Your insurance for accessing experts and expertise in a cyber emergency

What is meant by CSIRT?

The Computer Security Incident Response Team (CSIRT) is a team of qualified specialists from various areas of cyber security that focuses on the response and management of cyber security incidents. The CSIRT is deployed in an emergency, such as hacker attack, to identify security incidents, regain control, and restore normal operations. In short, it minimizes potential damage.

The interaction of CSIRT and SOC

A CSIRT can provide Digital Forensic Incident Response (DFIR) services. The CSIRT complements the basic incident management of a Security Operations Center (SOC) with detailed forensic analysis and investigation. It identifies the causes, effects, and techniques of an attack, including detection, containment, and recovery. The team works closely with the existing organization to fully understand incidents, remediate vulnerabilities, and prevent future attacks. This combination of skills ensures a comprehensive and effective security strategy.

The Incident Response Retainer Service ensures that experts are available 24/7 and can respond quickly - whether remotely or on-site. This minimizes downtime and limits damage. Through regular collaboration and preventative measures, a CSIRT with a DFIR service significantly improves the security posture of the organization.

What is the added value of CSIRT and DFIR?

The DFIR service is an extension of the Incident Response service and focuses directly on incidents. It completes terreActive's service catalog in the sense of emergency protection with a team that is available around the clock and also on-site.
In an emergency, a CSIRT can help answer these questions:

• What will you do if something happens to your business?
• Scenarios: Crypto-Locker, security breaches, data leaks, malware.
• What are the priorities to maximize your company's chances of surviving the crisis?
• How and when should you communicate internally and externally?
• What legal issues should you consider in the event of an incident?
• Should you negotiate a ransom, and if so, how?
• Are you prepared for a company-wide crisis?
• What is the process to further analyze and mitigate the incident or restore business operations?
• Is an on-site deployment required?

Who should use a CSIRT?

Everyone who:

• has a cyber emergency
• would like to have access to additional experts to supplement their own security team in the event of an emergency
• want to bridge the time to build their own SOC team
• would like to secure themselves in the event of an emergency with additional resources from teams of experts and the relevant know-how.

If you are not yet a terreActive customer, you can purchase the CSIRT as an independent service.
For existing customers, access to our CSIRT is the ideal complement to the Threat Detection Service, with the option of on-site deployment.

CSIRT with DFIR service to complement existing SOC services

While you may be able to rely on a CSIRT in an emergency, you should still have a SOC organization with traditional SOC baseline services. These provide the necessary baseline protection against cyberattacks and minimize the risk of an incident occurring in the first place.
According to NIST, our SOC services, with a customized cyber defense platform, cover the areas of Identify, Protect and Detect, as well as certain standard mitigations in the area of Response. The CSIRT builds on this and can therefore provide the DFIR service much faster and more efficiently in the event of an emergency. The CSIRT thus completes the Respond and Recover areas of the NIST phases, providing the most comprehensive protection and support in all phases, including on-site deployment.

Preparation

Good preparation enables the CSIRT to respond efficiently and quickly. Ideally, an Incident Response Readiness Assessment is performed in advance with the customer and reviewed annually. The assessment covers the following items and documents them in a report that can be used for audits

• An evaluation of your infrastructure and processes
• A set of recommendations regarding your security posture
• Establishment of an emergency procedure (contacts)
• Define roles and responsibilities

The process and resolution of an incident

The CSIRT offers 360° cybersecurity for your company