As part of EMPISTā€™s Managed Services, Clients that are actively subscribed to applicable Cybersecurity Services will receive First Stage Incident Response coverage for supported systems. This initial level of response is designed to provide timely triage, containment support, and recovery guidance for suspicious or confirmed malicious activity within the scope of covered services.

This support is limited to systems and services explicitly included in the clientā€™s active Cybersecurity Services subscriptions. Any incident response activity outside of that scope will be subject to billable charges in accordance with the Master Services Agreement (MSA).

As defined in our Master Services Agreement (MSA), the following response actions are covered at no additional charge:

Alert Response & Triage

We actively monitor and respond to alerts for suspicious or confirmed malicious activity within your environment.

First-Level Investigation

Our team conducts a preliminary assessment to identify the scope, type, and potential impact of the incident.

Containment Support

To prevent further spread or damage, we assist with containment actions, including:

  • Isolating compromised endpoints
  • Disabling suspicious user accounts
  • Terminating malicious processes
Basic Recovery Actions

Once containment is in place, we help restore normal operations by:

  • Resetting compromised passwords & MFA
  • Running antivirus/malware scans
  • Re-enabling disabled user accounts
  • Educating affected users on post-incident security best practices
Remediation Guidance

  • We provide recommendations for corrective actions and share best practices to minimize the risk of recurrence.

Whatā€™s Not Included in Base Managed Services

Some incidents require a deeper level of response beyond the scope of standard managed services. These Second Stage Incident Response activities are available as billable services per the terms outlined in your MSA.

Examples of billable IR services may include:

  • Complex or organization-wide security events
  • In-depth forensic investigations
  • Root cause analysis and timeline reconstruction
  • Compliance and legal reporting assistance
  • Data recovery and threat actor attribution
  • Execution of full incident response playbooks and documentation

Governed by Our Master Services Agreement (MSA)

First Stage Incident Response is provided only in connection with subscribed Cybersecurity Services and applies solely to the systems and environments covered under those subscriptions. All incident response services, including those included as part of Managed Services and those billed separately are subject to the terms outlined in the Master Services Agreement (MSA).Ā  Please contact your EMPIST Account Manager if you have any questions.