Incident Response Retainers
Blackpanda Digital Forensics & Incident Responders are available on a retained-hours basis, on call to respond more quickly and with the appropriate pre-breach measures in place to efficiently manage cyber incidents.
$3.86M
average cost of a data breach
US
$2M
average breach savings with an IR team and plan in place
US
Blackpanda offers a range of retained digital forensics and incident response services tailored to a variety of business needs and financial commitments—including zero cost retainers, pre-paid hours, or as the named responders on a cyber insurance policy.
All retainers include no-cost deployment of Pandarecon risk analysis and remote response technology.
Zero-Cost Retainers
With no money down, our zero-cost retainers help save both time and money during a response.
-
No commitment or annual fee
-
Pre-establish response terms and hourly rates prior to activation
-
Services charged on a time and materials basis (only on activation)
-
All retainers include no-cost deployment of Pandarecon
Pre-Paid Hours
Enjoy prioritized response and further cost-savings by purchasing pre-reserved incident response hours.
-
Reduced hourly rates
-
Guaranteed response times
-
Pre-paid hours sold in blocks of 5, 10, 20, and 40 hours (billed annually)
-
Convert 100% of unused hours toward Blackpanda consulting services
-
All retainers include no-cost deployment of Pandarecon
Insured Incident Response
For maximum cost-efficiency in managing the impact of a breach, Blackpanda Incident Response is also available via cyber insurance policies offered by a range of insurance carriers and in conjunction with breach management specialists.
Coverage typically includes:
-
All Blackpanda fees
-
First and third-party losses
-
Business interruption losses
-
And more...
Blackpanda Consulting Services
Retainer clients may convert unused hours toward any of the following Blackpanda digital forensics and incident response consulting services.
.png)
All Blackpanda retainers include no-cost deployment of Pandarecon risk analysis and remote response technology.
Risk Analysis & Vulnerability Management
Pandarecon provides senior leadership with dashboard visibility over security and configuration vulnerabilities across your environment. Take advantage of real-time risk scoring both on individual endpoints and in aggregate, with recommendations for remediation to help you strategically manage and minimize risk.
Remote Response & Forensic Data Collection
Pandarecon also serves as the first responder in the event of a breach. Blackpanda’s proprietary incident response software and endpoint agent gathers key forensic evidence and log data, allowing immediate remote response and increased responder efficiency during an investigation.
Incident Response
Process Overview
The Blackpanda DFIR team is comprised of a skilled set of practitioners who are highly experienced and well-trained in crisis management. The team follows procedures developed by Blackpanda, based on a combination of industry best practices (SANS, NIST, ISO) and the requirements of our specific tools and capabilities.

PREPARE
Upon Suspicion of Incident, Client Shall:
-
Contact Blackpanda 24/7
notification center -
Submit to Blackpanda the incident data-ingestion form
-
Continue to monitor incident for developments
IDENTIFY
Blackpanda Will, Within 4 Hours:
-
Acknowledge notification and respond
Within 4–24 Hours:
-
Determine validity and severity of event
-
Deploy Pandarecon to suspected compromised endpoints
-
Begin data collection
Within 48 Hours:
-
Conduct preliminary analysis
-
Define scope and assign roles
-
Communicate plan of action
-
Begin containment & remediation


CONTAIN, ERADICATE & RECOVER
Beyond 48 Hours:
-
Contain/Quarantine the incident
-
Conduct root cause analysis
-
Confirm/Deny data exfiltration
-
Extended remediation
-
Recover lost data (if possible)
-
Assist in restoring business operations to normal
-
Submit initial assessment report
LESSONS LEARNED
Final Report Covering:
-
Cause of breach
-
Methodology used
-
Remediating actions
-
Recommendations for further improvement of security posture