C.S.I.R.T

SpecialAI's computer security incident response team (CSIRT) responds to security issues that arise for our clients. The response varies dependent upon the seriousness of the event, the risk of further or additional damage, and the type of coordination and notification required.   SpecialAI's CSIRT offerings fall into the following three categories:

  1. Reactive services. These services are triggered by an event or request, such as a report of a compromised host, wide-spreading malicious code, software vulnerability, or something that was identified by an intrusion detection or logging system. Reactive services are the core component of  our CSIRT work and include:
    • Alert and Warnings
    • Incident Handling
    • Incident analysis
    • Incident response on site
    • Incident response support
    • Incident response coordination
    • Vulnerability Handling
    • Vulnerability analysis
    • Vulnerability response
    • Vulnerability response coordination
    • Artifact Handling
    • Artifact analysis
    • Artifact response
    • Artifact response coordination

  2. Proactive services. These services provide assistance and information to help prepare, protect, and secure constituent systems in anticipation of attacks, problems, or events. Performance of these services will directly reduce the number of incidents in the future. Proactive services include:
    • Announcements
    • Technology Watch
    • Security Audits and Assessments
    • Configuration and Maintenance of Security Tools, Applications and Infrastructure
    • Development of Security Tools
    • Intrusion Detection Systems
    • Security-Related Information Dissemination

  3. Security quality management services. These services augment existing and well-established services that are independent of incident handling and traditionally performed by other areas of an organization such as the IT, audit, or training departments. If the CSIRT performs or assists with these services, the CSIRT's point of view and expertise can provide insight to help improve the overall security of the organization and identify risks, threats, and system weaknesses. These services are generally proactive but contribute indirectly to reducing the number of incidents.  Security Quality Management Services include:
    • Risk Analysis
    • Business Continuity and Disaster Recovery Planning
    • Security Consulting
    • Awareness Building
    • Education/Training
    • Product Evaluation or certification