A key to our success as a remediation team is being well informed about the tradecraft of attackers targeting the organization. Our threat intelligence teams helps you understand this with regular briefings, while we also make use of multiple renounced intelligence feeds , Frameworks like the MITRE ATT&CK matrix are also great at mapping out the techniques used by attackers and shine a light not only on how they seek to compromise but how they might respond to discovery.
Connecting to our staff across the globe also helps. They can be our eyes and ears in areas where we might have technical visibility gaps. Our security awareness team has worked hard to encourage staff to report strange files or phishing emails that could represent a targeted attacker – which becomes invaluable information during any response.