Azure Digital Forensics and Incident Response Retainer


Always-on expert Azure Digital Forensics and Incident Response investigators armed with the experience and tools needed to get Azure customers answers – without losing chain of custody.

Although Managed Detection and Response (MDR) provides comprehensive security coverage, many businesses require additional cloud-native incident response, forensics, or legal testimony capabilities that fall outside the scope and capabilities of MDR.

To support our clients and provide complete integrated security services leveraging Microsoft’s larger cloud ecosystem, BlueVoyant offers Azure Digital Forensic Incident Response (ADFIR) Retainers.

As an annual or multi-year service, BlueVoyant’s ADFIR Retainer can:

  • Provide incident response for pre-arranged, rapid response SLAs and pre-negotiated terms and conditions to reduce response time to an incident.
  • Utilize predefined chain-of-command, processes, pre-authorization with client’s third-party suppliers and service providers, communication methods, intervention scope, monitoring technologies, and security perimeter.
  • Perform incident cyber forensic collection, detailed analysis, expert witness, and other litigation considerations, and overall crisis management.
  • Investigate, hunt, and halt threats outside of normal MDR workflows.
  • Conduct environmental audit and threat hunt for persistence methods in Azure and hybrid on-premises environments.
  • Azure Log and resource artifact investigation to determine actions taken by the threat actor.
  • Augment internal response staff during periods of high demand, such as forensic root cause analysis, log review, and Office 365/Azure auditing.
  • Perform human resources investigations, insider threat evaluation, and identify severity of alerts.
  • Provide quarterly threat briefings and annual domain-wide third-party breach report.
  • For EMEA clients, we will perform a high-level Incident Response Gap Analysis, including a review of the incident response plan, policy, and playbook as part of the onboarding process.
  • For North American clients, we offer the ability to rollover up to 50% of unused hours into a retainer renewal.
  • Provide digital forensics services including:
    • Business email compromise
    • Compromise assessment
    • eDiscovery/eDisclosure
    • Employee offboarding
    • Extortion
    • Governmental and legal entity Notifications
    • Intellectual property theft
    • Mergers, acquisitions, and integrations
    • Phishing investigations
    • Ransomware
    • Workplace investigations and insider threat

Incident response services are available in most but not all countries. Please contact your BlueVoyant representative to ensure that your country is supported.

Explore more -