SERVICE 01 · INCIDENT RESPONSE
Strace responds to active threats, contains the damage, and recovers your environment. Whether you've been hit today or you want a team on retainer for when it happens, we're built for the call.
THE PROBLEM
Most breaches do not succeed because the attacker was unusually sophisticated. They succeed because early signals were missed, response was delayed, and the team handling the incident was learning on the environment. Strace is built to reduce that friction — clear intake, pre-negotiated terms, standardized methodology, and practitioner-led execution from first call to final report.
WHAT WE OFFER
IR-A
A standing relationship with defined response SLAs, a designated practitioner who knows your environment, and pre-negotiated terms so when the call comes, work starts in hours — not days of legal back-and-forth. Tiered by hours, response time, and on-site availability.
IR-B
Active engagement when an incident is already underway. We deploy on confirmed compromise — ransomware, business email compromise, insider activity, data exfiltration, prolonged unauthorized access — and lead containment, eradication, recovery, and post-incident reporting through to closure.
IR-C
Forensic imaging, timeline reconstruction, artifact analysis, and litigation-support documentation for breach investigations, internal misconduct, IP theft, and regulatory disclosure. Defensible methodology and full chain-of-custody documentation.
IR-D
Facilitated tabletop scenarios for executive and technical teams. We simulate ransomware, business email compromise, insider threat, and supply-chain compromise scenarios specific to your industry, and produce a written gap report with prioritized remediation.
IR-E
A written incident response plan tailored to your business: escalation matrix, communication protocols, evidence handling workflow, executive decision tree, vendor contact roster, and regulatory disclosure guidance. Delivered as a document plus a 90-minute walkthrough with leadership.
IR-F
A proactive search for adversary presence across endpoints, logs, identity, mailbox, and cloud — typically a two-to-four-week engagement. We hunt for the specific TTPs adversaries are using in your industry, surface IOCs that detection tooling missed, and produce a written compromise assessment report leadership can act on. Sells alongside or as a precursor to the IR retainer.
WHO THIS IS FOR
Mid-market companies without an in-house IR function · Managed service providers needing surge IR capacity · Defense contractors and regulated firms with disclosure obligations · Cyber insurance brokers placing IR vendor coverage · Legal counsel managing breach response · Companies quoted by a Tier-1 IR firm and needing a senior alternative
HOW WE WORK
01 · DETECT
We confirm the incident, scope its extent, and brief leadership within the first response window.
02 · CONTAIN
We isolate affected systems, cut attacker access, and stop active damage before recovery begins.
03 · ERADICATE
We follow the attacker path, remove persistence mechanisms, and close the gaps that allowed entry.
04 · RECOVER
We restore your environment, validate clean operations, and produce the executive and technical reports leadership and counsel need.
WHAT'S INCLUDED — IR RETAINER
ENGAGEMENT STRUCTURE
Strace IR engagements are scoped around clear deliverables, timelines, and business risk. We do not start work on open-ended hourly terms unless the situation requires it. For retainers, tabletops, and IR plan development, clients receive a fixed-scope proposal before engagement begins. Reactive engagements are scoped at incident confirmation, with a clear scope-and-rate structure agreed before any forensic work commences.
Pricing is scoped after a short consultation so we can define the environment, urgency, deliverables, and timeline before quoting.
MSP PARTNERSHIPS
Strace partners with managed service providers that need senior security depth without building an internal incident response practice. White-label and co-engagement structures are available. If you operate an MSP serving SMB or mid-market clients and need a backstop for IR work, reach out.
FAQ
READY WHEN YOU ARE
For a retainer brief, IR plan, or a tabletop scoped, schedule a 30-minute consultation with a senior practitioner.