Microsoft Incident Response Retainer is usually out there



The duty of securing organizations is continually altering and getting extra complicated. Many organizations don’t have the time, sources, or experience to construct an in-house incident response program. For purchasers that need assist remediating an particularly complicated breach (or avoiding one altogether), Microsoft Incident Response provides an end-to-end portfolio of proactive and reactive incident response companies. We function in 190 nations and our incident responders are seasoned veterans with greater than a mixed 1,000 years of profession expertise resolving assaults from ransomware criminals to probably the most refined nation-state risk actor teams.

Microsoft Safety is increasing its incident response presence and we’re excited to announce the Microsoft Incident Response Retainer is now usually out there.

Incident response retainers are more and more invaluable because of market dynamics

Prospects face persistent assaults from a rising variety of vectors that price money and time and affect popularity. Firms which might be unprepared to answer an incident noticed a worldwide common breach price USD4.3 million (USD9.44 million in the USA) in 2022. This compares to USD3.05 million (USD1.3 million or 30 % much less) for corporations with incident response and AI automation.1 Firms that put these proactive measures in place additionally detected breaches 74 days sooner than these with out assist (249 days in comparison with 323 days). Compounding these challenges, solely 41 % of chief government officers (CEOs) consider they’re ready for cybersecurity crises.2 What this tells us is that clients want incident response assist, and they should interact this assist proactively earlier than a disaster occurs—and Microsoft has taken be aware.

“My group lives and breathes incident response. I actually have to drag them away from work and make them take breaks—they love what they do, and it exhibits within the high quality of their work,” mentioned Dan Taylor, Head Coach of Microsoft Incident Response. “We’re excited for the continued growth of Microsoft Incident Response and the launch of our Incident Response Retainer, which improves the shopper buy expertise and permits for deeper, extra significant buyer engagement.”

Overview of the Microsoft Incident Response Retainer service

The Incident Response Retainer gives pre-paid blocks of hours for extremely specialised incident response and restoration companies earlier than, throughout, and after a cybersecurity disaster. It’s contracted on an annual foundation and the retainer hours can be utilized in any mixture of proactive and reactive companies. If extra hours are wanted, clients can simply uplift additional hours as necessities change.

This service gives our quickest response instances and direct entry to our international group of specialists. It was designed to work with cyber insurance coverage distributors and has versatile supply choices that meet the distinctive wants of every buyer.


  • Assigned Safety Supply Supervisor (SDM)—A named SDM will work with you all year long to proactively schedule companies and show you how to get the total worth of your retainer contract.
  • Assigned Incident Supervisor—A Microsoft incident response skilled to information your engagement throughout an energetic safety assault.
  • Intelligence-driven investigation—Menace investigation, digital forensics, log evaluation, malware evaluation assist, and attacker containment.
  • Compromise restoration—Help in restoration and remediation of important infrastructure, eradicating attacker management from an surroundings, regaining administrative management, and tactically hardening high-impact controls to forestall future breaches.
  • Proactive companies—Compromise Assessments and Disaster Readiness Workouts will check your group’s defenses, enhance your safety posture, and enhance resilience.
  • Quarterly risk briefings—Menace intelligence briefings with tailor-made steerage on rising developments and threats, evaluation, and validation of Indicators of Compromise and alerts, and premium supply of Nation State Notifications (Plan 2 solely).

Who Microsoft Incident Response helps

We hope you by no means must expertise a breach. However in case you do, you possibly can relaxation assured that we are going to do every little thing we will to assist your group get again to enterprise as normal. In alignment with Microsoft’s mission to empower each individual and each group on the planet to realize extra, we assist each group we will, together with:

  • New or present Microsoft clients.
  • Prospects that don’t use Microsoft Safety merchandise (it is a vendor-agnostic service).
  • Enterprise, authorities, schooling, and non-profit clients on the Microsoft industrial cloud.

Ecosystem partnership

One in every of our core rules at Microsoft Safety is safety for all. Assembly the wants of all types of organizations means providing alternative—not solely within the sorts of companies clients purchase however in who they purchase them from. On the finish of the day, we all know {that a} single supplier can’t meet the distinctive wants of each group. That’s why Microsoft is totally dedicated to working with an ecosystem of companions and applied sciences that present clients the flexibleness to decide on what suits their wants. 

Microsoft has an in depth safety companies companion ecosystem for purchasers throughout the globe to select from. Our incident response and Microsoft-verified MXDR answer companions have world-class capabilities and area experience, every providing a broad portfolio of specialised options throughout the Microsoft safety product portfolio. If you’re searching for companion companies, please go to the Microsoft Clever Safety Affiliation member listing to discover a answer to satisfy your wants.

In alignment with the growth of our Incident Response portfolio, we’re additionally saying a brand new partnership with incident response supplier, Kivu. Microsoft and Kivu will collectively work collectively to make the most of present relationships with cyber insurance coverage suppliers in responding to clients’ cyber incidents. Kivu will regard Microsoft because the premier possibility for post-breach remediation companies when Kivu purchasers want them, and Microsoft will regard Kivu as a trusted companion to deal with ransomware negotiations for purchasers looking for that service.

“Cybercrime won’t ever cease. We’ve got to companion, pool expertise, mix intelligence and work along with our public sector colleagues to guard organizations from cyber threats. Our alliance with Microsoft Safety combines our strengths to have extra affect on nearly any conceivable cybersecurity problem,” mentioned Shane Sims, CEO, Kivu Consulting, Inc. 

“Our mission is to safe the world so our clients can thrive.  Safety is a group sport, and incident response is among the most necessary areas for trade leaders to come back collectively in collaboration,” mentioned Kelly Bissell, Company Vice President of Safety Providers, Microsoft. “We stay up for working with Kivu and different companions to assist clients be secure and safe towards all cyberattacks. Prospects will be assured that their incident response wants will likely be addressed so their enterprise can thrive.”

To study extra about Microsoft Incident Response and the Incident Response Retainer, please go to our web site or learn our blogs within the Microsoft Safety Consultants collection.

Study extra

To study extra about Microsoft Safety options, go to our web site. Bookmark the Safety weblog to maintain up with our skilled protection on safety issues. Additionally, observe us on LinkedIn (Microsoft Safety) and Twitter (@MSFTSecurity) for the newest information and updates on cybersecurity.

1Price of a Knowledge Breach Report 2022, IBM. 2022.

2C-Suite Outlook 2023, The Convention Board. 2023.