It’s been a fun and exciting four years at Cisco building out our market-leading Incident Response service, and the one thing I continually focus on is not resting on our laurels. That’s why I’m really excited to announce that moving forward, we are  enhancing our Incident Response Retainer offering.

For those unfamiliar with our existing IR retainer, at its fundamental core, it’s a very effective way to ensure access to a team of incident response and intelligence rock stars when you need them most in a time of crisis. However, we’ve taken it further by packaging proactive services to help make organizations more resilient ahead of that rainy day. Staples such as helping design IR plans and playbooks, performing compromise assessments and threat hunting activities, and perhaps our top request:  table top exercises (of which we provide numerous flavors for numerous levels of the organization).

Moving forward, we’ll be bundling in Cisco Cyber Range training into our standard IR retainer. Our cyber range offering is a stellar 3-day training option that puts attendees into the weeds when it comes to hunting and responding to threats. Built by responders, for responders, it couples a solid baseline of teaching material alongside numerous attack scenarios replicated in a simulated environment. While some of the material can be customized for organizations, the hands-on labs portions are rooted in our Cisco enterprise security products like Threat Response, Umbrella, AMP for Endpoints, Next Generation Firewalls, and more.

We are also introducing a new offer, Enhanced IR Retainer, which includes two flavors of purple teaming our customers can leverage: 1) detection assessment and 2) adversary simulation purple team. Backed by our red and blue teams, our detection assessment will examine an organization’s resiliency to attacks while simultaneously assessing the organization’s ability to detect the attacks. In the event there are detection tools missing, we will provide access to enterprise-class tools such as Cisco AMP for Endpoints, Cisco Umbrella, and/or Cisco Stealthwatch. The adversary simulation purple team is a similar assessment but relies on intelligence and previous attacks to hyper-focus the red team activities around specific TTPs of specific actors.

People that actually respond to incidents are best suited to also plan for them.

Lastly, and perhaps most importantly, all of these offerings have been both developed and are delivered by actual incident responders. We don’t leverage non-responders for any of our proactive incident response-related work, as we believe that the people that actually respond to incidents are best suited to also plan for them. Our expert responders bring their broad experience to bear during proactive services and ultimately provide a better outcome for our clients.

If you’re an existing Cisco customer who is looking to further enhance their resiliency, or you are looking for an IR Retainer provider with immense value, we’d love to hear from you. To learn more and for our contact information, click here.



Sean Mason

Director, Threat Management & Incident Response

Cisco Security Advisory Services