Kivu provides rapid response when every minute counts.
Kivu’s incident response service helps organizations respond to and eradicate attacks fast and effectively. Our unique methodology employs patented technology that rapidly collects data remotely, analyzes it at a centrally secure location, and allows Kivu analysts to quickly move from analysis to response and recovery.
With over ten years of incident response experience, cyber security excellence and customer service go hand in hand at Kivu. Our responders have investigated incidents at hospitals, universities, financial institutions and publicly traded companies globally, and are not only highly certified analysts but also effective communicators.
Kivu has a global reach and can provide local presence to serve clients wherever they are.
Are you experiencing a cyber attack right now? We can help. Report an incident
Our Capabilities
Cyber Extortion and Ransomware
Kivu has built an industry leading reputation combating cyber extortion and responding to cyber-crime, enabling our clients to make informed, cost-effective decisions. Our cyber extortion teams are trained in complex negotiation procedures, and are highly experienced in hacking techniques and protocols.
Kivu’s expertise spans denial of service, ransomware, theft of confidential information and threat to damage a network.
DENIAL OF SERVICE
Whether a stand-alone attack to force payment of ransom, or a means to disrupt and open a system for network penetration, denial of service attacks obstinately remain a threat to organizations – whether online retail, public entities, or political groups. Kivu has advised such organizations on pre-emptive safeguards, responded to their defense during attacks, and worked with partners to block malicious traffic before it even hits our clients’ networks.
RANSOMWARE
Ransomware, preventing users from accessing their files, applications or systems until the victim pays the ransom, has established itself as a common method of cyber extortion. Kivu’s ransomware analysts are trained negotiators who will lead the communication with the attackers. Kivu will confirm that the decryption keys provided by the attacker work correctly, and ensure that evidence regarding the attackers is preserved for law enforcement. We are a registered MSB and can provide anonymous bitcoin payment within hours, assuring regulatory compliance at every step of the process. Download the brochure >
THEFT OF CONFIDENTIAL INFORMATION
With significant assets held as proprietary information, organizations are constantly targeted by cyber criminals, who use sophisticated hacking techniques, social engineering, and malicious insiders. Kivu helps its clients prepare for and respond to these attacks, using lessons learned from a decade of investigating cyber-crimes.
THREAT TO DAMAGE NETWORKS
Organizations face real threats of cyber damage from hacktivists, disgruntled employees, and nation-states hackers. Kivu has responded to incidents ranging from denial of service to physical damage caused by deliberately malfunctioning industrial control systems.
Data Analytics
The rise in complex data breaches and heightened regulatory scrutiny in today’s business environment has increased the need for sophisticated and responsive solutions. Kivu’s team of professionals has a proven track record of delivering results.
Kivu’s Data Analytics team is comprised of highly skilled, certified digital forensic investigators, technology experts, and seasoned consultants, who work with an organization to recover, preserve, and analyze large volumes of digital data.
Our experts are adept at creating, hosting, migrating, and analyzing large stores of electronic information related to investigations. This data can include email (O365, Exchange, Google Business), accounting and financial record systems, sales and marketing data, human resource data, and other complex databases.
Kivu analysts work seamlessly with our clients to provide financial and other reports related to business activities in data breach matters, government investigations, and litigation disputes. Kivu personnel have testified in state and federal court on a breadth of data breach and insurance coverage cases.
Expert Witness Testimony
In many cyber crime cases, the court’s ruling may come down to an expert’s opinion, and an attorney will need the best cyber security expert witness available. Kivu has served as trusted advisors to attorneys throughout North America and Europe, for almost a decade.
Kivu personnel have testified in state and federal court in a breadth of data breach and insurance coverage cases, including: cyber security and privacy class actions, theft of trade secrets, and employment and regulatory disputes. Kivu’s analysts have provided expert opinions on reasonable standards of IT security, damage caused by malware attacks, the length of business interruptions, and preexisting conditions. We have testified regarding the significance of specific metadata, the effects of spoliation, the likelihood of unauthorized data transfer or access, and the relevance of email, text and Instant Messaging. Our opinions have covered Windows, Linux, Mac, and proprietary operating systems and platforms.
In the run-up to trial, Kivu’s experts have assisted clients by providing declarations, affidavits, and testimony at deposition. We frequently attend and advise counsel at the depositions of opposing experts.
ACTING AS NEUTRAL TECHNOLOGY EXPERTS
Kivu personnel have also served as court appointed neutrals and third-party experts in litigation and mediation. Areas of expertise have included analyzing possible spoliation, recovery of deleted data, the searching and analysis of confidential data in escrow, and advising judges and mediators on the significance of parties’ forensic findings.
Kivu’s forensic professionals’ diverse experience and backgrounds include: law firms, federal law enforcement, big four consulting firms, software development companies, IT production environments, and in-house IT departments. Resumes of Kivu’s experts, including the cases where they have testified, are available upon request.
Forensic Investigation
In the aftermath of a cyber incident, it is essential to immediately isolate the impacted systems and identify the hosts involved. Kivu has developed a proprietary forensic methodology that allows specific identification of the affected systems, rapid and thorough forensic analysis, and a protocol to assist clients in remediating their networks.
The Kivu Digital Forensic Lifecycle considers forensic analysis as a business process in which the forensic examination enables our clients to build a stronger infrastructure for detecting and avoiding new threats.
Kivu’s digital forensic analysis provides a detailed account of digital evidence, including a timeline for the event on the host, which results in actionable indicators that can be used by our intrusion detection analysts to identify other compromised hosts throughout the enterprise. Kivu’s experts use established computer forensics techniques, intrusion analysis, and malicious code analysis capabilities to thoroughly assess the system and methods used for the incident.
Kivu is unique in understanding the legal implications of an intrusion, and can advise our clients on the technical and practical challenges of digital forensics. Our team of professionals has testified as expert witnesses throughout North America and Europe. Our professionals are experienced in the forensic analysis and extraction of data from all Windows, MAC and Linux operating systems, all commercial mail clients and servers, and all commonly used mobile phone devices.
Our people, processes and advanced technology are discretely adapted to each client’s specific needs.
Post Breach Risk Assessment
Post breach cyber investigations couple traditional investigative skills with the use of sophisticated software and forensic analytic techniques to track suspects and recover evidence. Since cyber investigations could easily cross nation-state boundaries, knowledge of international legal systems and privacy standards becomes crucial to successful outcomes.
Kivu analysts are experienced in providing confidential, discrete post breach risk services to protect our clients throughout the globe. Kivu’s unique incident response methodology collects data remotely, allowing Kivu analysts to quickly move from analysis to response and recovery.
Key factors in Kivu’s post breach cyber investigation may include:
- The nature and extent of the systems and data involved in the breach
- Determining the true identify of anonymous attackers
- Whether data was actually acquired or viewed, and if so, to what extent
- Preserving and collecting evidence using local law enforcement standards
- Legally monitoring and collecting evidence while in transit from websites, message boards, and social media sites
- Advising the client of US and international privacy laws and notification requirements for violations of privacy
- Determining the extent to which the risk of future incidents has been mitigated
Our post incident breach risk assessment is adapted to uniquely serve every organization’s needs.
PREVENTING FURTHER BREACHES
Many of Kivu’s cyber investigation clients decide to take advantage of our Risk Management And Prevention Services. Our team can evaluate the soundness of an organization’s technical environment, as well as the human behavior that can either prevent or lead to an incident.
KECT
In order to offer clients fast incident response, Kivu developed a proprietary technology tool, Kivu Enterprise Collection Tool (KECT), which securely scans IT systems remotely to collect forensic data. KECT was engineered to efficiently and effectively identify the Indicators of Compromise (IOC), enabling Kivu analysts to quickly identify and resolve cyber incidents.
KECT is secure, self-contained and fast. It does not install any software on the client’s systems or restrict bandwidth. KECT works by scanning networks to collect the most valuable data points, and then immediately responds with statistical analysis at a secure centralized location. KECT is able to vigilantly monitor the changing Tactics, Techniques and Procedures (TTP) used by the most sophisticated attackers.
What KECT offers Kivu’s clients:
- Lower incident response costs – Because all necessary data is collected remotely, no onsite Kivu personnel are required
- Fast analysis – KECT can scan large corporate networks in less than 60 minutes
- Low client impact – KECT requires no software installation at the client site, nor calibration, and it uses minimal bandwidth consumption
- Highly effective solutions – KECT isolates previously unidentified Indicators of Compromise to reveal exploited vulnerabilities
Kivu is constantly innovating, bringing the best solutions in both technology and analytic processes to our clients around the globe. In recognition of this unique technology, KIVU was granted patent #10609065 for KECT by the United States Patent and Trademark Office in 2020.
Additional Information About Our Services
COMPETITIVE INCIDENT RESPONSE
Kivu provides a cost-effective and complete solution to ransomware incidents. Our packaged service provides greater transparency, cost control and more efficient service delivery.
RANSOMWARE EXPERTISE
Our incident response and post-breach remediation services are tailored to mitigate and remediate ransomware attacks. We counter ransomware threats with expertise.
MICROSOFT 365 INVESTIGATIONS
A new and improved 24-hour service for victims of Business Email Compromise, providing comprehensive incident analysis and actionable advice.
E.U. SERVICES
Kivu’s EU operations are based in London and Amsterdam. We provide best-in-class cyber security solutions to the European market.
GET IN TOUCH
General Enquiries
info@kivuconsulting.com
415.524.7320
Report an Incident
Online form
855.548.8767
GET THE NEWSLETTER
Cyber security and Kivu news direct to your inbox. Never spam.
You can unsubscribe at any time.