Secureworks Incident Response

Additional Info

Company size (employees)1,000 to 4,999
Type of solutionService


Secureworks Incident Response (IR) has been helping organizations respond to cybersecurity emergencies and helping customers prepare to respond since 2007. Our global team of IR consultants bring cross-disciplinary skills, expertise and experience combined with insights gained across thousands of incident response engagements, and the latest defensive and offensive threat intelligence research from our Counter Threat Unit (CTU). Secureworks offers both proactive incident response in order to help organizations prepare for a breach as well as emergency assistance to minimize impact and ensure efficient and effective response should an organization be breached.

To offer coverage across the incident response lifecycle, mitigate risk and gain confidence in response and detection capabilities, the Incident Management Retainer (IMR) is designed to enable a more proactive, comprehensive and resilience-driven approach to IR. In addition to Emergency IR SLAs and seasoned experts backed by the Secureworks ® Taegis™ security analytics platform, the IMR agreement gives access to a wide range of threat-informed technical, strategic and advisory consulting services – including tabletop exercises, CIRP development, incident readiness assessments, threat hunting and vulnerability assessments, red and purple team testing. The tiered retainer model accommodates varying cybersecurity objectives and introduces program management features including expert-led proactive service planning and reviews.

Secureworks Emergency Incident Response (certified by the NSA and NCSC’s, CIRA and CIR schemes respectively) is accessible to our IMR customers and via the 24/7 hotline (+1-770-870-6343). Secureworks offer remote and onsite support for a range of incident types – from small to large-scale, enterprise-wide crisis situations that significantly disrupt or impede business operations. Our team provides digital forensics, malware analysis and threat intelligence analysis capabilities, as well as guidance and assistance needed for rapid investigation, analysis, and remediation of threats. For major incidents, we can provide Incident Command support (Blog – The Role of the Incident Commander in Cybersecurity). Link:

How we are different

• Operational Expertise - Secureworks is 100% focused on security and has been delivering incident response services for over 15 years. We draw on the visibility into the security programs of thousands of customers worldwide, lessons learned from thousands of consulting and IR engagements conducted annually, and the latest threat intelligence produced, analyzed and validated by the Secureworks Counter Threat Unit™ (CTU™) research team to deliver the best services. Delivered by a team of over 80 incident responders with backgrounds spanning national, military and organizational CSIRTS, as well as intelligence and law enforcement agencies, our team offers experience that organizations need during an incident to mitigate risk.

• Industry Leading XDR Platform – Secureworks has its own proprietary extended threat detection and response (XDR) platform, Taegis™, as well as endpoint agent for gathering telemetry that enables our team to perform threat hunts and other threat detection, investigations, and response activities. Secureworks products are built on the Taegis cloud-native security platform that continuously gathers and interprets telemetry from proprietary and 3rd party sources, including endpoints, networks, cloud, and identity systems. Secureworks IR team uses this same platform to help speed detection and enhance investigations with the latest security analytics.

• Proprietary Threat Intelligence - Secureworks IR shares intelligence on threat actors and their tradecraft through an open feedback loop with our CTU research team who monitors hundreds of threat groups. This info is incorporated into new countermeasures, detectors & other protective actions for Taegis. Tight collaboration between our IR team and the adversarial security testing team and CTU provides deeper context and real-time understanding of threat actors and their behaviors – answering questions such as “what would a threat actor do next?” to strengthen response, remediation and recovery. This virtuous cycle of resources and intelligence is unique to Secureworks.