Incident Response Retainer

When an organization experiences a security incident, minutes wasted can mean millions of dollars lost. To lower the cost of recovery and business downtime, Entara’s Incident Response Retainer can be used to guarantee instantaneous access to a best-in-class cybersecurity incident recovery team. In the event of an incident, our team of experts is at the ready to respond within 15-minutes and immediately begin containment of the breach. Entara has tens of thousands of hours of hands-on incident response work and, through this experience and partnerships with top firms in the IR space, offers a wholistic and flexible retainer service. Entara’s Incident Response Retainer is built to serve organizations of all sizes and industries, regardless of cyber insurance status.

The Entara Incident Response Retainer includes three tiers of service: StandardAdvanced, and Premium. Each tier includes a 15-minute service agreement, quarterly check-ins, a basic infrastructure audit, discounted recovery rates, IR plan documentation, and full onboarding. The Advanced and Premium tiers also include a further discounted recovery rate and services such as the option to use the retainer for proactive cybersecurity services as well as increased documentation and monthly backup and snapshot checks. 

Entara’s 15-minute service agreement includes: 

  • Incident Response and Management 
  • Infrastructure Recovery 
  • Digital Forensics  
  • Threat Actor Negotiation 
  • Breach Notification 
  • Security Assessments 
  • Tabletop Exercises 
  • Disaster Recovery and Business Continuity planning 
  • Incident Response planning  
  • Infrastructure Hardening and IR Readiness Assessment 

Onboarding includes:

  • A standardized IR plan with a decision/call tree
  • Deployment of all basic systems, including an ITSM, PAM, documentation, and communication tools
  • Review and documentation of insurance policy and document claims
  • Documentation of core infrastructure, including backups, storage, active directory, hypervisor, and cloud
  • Review and documentation of disaster recovery and business continuity plan
  • Deployment of a hardened Jump Box, which remains disabled until remote access and privileged accounts are needed to respond to a breach
Scroll to Top