Overview
Cyber resilience requires continuous effort. As threats evolve - now faster than ever due to AI - and attack surfaces expand across cloud and hybrid environments, organizations need immediate response capability combined with structured long-term improvement.
The Group-IB Services Retainer gives your organization instant access to the full range of Group-IB cybersecurity services within one flexible agreement. It preserves SLA-backed Incident Response while expanding the scope to include proactive assessments, investigations, consulting, and training. Backed by more than 77,000 hours of incident response delivered across 60+ countries, Group-IB brings over 20 years of experience fighting cybercrime to every engagement.
Trusted Across Regulated Industries
Organizations in financial services, government, IT services, and other highly targeted sectors rely on the Group-IB Services Retainer. Group-IB maintains ISO 27001:2022 certification (audited by TUV Austria), ISO 9001:2015 quality management certification, and a Managed SOC Monitoring Service Licence. Group-IB experts hold CISSP, GCFA, GIAC CTI, OSCP, CHFI, and dozens of other professional certifications, ensuring every engagement is led by credentialed specialists.
Scenario: Cloud-Native Incident Response on AWS
A financial services organization running critical workloads on AWS detects unauthorized API calls through CloudTrail. The retainer's SLA-backed IR process activates immediately: Group-IB analysts reconstruct the attack timeline using CloudTrail logs, contain compromised IAM roles, capture forensic images of affected EC2 instances, and eradicate the attacker's persistence mechanisms - all while preserving chain of custody for regulatory reporting. Post-incident, the team delivers a root-cause analysis and updates the organization's IR playbooks to prevent recurrence.
Incident Response Methodology
Our IR service follows a structured lifecycle:
- Preparation: The IR team establishes operational foundations, bespoke playbooks, and forensic readiness before any breach occurs.
- Detection and Analysis: Complex telemetry and log data are analyzed to verify alerts, eliminate false positives, and reconstruct the attack vector.
- Containment and Forensics: The team halts threat proliferation without destroying volatile evidence - executing network isolation, endpoint quarantine, and IAM restrictions such as revoking compromised cloud credentials. Strict chain of custody is maintained through memory dumps and forensic images captured prior to remediation.
- Eradication: Reverse engineering of malware and root-cause analysis locate the initial point of ingress, ensuring complete removal of the attacker's presence.
- Recovery: Backup integrity is validated to confirm absence of sleeper malware before staged restoration. Heightened monitoring detects potential reinfections during re-entry.
- Post-Incident Activity: Post-mortem reviews feed empirical data back into preparation, refining playbooks and updating security controls. Tabletop exercises validate readiness during peacetime.
AWS Integration
The retainer integrates with AWS for organizations running cloud workloads. Group-IB leverages AWS CloudTrail for forensic analysis of API activity, Amazon GuardDuty findings for detection context, and VPC Flow Logs for network-level reconstruction. Prerequisites: clients should have CloudTrail enabled across all regions and retain logs for a minimum of 90 days to support effective forensic analysis.
Highlights
- SLA-backed 24/7 incident response with over 77,000 hours delivered across 60+ countries. Group-IB holds ISO 27001:2022 and ISO 9001:2015 certifications and a Managed SOC Monitoring Service Licence. Senior credentialed specialists (CISSP, GCFA, OSCP, GIAC CTI) respond from 11 global Digital Crime Resistance Centers to contain threats and restore operations.
- Flexible allocation of prepaid hours across 30+ cybersecurity services - from emergency incident response to red teaming, SOC development, and training. Reallocate hours between urgent response and strategic initiatives as priorities change throughout the year, without waiting for new contracts or purchase orders.
- Custom cybersecurity roadmap aligned with your industry, threat profile, and regulatory requirements. Every engagement is powered by Group-IB Threat Intelligence, Managed XDR, and Business Email Protection. Trusted by organizations in financial services, government, and IT services sectors seeking continuous improvement from routine response through visionary security strategy.
Details
Introducing multi-product solutions
You can now purchase comprehensive solutions tailored to use cases and industries.
Pricing
Custom pricing options
How can we make this page better?
Legal
Content disclaimer
Support
Vendor support
Group-IB provides 24/7 global incident response support backed by SLA commitments, delivered from 11 Digital Crime Resistance Centers worldwide.
Engagement Lifecycle
- Scoping consultation: Define goals, environment scope, and security priorities with Group-IB experts
- Hour allocation: Determine prepaid hours based on your organization's size and risk profile
- Onboarding (12-month term): Activate agreement, lock in fixed rate, and complete technical onboarding
- SLA coverage activates: 24/7 incident response with predefined initial contact, remote response, and on-site response SLAs
- Ongoing usage: Request any service, track hours in real time, reallocate as priorities change
Buyer Responsibilities
- Designate one technical point of contact and one executive sponsor
- Provide asset inventory, network topology, and environment access credentials during onboarding
- Ensure AWS CloudTrail is enabled across all regions with minimum 90-day log retention (for AWS environments)
- Grant access to relevant security tooling and endpoint agents as needed for specific engagements
Support Contacts (24/7)
- APAC: +65 3159 4398
- EU and NA: +31 20 890 55 59
- MEA: +971 4 540 6400
- LATAM: +56 2 275 473 79
- Email: response@cert-gib.com
Support Includes
Retainer customers receive priority queuing, a dedicated account team, and access to Group-IB SOC teams across all regions. Initial contact SLA, remote response SLA, and on-site response are included. Additional hours beyond the prepaid package are available at preferential rates.
Refunds and Disputes
For billing inquiries, refund requests, or contract disputes, contact your dedicated account team or reach out via the support channels listed above.