commitment or annual fee

  • Pre-establish response terms and hourly rates prior to activation

  • Services charged on a time and materials basis (only on activation)

  • All retainers include no-cost deployment of Pandarecon

  • Available through 2021

Pre-Paid Hours

Enjoy prioritized response and further cost-savings by purchasing pre-reserved incident response hours. 

  • Reduced hourly rates

  • Guaranteed response times

  • Pre-paid hours sold in blocks of 40 hours (billed annually)

  • Convert 100% of unused hours toward Blackpanda consulting services

  • All retainers include no-cost deployment of Pandarecon

Insured Incident Response

For maximum cost-efficiency in managing the impact of a breach, Blackpanda Incident Response is ​also available via cyber insurance policies offered by a range of insurance carriers and in conjunction with breach management specialists.

Coverage typically includes: 

  • All Blackpanda fees

  • First and third-party losses

  • Business interruption losses

  • And more...

Blackpanda Consulting Services

Retainer clients may convert unused hours toward any of the following Blackpanda digital forensics and incident response consulting services. 


All Blackpanda retainers include no-cost deployment of Pandarecon risk analysis and remote response technology.

Risk Analysis & Vulnerability Management

Pandarecon provides senior leadership with dashboard visibility over security and configuration vulnerabilities across your environment. Take advantage of real-time risk scoring both on individual endpoints and in aggregate, with recommendations for remediation to help you strategically manage and minimize risk.

Remote Response & Forensic Data Collection 

Pandarecon also serves as the first responder in the event of a breach. Blackpanda’s proprietary incident response software and endpoint agent gathers key forensic evidence and log data, allowing immediate remote response and increased responder efficiency during an investigation. 

Incident Response

Process Overview

The Blackpanda DFIR team is comprised of a skilled set of practitioners who are highly experienced and well-trained in crisis management. The team follows procedures developed by Blackpanda, based on a combination of industry best practices (SANS, NIST, ISO) and the requirements of our specific tools and capabilities.



Upon Suspicion of Incident, Client Shall:

  • Contact Blackpanda 24/7
    notification center

  • Submit to Blackpanda the incident data-ingestion form

  • Continue to monitor incident for developments


Blackpanda Will, Within 4 Hours: 

  • Acknowledge notification and respond

Within 4–24 Hours: 

  • Determine validity and severity of event

  • Deploy Pandarecon to suspected compromised endpoints

  • Begin data collection

Within 48 Hours:

  • Conduct preliminary analysis

  • Define scope and assign roles

  • Communicate plan of action

  • Begin containment & remediation

Lessons Learned.png
Contain Eradicate.png


Beyond 48 Hours: 

  • Contain/Quarantine the incident

  • Conduct root cause analysis

  • Confirm/Deny data exfiltration

  • Extended remediation

  • Recover lost data (if possible)

  • Assist in restoring business operations to normal

  • Submit initial assessment report


Final Report Covering:

  • Cause of breach

  • Methodology used

  • Remediating actions

  • Recommendations for further improvement of security posture