Close this search box.

Are you the victim of a security incident? Contact our CERT


Respond & Recover

Security incident response

You are a victim of a cybersecurity incident?

  • Disconnect (when possible) the machines from the network and keep them powered on.
  • Do not reboot them to avoid losing useful information during the analysis of the incident.
  • Notify your hierarchy by phone / SMS or preferably in person, avoid email which can be compromised if you suspect an extended takeover of your information system.
  • Secure your backups.
  • Start keeping a complete and time-stamped paper trail of events and actions.
  • Don’t contact the cybercriminals.
  • Call us quickly.


The cyber incident response team is made up of CERT (Computer Emergency Response Team) CWATCH analysts. These are professionals who regularly respond to security incidents. Our experts are available Monday to Friday from 8:30 am to 7:00 pm (CET, excluding holidays) to qualify any IT security incident and offer you an appropriate response mechanism.

  • Telephone (always preferred in case of emergency): +33 (0)1 83 75 36 94
  • Email: [email protected]
  • DÉTECTION: You contact CWATCH CERT as soon as you suspect an incident is in progress.
  • QUALIFICATION : A CWATCH expert calls you back to qualify the incident.
  • RESPONSE FACILITY: CERT CWATCH provides you with an initial response mechanism.
  • AGREEMENT:You formally confirm your agreement to start the response mechanism.
  • START-UP: We start response operations by intervening remotely or on site: collection, analysis, reaction & remediation
  • REVIEW: With the progressive understanding of the security incident, SOC experts regularly reviex the response strategy with you


The CERT CWATCH Security Incident Response Team is a team of multidisciplinary experts with the tools and skills and the ability to intervene remotely and on site to:

  • Confirm the security incident and the malicious nature.
  • Determine the impacted perimeter.
  • Identify the attacker’s modus operandi, the sequence of events and the vulnerabilities and other flaws that have been exploited.
  • Propose appropriate protective and/or corrective measures.
  • Collect and securely store evidence and technical traces related to the incident.
  • Present an exhaustive chronology of the incident, indicators of compromise and available information on the actors.

We can also advise you on crisis management, internal and external communication, insurance triggering, incident notification and complaint filing.

Our formulas

Find the content of this page in PDF format:

Would you like more information about this offer?

Almond commits itself to ensure that the collection and processing of your data, carried out from the site, are in conformity with the General Data Protection Regulation (GDPR) and with the modified law n° 78-17 of January 6, 1978, relating to the protection of personal data. The information collected on this form is recorded in a file computerized by Almond, in order to answer the requests for information. You can access the data concerning you, ask for their correction or their deletion. You also have a right of opposition, and a right to limit the processing of your data (see for more information on your rights). You can exercise your rights by contacting Almond's Data Protection Officer at the following address: [email protected]. Your data will be kept within the European Union, in accordance with the regulations in force.