Incident Handling & Response
CUTTING-EDGE technologies and top cyber experts to effectively manage security incidents
Incident Handling & Response Solutions
Leonardo offers solutions for the monitoring, analysis and containment of security incidents, through decision support systems based on Artificial Intelligence and the skills of highly qualified experts in the analysis and management of cyber attacks, operating in our Computer Security Incident Response Team (CSIRT).
AI to support strategic decisions
AI Decision Support System
operates in the decision-making and remediation process related to a cyber threat that could potentially damage a critical infrastructure at technological and organisational level.
- Prioritization & escalation
Security Operators monitor the infrastructure to be protected, focusing on high risk threats. At the same time, potentially damaging cyber security events are evaluated by threat intelligence analysts and the company management.
- Action & resolution
Through the use of operational suggestions provided by the system, intervention decisions are turned into detailed business and technological remediation actions, and implemented to ensure operational continuity of the organisation under attack.
Leonardo AI Decision Support System is based on state-of-the-art technologies exploiting correlation of data and information sources, traditionally processed separately, to dynamically measure the impact of cyber threats and to provide decision support.
- Dynamic risk calculation
The system automatically and dynamically quantifies threat effect on the organisation assigning a “scorecard” to each configured entity. This is done according to the specific characteristics of the infrastructure to be protected, using machine learning and clustering algorithms.
- AI Operational Suggestions
For each scorecard, the system automatically generates operational suggestions containing a proposal for intervention actions, relying on artificial intelligence technologies to learn from past experiences and propose solutions appropriate for the current situation.
Top Experts’ Continuos Support
Our Incident Handling & Response solutions are based on highly specialized skills and investigation experiences developed in specific cyber defence domains.
- Intelligence operation Center
Leonardo's IoC analysts intervene to deepen the anomalies reported by the decision support system, corresponding to high risk levels, evaluating the potential dangerous cybernetic event in relation to the open sources information.
- Computer Security Incident Response Team
Once the incident has occurred, our CSIRT supports security operators, monitoring the infrastructure under attack, through malware analysis, software remediation and support for ex-post investigation activities.