Incident Response

Last Updated: Tuesday, 01 January 2017 02:43AM v091bh12

REOL Services Incident scale consist of several states:

• Normal
  • Internal logging and ticket assignment, no Client participation required
• Escalation
  • Abnormal or significant application performance level drop
  • KPI or metric anomaly or total KPI absence
  • Application error threshold breach
• Emergency
  • Significant system breach
  • Significant and critical system resource loss (AWS cascading outage)
• Containment
• Recovery
• Prevention and Reporting

In case of emergency state:

• REOL Services will immediately inform the Client if there is an ongoing or attempted security breach into Client application infrastructure.
• REOL Services will proceed with the application state change (live > standby) if we determine that Client space has been compromised.
• REOL Services will immediately revoke all access credentials (IAM, 2FA, API auth tokens, KMS keys and SSH central authority) from both internal development teams and the Client.
• We aim to provide initial event analysis to the Client as soon as the threat has been mitigated and application state restored.

Example Cases

• Wide-band (MIRAI/IOT) DDOS attack >10Gbps, without active AWS Shield Advanced subscription
• Application Level Penetration (not using AWS-WAF)
• Third-party dependency vulnerability (blackbox)
• Multi-level access-key leak, (missing passphrase on root PEM certificate)

Learn More:

• AWS Shield Tiers
• AWS Penetration Simulation Service