Incident Response Retainer
On-call IR engagement with defined SLAs, named lead, and pre-negotiated rates. Avoids the worst case of negotiating an IR contract while actively under attack.
Tags: retainer
Retained IR
Incident Response & Threat Intel
Named IR lead, defined RTO/RPO targets, tested runbooks. Tier-1 threat intelligence feeds and dark-web monitoring for your domain and exec team. Tabletop exercises every quarter — so when an incident lands, it isn't the first time you've rehearsed it.
How it works
From assessment to continuous coverage
- Discovery — Stack inventory, control map, threat-model workshop. Two weeks to a documented baseline.
- Hardening — Quick-wins shipped immediately. Pen test runs in parallel. SOC onboarding starts.
- Operate — 24×7 monitoring live. Incident-response retainer active. Weekly hygiene reports.
- Mature — Quarterly retests, tabletop exercises, compliance evidence rolling forward continuously.
What's covered
Incident Response & Threat Intel capabilities
Every capability is delivered as part of one managed program — scoped to your business, executed by our partner network, and managed by your Katalor security lead. One contract, one point of contact, one report.
Digital Forensics & Investigations
Memory and disk forensics, log-timeline reconstruction, indicator extraction — for incidents that need root-cause clarity, not just containment. Court-admissible chain of custody if required.
Tags: forensics
Threat Hunting
Hypothesis-driven hunts in your data lake for adversary behaviors that bypass automated detection. Maps to MITRE ATT&CK tactics; outputs detections that get added to the SOC ruleset.
Tags: hunting
Tabletop Exercises
Scenario-driven exercises with your leadership team — ransomware, data-loss event, insider, supply-chain compromise. Tests the playbook on paper before you test it under fire.
Tags: tabletop
Threat Intelligence as a Service
Curated intelligence for your industry and stack — IOCs, TTP changes, dark-web mentions of your brand or executives. Routed into the SIEM, not delivered as a monthly PDF.
Tags: TI
How this fits your engagement
Incident Response & Threat Intel in context
For small business
In the Pulse Check or Monthly Retainer
Pulse Check doesn't include IR — for that, the Monthly Retainer adds incident response on call with pre-negotiated rates, tested runbooks, and an annual tabletop exercise. Avoids negotiating an IR contract while you're actively under attack.
For mid-market & enterprise
In an Assessment, Project, or Retained engagement
Retained or Co-managed engagements include a named senior IR lead, defined RTO/RPO, court-admissible forensics if required, and quarterly tabletop exercises. Threat intelligence routed into your SIEM as detections, not delivered as a monthly PDF.
Ready to make security a delivery requirement, not a checkpoint?
Schedule a 30-minute scope call with Katalor Security. We'll walk your stack, identify the top three exposures, and propose the right MSP tier — at no cost.