IronSights

Incident response · 24/7

When something breaks, we stop the bleeding.

Fast, structured incident response for Australian businesses. Ransomware, business email compromise, data breach — we contain the threat and get you back to normal.

Every engagement follows a five-stage response: contain, investigate, eradicate, recover, report. You'll know exactly what happened, how we fixed it, and how to prevent recurrence.

Call 1300 004 766How we respond
24/7 response
Contain within the first hour
NDB scheme reporting support

Our methodology

Five stages. Every time.

A repeatable methodology applied to every incident. No improvisation, no wasted time working out what to do next.

The fifth stage is the report. Most responders skip it. We don't.

Contain

Immediate isolation of affected systems and accounts. Every minute of inaction costs more. We move first.

Investigate

Forensic analysis to determine entry point, attacker timeline, data accessed, and whether the threat is still present.

Eradicate

Complete removal of the threat. Malware, backdoors, compromised credentials, and persistence mechanisms — all gone.

Recover

Safe restoration of systems and operations. We verify clean state before anything goes back online. No assumptions.

Scope

What's included
in every engagement.

Eight capabilities included as standard. No per-item billing, no surprises after containment.

24/7 availability

Active incidents don't wait for business hours. We're available around the clock for Fortify clients and retainer holders.

Forensic investigation

Entry point, attacker timeline, lateral movement, and data access — mapped and documented.

Threat eradication

Malware, backdoors, persistence mechanisms, and compromised credentials fully removed before recovery begins.

Safe recovery

Systems restored and verified clean before they go back online. No assumptions about what was and wasn't affected.

Incident report

Full timeline, root cause analysis, and board-ready narrative delivered within five business days of containment.

NDB scheme support

Reports structured to meet OAIC notification requirements under Australia's Notifiable Data Breaches scheme.

Insurance claim support

Documentation structured for cyber insurance claim submission, including incident timeline and remediation evidence.

Post-incident hardening

Hardening recommendations based on what the attacker used. Prevent the same incident from happening twice.

How to engage us

The best time to arrange incident response is before you need it. An IR retainer gives you guaranteed response times, pre-agreed terms, and a direct line to our team at any hour.

  • Fortify clients: IR included in your managed service
  • IR Retainer: guaranteed SLA and pre-agreed terms
  • On-demand: available subject to capacity
Enquire about a retainer

What we respond to

The incidents affecting Australian businesses most. From ransomware locking you out to a rogue employee exfiltrating data. We've responded to all of them.

  • Ransomware and extortion
  • Business email compromise (BEC)
  • Data exfiltration and theft
  • Insider threat incidents
  • Credential compromise
  • Phishing-driven breach
  • Cloud environment compromise
  • Supply chain attack

After we leave

You'll be stronger
than before the incident.

A breach is not just a crisis. It's a forensic opportunity.

Every IronSights engagement ends with hardening based on the attacker's actual methods. Not a generic checklist.

Threat removed

Not just the visible symptoms — the full persistence chain, every backdoor, every compromised credential. Verified clean before we hand back control.

Operations restored

Business back to normal as fast as the evidence allows. We don't keep you offline longer than necessary, but we don't rush clean state verification.

Root cause understood

You'll know exactly how it happened. Entry point, attacker timeline, and what they accessed. No guessing, no 'we think maybe'.

Recurrence prevented

Post-incident hardening closes the gap the attacker used. Many of our Fortify clients came to us following an incident. The right time to build continuous security is now.

Common questions

Asked by buyers like you.

Not in this list? Email hello@ironsights.com.au or book a 30-minute consultation. No obligation.

  1. We're under attack right now. What do we do?

    Call us immediately on 1300 004 766. Do not power off systems unless instructed — this can destroy forensic evidence. Do not pay a ransom without speaking to us first. We'll assess the situation and engage as fast as resources allow.

  2. What's included in a Fortify managed security engagement?

    If you're an active Fortify client, incident response is included in your service. We detect the incident, contain it, and manage the response. There are no additional charges for in-scope incidents.

  3. What's an IR retainer?

    An incident response retainer is a standing agreement that guarantees defined response times and pre-agreed engagement terms. You pay a monthly or annual retainer fee. If you need us, the paperwork is done and we engage immediately. Highly recommended for any organisation handling sensitive client data.

  4. Do you help with NDB scheme reporting?

    Yes. Australia's Notifiable Data Breaches scheme requires eligible breaches to be reported to the OAIC within 30 days. Our incident reports are structured to support this obligation, and we can assist with the notification process directly.

  5. Can you help after the incident is resolved?

    Yes. Post-incident hardening is included in every engagement. Many clients also transition to Fortify managed security following an incident — using the response findings as the foundation for ongoing protection.

Don't wait

Set up a retainer before the incident.

An IR retainer costs a fraction of an unplanned response engagement. Get the terms agreed now — so you're not doing it at 2am.

Enquire about retainers →