Frequently asked questions.

We bring together attacker expertise and defensive discipline. Our experience stems from military, intelligence and law-enforcement cyber environments – where threats must be mastered confidentially and under time pressure.

Contact our emergency hotline immediately and do not shut down affected systems in an uncoordinated way. We will guide you through the first steps, preserve evidence and contain the damage.

Our core services are DFIR & Incident Response, Resilience Ops & Hardening, Cyber Threat Intelligence and Post Incident. They are modular and combined according to your situation.

Yes. Confidentiality and discretion are at the core of our work. For particularly sensitive communication we also provide a public PGP key.

Yes. Through our Retainer Service we ensure guaranteed availability and prioritized response when it matters – so no time is lost during an incident.

In an acute case we make contact immediately and initiate first measures. Concrete response times can be guaranteed contractually via a retainer — so no time is lost on contract clarification in an emergency.

Not in an uncoordinated way. Shutting down prematurely can destroy volatile traces. We guide you through the first steps so evidence is preserved and damage is limited.

We work according to recognized forensic standards and document the chain of evidence transparently. On request we provide expert reports in cooperation with the ProSec Group.

We guide a safe recovery, harden the environment against renewed attacks and can secure the state further through post-incident monitoring.

An audit checks against a catalog. We think like attackers and prioritize measures by what is really exploitable and provides the greatest protection.

No. Hardening is carried out in a planned and coordinated way, with an eye on availability and usability.

Yes. After an incident, hardening is the logical next step — we transfer findings from the forensics directly into effective measures.

Through traceable baselines and an effectiveness check — you can see which attack paths were closed.

You invest your limited resources where the threat is real and relevant — instead of chasing every headline.

From a combination of open and specialized sources, evaluated with structured analytic techniques (SAT) and intelligence experience.

Yes. We align the situational picture with your concrete intelligence requirements and risk profile.

Yes. Based on the indicators we proactively search for traces of attacker activity in your environment.

DFIR focuses on the acute phase: analysis, containment, recovery. Post Incident starts afterwards — with root-cause analysis, lessons learned, lasting hardening and reliable documentation.

Especially then. Without a clean review, causes remain open and recurrences likely. Regulators and insurers also often require traceable documentation.

We document traceably and audit-proof and align the records with the requirements of management, regulators and insurers.

Yes. We take on the review even when the acute response was carried out by another team — as an independent assessment.

Every ProSec retainer consists of two building blocks: the one-time Cyber Incident Readiness initialization (role model, SLA/OLA structure, scenario playbooks, tabletop exercise) and the ongoing retainer with guaranteed response times, a fixed point of contact and included forensics and crisis-manager contingents. There are three tiers — Essential, Professional and Premium. You can find details on the retainer page. The retainer combines guaranteed availability, a fixed hour quota and prioritized response. We tailor the exact scope to your organization.

Depending on the package, guaranteed response times range from business hours (Essential) to 24/7 (Professional and Premium); for critical incidents, retainer clients receive a first response within 30–60 minutes. Without a retainer, we respond to acute incidents within 2 hours. We define the concrete SLA values together in the initial consultation. We define concrete SLA response times contractually — graded by severity.

Unused contingents do not simply expire: by arrangement we use them for preventive services — such as hardening measures, readiness reviews, tabletop exercises or consulting. The concrete rule is set out in the retainer contract..

Yes. We discuss term and cancellation conditions individually in the initial consultation — transparently and without hidden conditions..