Solutions · Incident Response Retainer

Ready before you need us.

A pre-paid retainer with the WedgeX DFIR team and the platform deployed alongside. When the worst day arrives, the team is already in place and the investigation begins in minutes.

Ready Retainer status
Standby
24/7
First response
< 15 min
DFIR team
Onshore
Aligned to
ISO 27001
The minutes that matter

What happens after activation.

A typical engagement, told as a clock. Containment in the first hour, scope by end of day, full picture by week's end.

T+0

Activation

Single number, day or night. The DFIR lead is paged on the call.

First hour

Containment

WedgeX ingests from the affected systems while the team agrees and approves the first containment actions.

First day

Executive brief

Scope verified, evidence preserved, lateral movement mapped. Board-ready brief in your hands.

Week 1+

Post-incident report

Root cause, threat actor activity, complete timeline and a remediation plan to harden against the next attempt.

What is included

Pre-engaged on the worst day.

Five things every retainer comes with. Scope and hours sized to your environment.

  • 01

    Immediate access

    Pre-paid hours mean no contracting friction in the moments that matter. The team is already engaged when you call.

  • 02

    Triage and containment

    WedgeX and the DFIR team work in parallel. The agent investigates, the team approves the actions that change your environment.

  • 03

    Forensics and investigation

    WedgeX deployed across your affected stack. Evidence preserved, timeline built, lateral movement mapped end to end.

  • 04

    Post-incident review

    Root cause, breach timeline and threat actor activity, in a report ready for the board, regulators and your cyber insurer.

  • 05

    Threat hunting between incidents

    Quiet periods are not idle time. The team turns the retainer toward proactive hunts, hardening reviews and table-top exercises.

Claw-back

Unused hours stay yours.

If the worst day never comes, the retainer is not wasted. Any unused hours can be applied to other cybersecurity work with our team.

Proactive threat hunts
Hardening reviews
Table-top exercises
Penetration testing
Tooling assessments
Tabletop after-action

Scope a retainer with our team.

Set up takes a short scoping call. If you also want a SOC running every day, see Managed SOC. If you want to operate WedgeX yourself, see the AI SOC Platform.