Manufacturing — Incident Response Retainer (Anonymized)
Industry: Manufacturing (EU)
Scope: IR-on-call + tabletop + hardening sprint
Duration: 6 months retainer
Scenario
- Ransomware attempt contained at EDR stage
- T+0h: Alert triage & scope
- T+4h: Forensic collection + containment
- T+24h: Business recovery in segmented environment
- T+72h: Root cause & hardening roll-out
- Downtime avoided: ~36 hours
- MFA coverage: 60% → 98%
- Backups verified + immutable retention enabled