GuardSight Partner Q&A | Reimagining Incident Response: Surefire Cyber’s Tech-Enabled Framework

GuardSight partner Surefire Cyber delivers swift, strong response to cyber incidents such as ransomware, email compromise, malware, data theft, and other threats with end-to-end response capabilities. Surefire Cyber provides clients confidence by helping them prepare, respond, and recover from cyber incidents—and to fortify their cyber resilience after an incident.

Billy Gouveia, CEO and Founder of Surefire Cyber, weighs in on company solutions, trends in the education industry, and challenges faced by stakeholders:

How does Surefire Cyber deliver its Pre-Incident, Incident Response, and Post-Incident services, and what sets your company apart from other players in the industry?

Surefire Cyber is redefining the incident response model by delivering a swifter, stronger response to cyber incidents. Our client-centric approach reduces stress and provides clients the confidence they need to help prepare, respond, and recover from cyber incidents – and to fortify their cyber resilience after an event. We are redefining the incident response model in three ways:

  1. First, we built our delivery on a tech-enabled platform to accelerate forensic results, to improve communication, and to reduce business interruption.
  2. Second, we leverage advances in technology to automate our model so that we can provide our clients with a more experienced and empathetic team to communicate with all stakeholders and to guide our clients through difficult situations.
  3. Third, we developed a purpose-built model with full end-to-end incident response, digital forensics, negotiation, and restoration capabilities.

In the ever-evolving landscape of incident response, what current trends or threats do you see as particularly critical, and how is Surefire Cyber addressing them?

As the number of attacks has skyrocketed, it has become apparent that the incident response model is inefficient as the time it takes for an organization to get help is far too long and it is manual, as opposed to tech enabled. It lacks efficiency, predictability, and transparency.

At Surefire Cyber we are defining the incident response process, by tech enabling our model. Repeatable tasks are automated, allowing us to hire a more experienced team of professionals with a “different focus.” Their job is to not only put together the puzzle, but also interpret it by analyzing the data and helping clients make informed decisions. By deploying our team of experts in this way, we can accelerate response times and deliver full forensic results within 2 days, thus reducing business interruption.

Looking towards the future, what emerging cybersecurity trends are you preparing for, and how does Surefire Cyber plan to stay ahead of these challenges?

Ransomware is not going away any time soon and we will continue to see a rise in cyber attacks. That is why I started Surefire Cyber, to help these clients. Through our tech enabled framework, we can scale in order to keep up with the industry demand. Through our technology and forensics investigations, we bring forward the right information to help clients make informed decisions in a structured way and move them through the incident response process more smoothly with the goal of helping them become more cyber resilient.

How does Surefire Cyber’s partnership with GuardSight assist organizations in proactively defending against these threats and mitigating their potential impact?

GuardSight and Surefire Cyber work in tandem to help organizations prepare, respond, and recover from cyber incidents — and to fortify their cyber resilience after an event. GuardSight’s approach is to stay one step ahead of the threat actors and help clients prevent and detect cyber threats via systems implementation, threat detection, and threat hunting. And if and when an incident should occur, Surefire Cyber’s purpose built model includes end-to-end detection response, forensic triage, investigation & analysis, threat actor negotiation, payment facilitation, and restoration & recovery capabilities.

Can you share some examples of real-world cybersecurity challenges that Surefire Cyber has helped clients overcome? What were the key elements of your solutions in those cases?

We frequently see poor implementation of legacy security controls, inconsistent deployment of security software and exceptions made by business leadership (i.e., turning off multi-factor authentication).

In one particular incident, we worked with a client that had just fully patched their live 2013 Exchange server and was getting ready to migrate to Exchange 2019. During this migration they missed a few patches on the new server which ultimately left the server open to a vulnerability often used by ransomware threat actors. In the end, the new Exchange server was ultimately compromised and threat actors leveraged this vulnerability to launch a ransomware attack. We always recommend staying up to date on patches and to always ensure new systems have been thoroughly tested before moving them into the live environment.

Critical Care Clinic Case Study:

In a crowded marketplace, customer trust is crucial. What are some strategies and best practices that Surefire Cyber employs to build and maintain trust with its clients?

We always put ourselves in the shoes of our clients. Our team has deep experience in managing cyber incidents, but understand that this may be the first time the client is experiencing an event. It is also not the client’s primary role and they are managing this incident while doing their every day job.

Our team takes the time to ensure full transparency with the client so that they are always up to date. They also demonstrate empathy and critical thinking to help guide clients through difficult decisions and possess the skills needed to helping them emerge stronger.

As a successful startup in the cybersecurity industry, what advice would you give to aspiring entrepreneurs looking to enter this field? What are the key factors that contributed to your company’s success?

The key thing is to understand the purpose that drives your company and the meaning that drives your work. In our case, we are focused on improving the care provided to organizations affected by cybercrime so that they can manage through these incidents with less impact to the services they provide, less response costs, and less stress as well as more confidence, communication, and coherence. We are honored to help our clients and find that it’s easy to put our hearts into our work, and I think that makes all the difference.

Contact us to learn how we can help your company take a multi-layered approach to cybersecurity and succeed in hybrid or surge-ops mode in the cyber fight against the bad guys!