Incident Response. PHOTO: Cybercrime Magazine.

10 Hot Incident Response Companies to Watch in 2021

Who to call when the cybercriminals get through

David Braue

Melbourne, Australia – Jun. 10, 2021

If the famous bon mot about death and taxes were to be written today, there would likely have been a third element: cybersecurity attacks.

Breaches are coming thicker and faster than ever, with the FBI recently reporting that it received four times as many cybersecurity complaints per day during 2020 than it did in 2019 — which means that, more than ever, your company needs to have a detailed incident response plan so you’re ready to act when it happens to you.

Unless you have your own army of in-house cybersecurity responders waiting for your call, odds are that you’re going to need an incident response company to have your back. But in today’s broad and deep cybersecurity market, how do you choose the right one?

A recent Forrester Wave report outlined three key capabilities that you should ensure any potential incident response firm can provide. These include immersive training facilities to support real-world breach training; the ability to outsource capabilities as necessary; and the ability to perform mapping of post-breach remediation implementations.


Cybercrime Radio: MDR and Reducing Risk

Mark Sangster, Principal Evangelist & VP Industry Security Strategies at eSentire


Business maturity (loosely correlated with size) is important in this space, since the effectiveness of any incident response will start with investment in innovative tools but finish based on the availability of experienced professionals who know how to apply them. Most IR providers offer the option of an ongoing retainer, which is often married with proactive security audits and customized planning to ensure the fastest possible response if things go south.

Forensic analysis is an important part of the offering – so much so that Gartner refers to this market sector as digital forensics and incident response (DFIR) services. The explicit addition of forensics as a capability is a reminder that responding to an incident is not only about stopping it – but about learning from the event, so you can put steps in place to ensure that it doesn’t happen again.

If you haven’t already chosen a company to be there when the cybercriminals come knocking, make sure that you do so posthaste. Here are ten of the hottest incident response vendors to watch this year:

  • Aon, London, UK. With a 40-year history in insurance and risk management services, Aon’s incident response capabilities emphasize proactivity and preparedness — two qualities that resonate well with the increasing recognition of cybersecurity as a clear and present danger to business continuity. Aon’s $0 Incident Response Retainer helps you organize a clear incident response plan before you need it — so you’re ready to tap the company’s broad range of forensics, incident response, legal, cyber insurance and other capabilities as efficiently as possible.
  • AT&T, Dallas, Texas. AT&T’s massive consulting resources and support infrastructure give it a market heft that few can match. With a range of data breach prevention capabilities, experts well-versed in security methodologies, incident management planning DFIR services and SOC-as-a-service offerings, AT&T’s broad service platform was recently expanded with the AT&T USM Anywhere advisory service and tight integration to back-end security tools.
  • BAE Systems, Guildford, UK. Long a service provider to high-end government agencies and operators of nationally significant networks, BAE offers CREST- and CESG-certified strategic cybersecurity services backed by a 24×7 incident response hotline and a global network of on-site personnel. Response services include both technical response and issues such as stakeholder engagement and management of the press.
  • Crowdstrike, Sunnyvale, Calif. By basing its incident response services around its well-regarded Falcon threat-intelligence platform, CrowdStrike has leaned heavily on real-time security analytics — with its CrowdStrike Intelligence Team supporting its CREST-certified IR specialists throughout the incident response. This ensures that all parties continually have eyes on the customer environment as they help resolve a current incident — and develop a data-driven plan to avoid others in the future.
  • Deloitte, New York, N.Y. With its long heritage of business and technology consulting services, Deloitte’s holistic approach to cyber incident response planning focuses as much on business continuity as it does on the nuts and bolts of DFIR. Its global network of cybersecurity expertise, including NSA CIRA accredited response teams, supports end-to-end cyber incident response services based around customized incident response plans that are established early on and ready to activate for retainer clients.
  • eSentire, Waterloo, Canada. Promising a four-hour global response from a DFIR team filled with “battle-tested and highly certified” staff — the group is named after Artemis, the Greek goddess of hunting — it’s clear that eSentire approaches incident response on the front foot. Its response is built around an arsenal of forensics and investigation tools that are utilized to shut down the attack quickly, then segue into an end-to-end incident response lifecycle that ferrets out the root causes of the breach to avoid recurrence.


  • FireEye, Milpitas, Calif. FireEye’s incident response team has been in the headlines this year for their involvement in exposing the SolarWinds hack, but their pedigree in high-profile detection and incident response taps its many years’ experience stopping attacks, with incident-response staff in more than 30 countries. Its Incident Response Services roster includes a rapid response “within hours” — covering everything from technological attack shutdowns to disclosure and executive communications, down to the support of Mandiant malware specialists providing low-level analysis and specific remediations to avoid reinfection.
  • IBM, Armonk, N.Y. The sheer size and scope of IBM’s service offerings translates into a complete incident-response offering that includes the full spectrum of incident response — with AI-powered threat-intelligence tools, extensive cyber-range training capabilities, and the company’s X-Force security research team supporting IR playbooks and other response planning and execution services.
  • Kroll, New York, N.Y. Kroll has applied its extensive risk-management expertise to its incident response capabilities, providing a multi-faceted response ranging from rapid incident response and digital forensics to legal and insurance-provider liaison, through to consumer notification and remediation. A bevy of incident-planning capabilities, including security assessments and tabletop exercises, helps lay down clear action plans when cybercriminals strike.
  • Secureworks, Atlanta, Ga. The incident-response specialists in Secureworks’ network offer rapid emergency response backed by the company’s extensive threat-intelligence infrastructure, but the company is equally focused on proactively developing and stress-testing its clients’ incident response processes against new cyber threats as they emerge. Targeted threat hunting assessments actively seek out as-yet-undetected threats, supporting early detection and rapid response as well as ensuring that implemented remediations are effective.

David Braue is an award-winning technology writer based in Melbourne, Australia.

Go here to read all of David’s Cybercrime Magazine articles.


Sponsored by eSentire

eSentire is The Authority in Managed Detection and Response Services, protecting the critical data and applications of 1000+ organizations in 70+ countries from known and unknown cyber threats. Founded in 2001, the company’s mission is to hunt, investigate and stop cyber threats before they become business disrupting events.

eSentire provides complete, multi-signal Managed Detection and Response providing 24/7 cutting-edge protection against cyber attackers that bypass traditional cybersecurity controls.