Forensics. Recovery. Resilience.
One Platform.

Rapidly resolve incidents and build a resilient environment through MOXFIVE.

Incident Response



MOXFIVE’s Platform enables organizations to work with a Technical Advisor who provides expertise and guidance when they need it most while facilitating the delivery of all technical needs required, consistently and efficiently.

We bring together the technology and expertise needed to deliver a superior experience for our clients.

Faster Response

MOXFIVE minimizes the business impact of cyber-attacks by coupling our ‘in the trenches’ experience with the capabilities of our platform.

Real-time Status & Progress Updates
Our MOXFIVE Platform streamlines the incident response process by providing a centralized view of key milestones and project details. MOXFIVE provides the clarity and peace of mind needed for attack victims during the incident response process.

Technical Expertise at Scale
The MOXFIVE Platform combined with our extensive Partner Ecosystem improves the customer experience with its ability to quickly scale to meet the demand for incident response services and deliver the expanded expertise, technologies, and resources clients need in the wake of a cyber-attack.

Smoother Process

Proven Incident Management Playbook
Our Technical Advisors have managed and led many of the most prominent security investigations in the world and can quickly assess any situation to determine the most efficient and cost-effective technical response strategy.

Seamless Execution
Once a plan is in place, our Technical Advisors work in tandem with our Incident Managers to deploy the team of experts needed and manage all technical workstreams through to completion.

Increased Visibility

Simple Unified View
The MOXFIVE Platform builds a comprehensive timeline of an attack so you can easily see, understand, and discuss what happened across multiple response teams.

Plan for the Future
Having a unified timeline can help teams better analyze what worked and what didn't so you can evaluate where improvements need to be made across processes, technologies, and teams.

Build Resilience

MOXFIVE has the front lines experience to help build a more resilient environment within budget and on schedule.

Roadmap and Implement
MOXFIVE Technical Advisors have the unique ability to connect the dots between business, IT, and security objectives to help you quickly identify gaps and implement controls.

Faster Procurement
Leverage your existing MOXFIVE relationship for a faster and more efficient procurement process with the wide range of capabilities from the MOXFIVE Partner Ecosystem.

 Incident Response

MOXFIVE introduces scale to the incident response process by focusing on speed and efficiency through our proprietary Platform. Our Technical Advisors will work with your team to clearly define the incident and develop the most effective response strategy. Once a plan is in place, your Technical Advisor will work in tandem with an Incident Manager to deploy the team of experts needed and manage all incident response efforts to completion.

Strategy and Execution are the key to Incident Response

Detection and
Restoration &
Help Desk
Dark Web
Detection &
Response (EDR)
Privileged Access

Business Resilience

With deep roots in incident response, security, and IT operations, MOXFIVE helps our clients assess technology gaps – whether before, during, or after an incident – to understand what’s needed to build more resilient business operations.

Security should start with the basics.  
We encourage organizations to start with these solutions to build the proper security foundation.

Priority Controls Bundle

Priority Controls Bundle

MOXFIVE recommends prioritizing these five solutions to improve IT infrastructure resilience.

Data Sheet

Multifactor Authentication

Multifactor Authentication

Implement MFA for email and remote access to mitigate unauthorized access to your environment.

Data Sheet

Endpoint Detection & Response

Endpoint Detection & Response

EDR tools provide strong prevention, containment and mitigation capabilities.

Data Sheet

Resilient Backups

Resilient Backups

Having resilient backups can significantly reduce the time and effort needed to recover.

Data Sheet

Privileged Access

Privileged Access

Minimize an attacker’s ability to operate in your network by strengthening security for privileged accounts.

Data Sheet

Network Segmentation

Network Segmentation

Strong network segmentation can help thwart a threat actor's ability to move laterally across the network.

Data Sheet

Active Directory Hardening

Active Directory Hardening

Properly securing AD is a critical step to prevent access throughout your IT environment.

Data Sheet

MOXFIVE can help. Our teams are on the front lines helping companies respond to incidents and restore IT operations every day. This experience gives us the unique ability to connect the dots between business, information technology, and security objectives and helps us understand how to quickly identify gaps and build a more resilient business environment. 

Advisory Services

IT & Security Strategy
Leverage MOXFIVE Technical Advisors to support development and execution of IT and security initiatives.
Security Services
Develop a tailored security program to find the right security solutions for your organizations.
Retainer Services
Establish an ongoing relationship with MOXFIVE as your “go to” resource for IT and security

IT Infrastructure

Asset Management
Track and assess IT inventory to optimize procurement decisions and incident response efforts.
Cloud Services
Develop and execute migration and/or optimization of cloud service providers.
Backup Infrastructure & Storage
Implement, manage, and optimize robust backup and data storage solutions.

Managed Services

IT & Security Services
Deploy, manage, and support IT networks and security technology  stack.
Security Awareness Training
Phishing exercises, red team/blue team training, and modular education programs for staff.
Dark Web Monitoring
Ongoing monitoring for critical information, stolen credentials, and threats targeting your organization.


Priority Controls
Deploy critical security controls including EDR, MFA, Network Segmentation, and more.
Deploy and monitor technology stack.
Analyze health of existing security via penetration testing and vulnerability assessments or conduct M & A due diligence.

To learn more about these offerings, download our Business Resilience data sheet or click to contact us.

Download Data Sheet

Reaching an all-time high, the cost of a data breach averaged $4.35 million in 2022.

From IBM’s "Cost of a Data Breach" Report, 2022
MOXFIVE Take:  The cost of a data breach is most typically impacted by the lack of proper guidance on the response and overengineered solutions that inadvertently delay recovery efforts. We can change that.


Understanding the Costs of Incident Response: Proper Security Controls

Having proper security controls in place are critical to preventing both the frequency and severity of cyber incidents.

Unmasking the Mystery of Cybersecurity Training: Turning Yawns into Yields

Cybersecurity training is often treated as a task done simply to check a box on a security checklist, but in reality, it's a critical element of a mature cybersecurity program.

Understanding the Costs of Incident Response: Counsel + Litigation

In this 7th post in our Understanding Costs of Incident Response series, we will explore the nuances of counsel and litigation costs in incident response and why they should be an integral part of an organization's cybersecurity planning.

Understanding the Costs of Incident Response: Business Interruption

Calculating business interruption costs after a cyber-attack can be complex and make insurance claims more complicated.

Understanding the Costs of Incident Response: Data Mining + Notification

Understanding what data has been affected and determining a notification plan is a critical aspect of incident response that comes with substantial costs and complexities.

Understanding the Costs of Incident Response: Recovery Costs

Recovery is the “meat & potatoes” of the incident response process. In the 4th blog of our series, Understanding the Costs of Incident Response, we look at the three primary paths organizations can take to get back to business as usual, each with its own unique set of challenges.

Understanding the Costs of Incident Response: Ransom Payments

To Pay or not to Pay? In this post, we look at things to consider when deciding whether or not to pay a ransom and why it may not be the "easy button" many think it is.

Understanding the Costs of Incident Response: Investigation Costs

In the second post of this series, we look at investigation costs. These are the first costs incurred and the investigation lays the foundation for the rest of the IR process.

Understanding the Costs of Incident Response

In this series, we look at the various costs that may be incurred during a typical ransomware incident and discuss key security controls that can help organizations minimize the impact of a cyber-attack.

Navigating the Cyber Insurance Market

As cyber threats evolve, understanding the changing cyber insurance market is essential for organizations to ensure adequate coverage. This article for looks at key points to keep in mind when considering a cyber policy.

Airiam Podcast: Flight Plan for Ransomware Recovery

Jim Aldridge joins our partners at Airiam on their podcast to discuss parallels he sees between flying a plane and successfully preparing for and responding to cybersecurity incidents.

Enterprise Remediation Part 2: Strategies for Containing and Recovering

In Part Two of our blog with CrowdStrike, we share proven strategies and techniques for effective large-scale remediation efforts.

Enterprise Remediation Part 1: Five Tips for Preparing and Planning

When an incident progresses to the point where enterprise remediation is required, the scope and scale of the response can be daunting. In this two-part series with CrowdStrike, we lay out a roadmap from planning to recovery.

The Future is Now, AI-Assisted Cybersecurity

Can new AI models such as ChatGPT be used to help cybersecurity teams? Yes! Here are three quick use cases.

8 Mitigation Options to Help Reduce the Impact of a Ransomware Incident

In this blog, we look at 8 examples of best practices that can be implemented to provide for a more resilient architecture.

Introducing the MOXFIVE Insights Report!

Our inaugural edition provides context around themes that impacted cybersecurity risk during the first half of 2022. Derived from providing forensics, recovery and resilience services through our platform, our goal is to provide a deeper understanding of the current cyber threat landscape and help organizations make better, more informed decisions.

Ransomware Recovery Tales: A Tale of Two Clients

When responding to a ransomware incident, making the right decisions is critical and can make the difference between an easier path or a harder one. In this blog, we tell the tales of two clients and lessons learned so you can avoid the hard path.

Ransomware and the Importance of Selecting the Right Digital Forensics Provider

Picking a forensics provider is one of the first critical decisions you have to make when faced with a cyber incident. In this blog, we cover the capabilities to consider when evaluating a potential provider.

Playing Chess with the Adversary: Value in Security Controls

Security, like chess, relies on having a variety of strategies and tactics to use for countering your opponent. This blog offers a variety of options to consider when devising your own plans to outwit your adversaries.

Investigating Business Email Compromises

Business Email Compromises (BECs) continue to be the one of the top attack vectors, costing organizations over $2.3 billion in 2021. In this blog, we share priorities and key methodologies for investigating these attacks.

Minimizing the Impact: Network Segmentation

Host-based microsegmentation offers a wide range of advantages over legacy counterparts allowing organizations to apply segmentation at much deeper granularity including host, user, or application levels.

Logging to Enable Forensics

Logs are critical sources for forensics investigations. This blog looks at various log sources and the key takeaways to consider when building the retention strategy that's best for your organization.

Incident Managers: Bringing Order to Chaos

Our MOXFIVE Incident Managers are critical to every project we manage at MOXFIVE. Learn more about their role and how they enable everyone in the process to focus on what they do best.

Minimizing the Impact: Securing Active Directory

Gaining access to Active Directory is often a goal of threat actors during an intrusion. In this blog, we look at two key workstreams that add security layers making it more difficult for threat actors to achieve this goal.

The Continued Risk of Log4j

The worst of the Log4j fire drill might be behind us (for now), but the opportunity for new exploits still remains. Learn how a Software Bill of Materials (SBOM) and other best practices can help reduce future impacts and improve your overall security posture.

Improving Cybersecurity Resilience: Starting the Journey, Part 2

In Part 2 of our Improving Cybersecurity Resilience blogs, we cover five additional capabilities that round out the list of security basics that we believe all organizations should implement.

Minimizing the Impact: Multifactor Authentication

Credentials being stolen, reused, or even guessed often leads to an intrusion, or turns what could have been a small incident into an enterprise-wide issue. Multifactor Authentication (MFA) is a critical layer of protection to help minimize this risk.

Improving Cybersecurity Resilience: Starting the Journey, Part 1

MOXFIVE recommends these six capabilities as a starting point for improving resilience due to their outsize contribution to reducing risk and mitigating damage.

Regulations + Insurance: Shifting the Tide

Regulations abound and new ones are added all the time, but breaches still happen. Why? Because compliance frameworks are flawed and do not get into the technical weeds on effective implementation. There is an opportunity for the insurance industry to help drive things forward, especially for SMBs.

Minimizing the Impact: Local Administrator Password Solution

Enabling Local Administrator Password Solution (LAPS) can help greatly reduce the blast radius of a cyber-attack and is a quick and simple process for most environments.

Minimizing the Impact: How Cloud-Based Services Could Reduce the Stress of Recovery

Using cloud-based services can help not only lift the burden of day-to-day IT and security tasks, but they can also provide a significant benefit when dealing with a ransomware attack.

Incident Management Chronicles: Striking The Right Balance

Finding the right balance between containment, recovery and forensics workstreams is the key to faster and more effective incident response.

Incident Management Chronicles: Recovery vs Forensics

The lines between forensics and recovery can easily blur during incident response. Using an approach that delivers both in parallel helps minimize business interruption and get organizations back online more quickly.

How to Mature Threat Hunting Programs

Building threat hunting skills within your team can help prevent burnout, up-level skills and give your team a broader understanding of your security environment.

Incident Management as a Platform: Scaling Incident Response

Learn how MOXFIVE's platform-based approach to incident management drives increased efficacy and quicker resolution of complex challenges while also reducing costs and making life easier for all parties involved.

Ransomware Payment Bans are Bad Policy

This year’s Colonial Pipeline breach turned a spotlight on the debate over whether or not cyber ransoms should be paid by victims of these attacks. This blog examines why we think payment bans are bad policy.

Open-source Security Spotlight: pfSense

Open-source software is used in a wide variety of projects, including the recent Mars helicopter, Ingenuity! In this blog, we take a look at the open-source network security solution, pfSense, and the many ways it can be used.

Visibility in Incident Response: Don’t Chase Ghosts in Your IT Estate

To effectively respond to a cybersecurity incident, having complete visibility into all assets (endpoint devices, applications, user accounts) across your IT estate is a critical success factor for recovering quickly and minimizing business disruption.

Dispatch from the Front Line

In July 2019 we posted our inaugural blog and introduced our idea of how a Technical Advisor could help companies better manage the incident response process. Two years (and hundreds of incidents) later, we've learned many lessons that help our clients recover quickly and effectively.

Tabletops Improve Incident Response

Tabletops can help improve organizational awareness and streamline Incident Response efforts. Learn how they can help mature your security posture and develop your teams' skills.

Maximizing Red/Blue Team Effectiveness

Fusing the efforts of your red and blue teams by implementing a purple team approach enables analysts to cross-train, collaborate, and respond more effectively during an incident.

Recover, Then Upgrade - One Problem at a Time

Four questions to ask if you're considering adding an upgrade to an in-progress recovery effort.

Common Misconceptions of Business Recovery

Recovering from a cyber incident is a complicated and challenging process. Read our top 6 factors that can help determine whether the recovery process runs smoothly... or not.

When it Comes to Cybersecurity, Money Talks

Changes in the cyber insurance industry are driving a change in how organizations are investing in security.

In Times of Crisis: Focus, Plan, Ask for Help

Every pilot learns the mantra "Aviate. Navigate. Communicate." during their initial flight training. Easy to remember in a crisis and it helps remind the pilot of the order of priorities required to execute an optimal recovery.

Ransomware is a Mere Symptom, Extortion-Based Crime is the Disease

Has the rise of ransomware distracted us away from the true issue at hand? Encrypted files, corrupted applications, deleted backups, and ...

Assessing Risk in the Wake of SolarWinds Attack

Over the last couple of weeks, we have all watched the details surrounding the SolarWinds attack unfold. The full scope of the attack wil...

Targeted Containment — Less is More

Prioritize efforts, consolidate focus, succeed.

Ransomware Recovery Tales: Prepare for Battle

Does your organization have everything it needs to be prepared for a ransomware incident?

Ransomware Recovery Tales: The Battle of Netwalker

Threat actors can deploy, ransomware without the need to build or manage underlying infrastructure.

Assessing Risk: The “How” is Just as Important as the “What”

See how we assess an organization’s security risk and ability to prevent ransomware attacks.

Backups: Ahh! To Zzz 😴

Sleep Soundly with Good Backups!

Ransomware Recovery Tales: Protect the Kingdom

For every ransomware incident MOXFIVE has assisted with, the primary concern during recovery has been the health of the core infrastructure

The Key to Successful Business Recovery

MOXFIVE’s “Break Glass” Strategy to Recovering from a Ransomware Attack Ransomware events can be the worst experience for any person

Think Before you “Brick”

Over the last year, insurance carriers have looked for innovative ways to expand coverage. One such area is coverage around “bricking”. A...

Incident Response: Endpoint Agent All the Things?

Understanding the role of Endpoint Technology in Incident Response

The Next Phase in Cyber Insurance

Cyber claims have departed from lost laptops and basic malware claims and the industry is now realizing that it's less prepared to deal with

Let’s Talk.

Need help with a current incident or want to know more about MOXFIVE?
Complete the form below and our team will get back to you shortly.