Listing Thumbnail

    Group-IB Cybersecurity Services Retainer - Incident Response

     Info
    Sold by: Group-IB 
    SLA-backed 24/7 incident response and 30+ cybersecurity services under one prepaid retainer for organizations running on-premises, hybrid, and AWS cloud environments.

    Overview

    Cyber resilience requires continuous effort. As threats evolve - now faster than ever due to AI - and attack surfaces expand across cloud and hybrid environments, organizations need immediate response capability combined with structured long-term improvement.

    The Group-IB Services Retainer gives your organization instant access to the full range of Group-IB cybersecurity services within one flexible agreement. It preserves SLA-backed Incident Response while expanding the scope to include proactive assessments, investigations, consulting, and training. Backed by more than 77,000 hours of incident response delivered across 60+ countries, Group-IB brings over 20 years of experience fighting cybercrime to every engagement.

    Trusted Across Regulated Industries

    Organizations in financial services, government, IT services, and other highly targeted sectors rely on the Group-IB Services Retainer. Group-IB maintains ISO 27001:2022 certification (audited by TUV Austria), ISO 9001:2015 quality management certification, and a Managed SOC Monitoring Service Licence. Group-IB experts hold CISSP, GCFA, GIAC CTI, OSCP, CHFI, and dozens of other professional certifications, ensuring every engagement is led by credentialed specialists.

    Scenario: Cloud-Native Incident Response on AWS

    A financial services organization running critical workloads on AWS detects unauthorized API calls through CloudTrail. The retainer's SLA-backed IR process activates immediately: Group-IB analysts reconstruct the attack timeline using CloudTrail logs, contain compromised IAM roles, capture forensic images of affected EC2 instances, and eradicate the attacker's persistence mechanisms - all while preserving chain of custody for regulatory reporting. Post-incident, the team delivers a root-cause analysis and updates the organization's IR playbooks to prevent recurrence.

    Incident Response Methodology

    Our IR service follows a structured lifecycle:

    • Preparation: The IR team establishes operational foundations, bespoke playbooks, and forensic readiness before any breach occurs.
    • Detection and Analysis: Complex telemetry and log data are analyzed to verify alerts, eliminate false positives, and reconstruct the attack vector.
    • Containment and Forensics: The team halts threat proliferation without destroying volatile evidence - executing network isolation, endpoint quarantine, and IAM restrictions such as revoking compromised cloud credentials. Strict chain of custody is maintained through memory dumps and forensic images captured prior to remediation.
    • Eradication: Reverse engineering of malware and root-cause analysis locate the initial point of ingress, ensuring complete removal of the attacker's presence.
    • Recovery: Backup integrity is validated to confirm absence of sleeper malware before staged restoration. Heightened monitoring detects potential reinfections during re-entry.
    • Post-Incident Activity: Post-mortem reviews feed empirical data back into preparation, refining playbooks and updating security controls. Tabletop exercises validate readiness during peacetime.

    AWS Integration

    The retainer integrates with AWS for organizations running cloud workloads. Group-IB leverages AWS CloudTrail for forensic analysis of API activity, Amazon GuardDuty findings for detection context, and VPC Flow Logs for network-level reconstruction. Prerequisites: clients should have CloudTrail enabled across all regions and retain logs for a minimum of 90 days to support effective forensic analysis.

    Highlights

    • SLA-backed 24/7 incident response with over 77,000 hours delivered across 60+ countries. Group-IB holds ISO 27001:2022 and ISO 9001:2015 certifications and a Managed SOC Monitoring Service Licence. Senior credentialed specialists (CISSP, GCFA, OSCP, GIAC CTI) respond from 11 global Digital Crime Resistance Centers to contain threats and restore operations.
    • Flexible allocation of prepaid hours across 30+ cybersecurity services - from emergency incident response to red teaming, SOC development, and training. Reallocate hours between urgent response and strategic initiatives as priorities change throughout the year, without waiting for new contracts or purchase orders.
    • Custom cybersecurity roadmap aligned with your industry, threat profile, and regulatory requirements. Every engagement is powered by Group-IB Threat Intelligence, Managed XDR, and Business Email Protection. Trusted by organizations in financial services, government, and IT services sectors seeking continuous improvement from routine response through visionary security strategy.

    Details

    Sold by

    Delivery method

    Deployed on AWS
    New

    Introducing multi-product solutions

    You can now purchase comprehensive solutions tailored to use cases and industries.

    Multi-product solutions

    Pricing

    Custom pricing options

    Pricing is based on your specific requirements and eligibility. To get a custom quote for your needs, request a private offer.

    How can we make this page better?

    Tell us how we can improve this page, or report an issue with this product.
    Tell us how we can improve this page, or report an issue with this product.

    Legal

    Content disclaimer

    Vendors are responsible for their product descriptions and other product content. AWS does not warrant that vendors' product descriptions or other product content are accurate, complete, reliable, current, or error-free.

    Support

    Vendor support

    Group-IB provides 24/7 global incident response support backed by SLA commitments, delivered from 11 Digital Crime Resistance Centers worldwide.

    Engagement Lifecycle

    1. Scoping consultation: Define goals, environment scope, and security priorities with Group-IB experts
    2. Hour allocation: Determine prepaid hours based on your organization's size and risk profile
    3. Onboarding (12-month term): Activate agreement, lock in fixed rate, and complete technical onboarding
    4. SLA coverage activates: 24/7 incident response with predefined initial contact, remote response, and on-site response SLAs
    5. Ongoing usage: Request any service, track hours in real time, reallocate as priorities change

    Buyer Responsibilities

    • Designate one technical point of contact and one executive sponsor
    • Provide asset inventory, network topology, and environment access credentials during onboarding
    • Ensure AWS CloudTrail is enabled across all regions with minimum 90-day log retention (for AWS environments)
    • Grant access to relevant security tooling and endpoint agents as needed for specific engagements

    Support Contacts (24/7)

    • APAC: +65 3159 4398
    • EU and NA: +31 20 890 55 59
    • MEA: +971 4 540 6400
    • LATAM: +56 2 275 473 79
    • Email: response@cert-gib.com 

    Support Includes

    Retainer customers receive priority queuing, a dedicated account team, and access to Group-IB SOC teams across all regions. Initial contact SLA, remote response SLA, and on-site response are included. Additional hours beyond the prepaid package are available at preferential rates.

    Refunds and Disputes

    For billing inquiries, refund requests, or contract disputes, contact your dedicated account team or reach out via the support channels listed above.