​Incident Response Services

​RSA Incident Response Practice

When you discover a data breach or other pressing cyber incident, you want a partner with: Proven experience investigating and responding to the most sophisticated cyber attacks, close ties to law enforcement and government and battle-tested processes and tools to minimize impact and speed recovery.


Incident Response Services & Your Security Strategy

Listen in as Josh Zelonis, senior analyst with Forrester Research, and RSA discuss real-world IR experiences and how IR fits into your overall security strategy.

View Webinar


IR Retainer Infographic

Not sure if you need an incident response retainer? Check out this infographic to see the difference one can make in response time and the other benefits a retainer can provide.

View Infographic


Malware Analysis

Malware Analysis

We conduct basic and advanced static and dynamic analysis to develop techniques for blocking malware, which improves organizations’ resilience against further intrusions.

Network Analysis

Network Analysis

Packet and log data collected by RSA NetWitness® Logs & Packets helps us identify suspicious communications that traditional, signature-based cybersecurity systems miss.

Host Forensics

Host Forensics

Our incident response team uses executables, files and libraries to identify unauthorized services and processes running on endpoints.

Cyber Threat Intelligence

Cyber Threat Intelligence

Our IR team conducts extensive research into cybercriminals’ attack infrastructure, tools and techniques, and monitors cyber threat intelligence feeds from a range of sources including the government and industry ISACs (Information Sharing and Analysis Centers).

Comprehensive Cyber Forensic Analysis Framework

Comprehensive Cyber Forensic Analysis Framework

This framework guides our forensic analysis and ensures the incident response process includes data from multiple sources, including in-house systems, open source research and various threat intelligence feeds.


​Leverage our proven processes and specialized technologies to accelerate incident response, forensic investigation and remediation.

​Access our extensive network of cyber threat intelligence for insights on current and planned attacks, and attacker tools, tactics and techniques.

Tap our experience working across industry verticals and our knowledge of various industry and regulatory compliance requirements.

​Limit the scope of a cyber attack and prevent attackers from achieving their objectives with prompt, decisive IR services.

​Preserve forensic evidence for investigations, law enforcement and prosecution.

Government accredited services: National Security Cyber Assistance Program (NSCAP) Cyber Incident Response Assistance (CIRA).

Get rapid access to incident response experts when you suspect a data breach or cyber attack. We quickly investigate and assess the scope and nature of the incident, and deploy our IR team on containment and remediation activities.

Work with a trusted incident response team that’s repeatedly demonstrated its capabilities in the most demanding business environments. We’ve helped hundreds of organizations across the public and private sectors respond to and recover quickly from data breaches and other cyber attacks.

RSA Advanced Cyber Defense & IR Services

Effective defense is not purely about buying the latest security technologies; it’s about establishing an effective security program that brings together security expertise, processes and technology to improve the organization’s ability to prevent, detect, and respond to attacks. Find out how RSA can help.

Learn More

Proactive Cyber Threat Detection

It’s become increasingly difficult for many companies to identify cyber threats lurking on their networks because these threats are often designed to elude traditional security systems. But with the right technologies and skill sets, organizations can turn the tables on cyber adversaries and detect threats before damage is done.

Learn More

Acute Cyber Incident Response

When you discover a security breach, you need to determine—in short order—exactly what happened, how it happened, the scope and impact of the compromise, and the steps you need to take to contain and remediate it. RSA’s incident response team can help you quickly get your arms around a breach.

Learn More

Did You Know?

RSA NetWitness Platform enables cybersecurity teams to gain instantaneous access to and visibility of overall network activity. This then allows them to detect and respond to compromises within hours instead of months.
Incident Responder