Incident Response Proposal

Shavit Group
A Strategic Partner of the Israel National Cyber Directorate

Comprehensive Cyber Incident Response Services

When a ransomware or cyber incident strikes, time, accuracy, and experience are critical.
This proposal outlines a focused and proven incident response approach designed to stop the attack, restore operations, investigate root causes, and prevent recurrence.

Our methodology operates across three parallel tracks:

Operational continuity and rapid containment
In-depth forensic investigation
Defensive hardening and long-term resilience

Our team brings extensive hands-on experience responding to high-impact cyber incidents across complex infrastructures .

Strategic National Cyber Partnership

Recognized Partner of the Israel National Cyber Directorate

We operate as a strategic partner of the Israel National Cyber Directorate, a collaboration that reinforces our credibility, intelligence access, and operational capabilities.

This partnership provides our clients with:

Access to national-level threat intelligence
Alignment with national cybersecurity standards
Faster intelligence sharing during active incidents
Enhanced coordination during critical response scenarios

Executive Overview

The Immediate Risk

Your organization has experienced a cyber incident that may include:

Compromised servers and endpoints
Potential attacker persistence or backdoors
Risk of lateral movement and data exfiltration
Ongoing business disruption

Every hour of delay increases operational and financial impact.

Our Response Philosophy

We do not only remove malware.
We eliminate the attack path, identify how the breach occurred, and ensure it cannot be repeated.

Our response combines speed with forensic precision to protect both systems and business operations.

Phase 1: Immediate Containment and Mitigation

Objectives

Stop attacker activity
Isolate compromised systems
Preserve forensic evidence

Key Actions

Network and endpoint isolation
Blocking attacker command-and-control channels
Snapshot creation and forensic imaging
Emergency access control enforcement

A dedicated incident war room is established with 24/7 coordination throughout this phase.

Phase 2: Forensic Investigation and Root Cause Analysis

What We Investigate

Initial entry point identification (patient zero)
Attack chain reconstruction
Privilege escalation and lateral movement
Data exfiltration assessment
Persistence mechanisms and backdoors

Methodology

Our investigation follows industry standards such as NIST and SANS frameworks, using advanced forensic tooling to build a complete and defensible incident timeline.

Phase 3: Eradication, Recovery, and Hardening

Secure Recovery

Verified clean backup validation
Controlled system restoration
Removal of all attacker artifacts

Security Hardening

Full credential reset and privileged access cleanup
Active Directory and network hardening
Emergency patching of exploited vulnerabilities
Deployment of EDR or MDR capabilities

Our goal is a sterile, resilient environment that supports business continuity without reinfection risk.

Engagement Deliverables

What You Receive

Executive Summary Report
Clear, non-technical overview for management and stakeholders
Technical Incident Report
Full forensic findings, evidence, and attack analysis
Remediation and Hardening Roadmap
Prioritized security improvements with measurable outcomes
Indicators of Compromise (IOC) Package
IPs, domains, file hashes, behavioral indicators, and detection rules