When something’s on fire, or before it is.
Active breach, suspicious access, data exposure, ransomware: we contain it, find out what happened, and get you through the response. And before anything burns, we test whether you’d even see it coming.
Contain, understand, recover.
Triage & contain
Stop the bleeding. Isolate affected systems, cut off access paths, and stabilize.
Investigate
Preserve evidence, reconstruct the timeline, and find scope and root cause.
Remediate
Close the entry points and validate that the attacker is actually out.
Report & recover
Clear documentation for customers, regulators, and your board, and a plan so it’s smaller next time.
Would you even see it coming?
Most teams find out their monitoring had a blind spot during the incident. We’d rather you find out on purpose, first.
Attack, with permission
DeepExploit runs real attacker techniques against your environment under controlled, authorized conditions.
Measure detection
We track what your tooling caught, what it missed, and how long it took to alert, a concrete map of your blind spots.
Close the gaps
We tune detection and alerting where it’s weak, including behavioral analytics (UEBA) via Boundless DB, which sits on top of your PostHog data.
We don’t discount fires.
| Engagement | Price |
|---|---|
| Emergency IR, minimum engagement | $10,000 |
| Hourly response | $350–$500/hr |
| Proactive control / detection test | scoped with DeepExploit |
| Incident readiness tabletop | included in Growth vCISO |
Common questions.
What does incident response cost?
Emergency IR has a $10,000 minimum engagement, with hourly work at $350–$500/hour. We don’t discount emergency response, when something is actively wrong, you want the right people, fast.
How fast can you start?
Reach out through the contact page or your existing Operative relationship and we’ll triage immediately. The faster we’re engaged, the more evidence we can preserve and the more damage we can contain.
What happens during an engagement?
We work to contain the incident, preserve and analyze evidence, identify scope and root cause, support remediation, and help with the communication and reporting that follows, including customer, regulator, and internal updates.
Can you help us prepare before something happens?
Yes, and we think you should. Beyond reactive IR, we proactively test your controls with DeepExploit to find the gaps in your monitoring before an attacker does: we run real attack techniques and check whether your tooling actually detects and alerts on them. Where detection is weak, we tune it, including behavioral analytics through Boundless DB.
What is the proactive control test?
A controlled, authorized exercise where DeepExploit executes attacker techniques against your environment and we measure what your monitoring caught, what it missed, and how long it took to alert. You get a concrete map of your detection blind spots and a plan to close them, so the next real incident is seen early instead of discovered late.
Dealing with something right now?
Reach out and we’ll triage immediately. The sooner we’re in, the more we can save, and if nothing’s on fire yet, ask us to test whether you’d catch it.