CSIRT
Many large organizations have a Computer Security Incident Response Team (CSIRT) to receive, review, and respond to computer security incident reports, as shown in Figure 1. The primary mission of CSIRT is to help ensure company, system, and data preservation by performing comprehensive investigations into computer security incidents. To prevent security incidents, Cisco CSIRT provides proactive threat assessment, mitigation planning, incident trend analysis, and security architecture review, as shown in Figure 2.
Cisco’s CSIRT collaborates with Forum of Incident Response and Security Teams (FIRST), the National Safety Information Exchange (NSIE), the Defense Security Information Exchange (DSIE), and the DNS Operations Analysis and Research Center (DNS-OARC).
There are national and public CSIRT organizations like the CERT Division of the Software Engineering Institute at Carnegie Mellon University, that are available to help organizations, and national CSIRTs, develop, operate, and improve their incident management capabilities.
Figure 1 displays the names of different CSIRT organizations. The organizations include US-CERT, CERT-EU, Software Engineering Institute, APCERT, First. Figure 2 displays Cisco’s Response to heartbleed. Preparation: scanned 1.2 million vulnerable servers - 300 needed repair, helped develop signatures for Sourcefire and Cisco I D S, deployed signatures to I D S. Monitoring and response: discovered 25 attacks: 21 benign, 4 malicious, researched attack via Netflow analysis to discern normal connections from those that were anomalous and malicious.
Ещё видео!