Recovery after a security incident
Get back to work quickly with @-yet

Have you already established a disaster recovery system in your company? Then you are prepared for an emergency. Because disaster recovery is the key to getting back up and running quickly. Disaster recovery encompasses all organisational and technical measures that are used to restore IT infrastructure and data after an incident. The aim is to ensure a quick restart, for example after a cyber attack.

An important part of disaster recovery is a carefully prepared emergency plan. This contains all the relevant information required in the event of a crisis. This includes roles and responsibilities, procedures (emergency scenarios) for various incidents and precise action plans. Communication channels and information on required resources and possible suppliers of these resources must also be included in such an emergency plan.

Despite its importance, many companies unfortunately underestimate this document. Many organisations do not have an emergency plan. There is also a prevailing view that inexperienced people can draw up such a document. We strongly advise against this. Ideally, an emergency plan should be developed by people who have practical experience in dealing with emergencies.

@-yet supports you in preparing for emergencies. Our security experts will work with you to develop a customised recovery concept. We support you in creating your emergency manual, which is based on the experience of hundreds of successfully managed emergencies. With @-yet, you can get back to work quickly.

In an emergency, the emergency plan is the ideal basis for a quick and efficient recovery. Without such a document, the recovery process becomes much more difficult and error-prone. However, the experienced security experts at @-yet are there to support you, especially in such a case.

The priority of our teams: Critical systems and data. Your company's core processes must be up and running again as quickly as possible to keep you operational and minimise the damage to your company. To make this possible, the critical systems are recovered at short notice in an emergency operation. This takes into account the fact that the attacker may still be present in the network.

The following requirements must be met before emergency operation can be started:

• The @-yet teams have ensured that the backups are not compromised
• System communication is limited to what is absolutely necessary.
• The systems in emergency mode are monitored for potential attacker activities.
   

The next step is to safely remove the attacker from the company network. To this end, @-yet sets up a new, secure infrastructure in parallel. This new environment is known as a ‘green zone’ and is secured and made cyber-resilient by the @-yet teams using state-of-the-art technology.

During the recovery, our security experts continuously monitor all systems for anomalies and ensure that no hidden threats are reactivated. Once all data and systems have been successfully restored, a comprehensive analysis should be carried out to identify further vulnerabilities and minimise the likelihood of another attack.

Time is money. This is particularly true when it comes to malfunctions or outages of IT systems that critical business processes depend on. Any downtime in this area can have serious consequences for your company. Systems and processes must be up and running again quickly to minimize financial losses as far as possible. With the expertise gained from numerous recovery projects, the @-yet teams quickly restore IT infrastructures and production environments after an incident. 

• Individual concept creation (e.g. network zone concept, logging and monitoring, etc.)
• Hardening of IT components, Active Directory and network participants
• Migration planning for systems in the new secure infrastructure ("green zone")
• Concept for vulnerability detection and elimination (vulnerability management)  

• Detailed individual advice so that you can get back to work safely and quickly
• Long-term concepts and solutions to minimize the risk of follow-up attacks
• Establishment of optimized emergency management and a secure IT infrastructure  
• Optimization of the IT infrastructure based on the latest security standards