← Back to services // Defensive

Incident Response

24/7 available for security incidents

€250 /hour

Every minute counts during a security incident. Our Incident Response team is available 24/7 to respond quickly and effectively to security incidents. We help contain, investigate and recover.

What is incident response?

Incident response is what needs to happen when your organisation has been hacked. Ransomware, data breaches, Business Email Compromise, unauthorised access, a suspicion that someone is in your network - we help contain the incident, find the cause and recover.

Our team thinks like attackers - because that is what we are daily as pentesters. We quickly understand how an attacker got in, which tools they used and what traces they leave. That makes us effective in incident response.

When should you engage us?

  • Ransomware: systems encrypted, ransom demand received
  • Suspected intrusion: unexplained activity in network or cloud
  • Business Email Compromise: email accounts taken over, fraudulent payments
  • Data breach: indication that sensitive data has been stolen
  • Malware: systems showing suspicious behaviour
  • Account takeover: admin accounts or cloud tenant compromised

Why Zolder for incident response?

During an incident every minute counts. You need a team that:

  • Is immediately available: we respond 24/7. Call us, and we are there. No ticket system, no queue.
  • Thinks offensively: our pentesters understand attack techniques from the inside. We quickly recognise which tools an attacker has used.
  • Gets hands dirty: we deliver concrete, hands-on help. Forensic analysis, containment, recovery. Not theory.
  • Advises independently: we do not sell security products. Our advice is purely focused on resolving the incident.

Our approach

Based on NIST SP 800-61, but put into practice by researchers who know how attackers work:

  • Triage & intake - rapid assessment: what happened, what is the scope, how bad is it? Initial assessment of the attack type.
  • Containment - immediate actions: isolating compromised systems, blocking suspicious accounts, activating network segmentation. We act fast.
  • Forensic investigation - analysing log files, disk images, memory dumps, network captures. Establishing cause, attack path and scope.
  • Eradication - removing malware, closing access, resetting compromised credentials.
  • Recovery - controlled restoration from clean backups. Verification that the attacker has not left persistence.
  • Reporting & lessons learned - incident report with timeline, root cause analysis and recommendations. Usable for law enforcement, insurance and regulators.

What does incident response cost?

Our hourly rate for incident response is €250 per hour (excl. VAT). This reflects 24/7 availability, urgency and specialist expertise. Costs depend on:

  • Severity: a BEC versus a full ransomware attack with lateral movement.
  • Work required: triage and containment only, or also extensive forensic investigation.
  • Duration: small incidents in days, complex attacks in weeks.
Suspect an incident? Call us for a brief free assessment. Direct contact, no queue.

Methodology

1

Triage

Snelle beoordeling van de situatie en ernst.

2

Containment

Indammen van het incident om verdere schade te voorkomen.

3

Herstel

Onderzoek, eradicatie en herstel van systemen.

Frequently asked questions

How quickly can you be on-site?

We respond 24/7. For urgent incidents we start immediately remote - in many cases most work can be done remotely. Physical presence needed? Typically on-site within 4-8 hours in the Netherlands. From Zevenbergen we are quickly in the Randstad and Brabant.

Do we need a retainer contract?

No. We also help without a retainer. However, we recommend an introductory meeting beforehand so we know your environment when it matters. With a retainer we guarantee faster response times and a reduced rate.

Can you help with data breach notification obligations?

Yes. We help determine whether there is a reportable data breach, support the notification to the DPA and provide technical substantiation. We are not lawyers - but we work well with your legal department.

What if we already have a SOC but still have an incident?

A SOC detects, but does not always handle resolution. We complement your team with offensive expertise: we understand how the attacker thinks, find the root cause faster and contain the incident. Short lines, direct contact with the researchers.

Related services

// Offensive

Penetration Testing

CCV certified - blackbox, greybox & whitebox

 // Defensive

Microsoft 365 Review

Complete M365 security assessment

 // Defensive

Attic Security

Continuous Microsoft 365 hardening

Ready to test your security?

Get in touch with our team for a no-obligation conversation about your security challenges.

Get in touch