Born at the end of the 1980s following the appearance of the Morris worm, the ancestor of malware, the CSIRT/CERT provides monitoring, prevention and handling of alerts following security incidents, all in a collaborative manner.
What is a CSIRT/CERT?
A CERT (or CISRT, Computer Security Incident Response Team), is a division whose mission is to manage and handle alerts following incidents, and to prevent security incidents. It reacts and proactively acts by collecting data from sources external to the organization, whose alerts will be processed by analysts.
There are mainly two types of CERT/CSIRT:
- Internal to their parent organisation;
- External to their parent organization, providing services.
CERT activities cover a broader spectrum than simple incident response:
- A technical component comprising reactive services, such as alert handling, and proactive services through malware analysis, forensic analysis, and audits;
- A component focused on security quality management: risk analysis, fraud management, phishing prevention, and data theft mitigation.
Beyond simple support in the event of a security incident, a CSIRT/CERT enables an organisation to implement its security policy by providing a range of services:
- Threat intelligence,
- Risk analysis,
- Detection service development,
- Security advisory services,
- Business continuity plan development, training and certification.
Cyber Threat Intelligence
Threat Intelligence (Threat Intelligence) provides a complementary means of identifying current threats and risks. This intelligence enables the collection of information on:
- Potential threat sources,
- Data breaches,
- The evolution of legislation,
- The new security solutions,
- Attacks suffered by partners or competitors, etc.
In a collaborative spirit within an organisation, intelligence monitoring is a means of involving all employees in security topics, and of meeting the needs of the various stakeholders responsible for the security of the company, its products, and its services.
The operational powers of CSIRTs/CERTs, and their collaborative resources, make them central actors in an organisation's security strategy, and effective in protecting its assets.
Would you like to learn more about our Cybersecurity services offering?