Are you under attack and unsure how to react?
Contact our CSIRT team here if it’s an emergency.
If not, read on to find the answers to all your burning CSIRT questions and learn more about Airbus Protect’s resident computer security incident response team.
Too often, when organisations are hit with a cyber-attack, they (understandably) panic. Your reflex response might be to simply unplug everything. Wrong. You’ll destroy the digital chain of evidence. And you’ll likely lose a huge quantity of important organisational data. IT security incidents can have disastrous consequences for your organisation. Therefore, you must be prepared to respond in the most effective way possible to a cyber-attack. This is where the CSIRT comes in.
What is a CSIRT?
A CSIRT is a team dedicated to handling live cybersecurity incidents. Its main role is to detect incidents, analyse and resolve them while minimising their impact. Large organisations may have their own in-house team. However, many use the services of a specialist third-party partner, such as Airbus Protect. Our CSIRT team is often deployed to work on cybersecurity incidents affecting governments, public institutions and private sector businesses across Europe.
Have more questions? Contact our team (non-emergency)
Frequently asked questions
Here are the CSIRT-related questions that we often get asked by clients.
Why does my organisation need a CSIRT?
Today, any organisation with an IT system is a target for cybercriminals. So, in theory, anyone could need the services of a CSIRT. That’s why it’s a good idea to talk to a partner before an incident happens. Usually, you’ll need administrative and financial approval before calling in a CSIRT. In other words, a contract will need to be signed. The first hours of an incident aren’t a good time to be drawing up and reviewing an agreement through endless emails, calls and meetings. You’ll be in a much better position to negotiate if you’re not simultaneously trying to handle a crisis!
Procuring the services of a CSIRT significantly improves your ability to respond to security incidents by reducing response times and minimising potential damage. In addition, a CSIRT can help you prevent incidents by identifying vulnerabilities in your IT infrastructure and recommending remedial measures. A CSIRT can also advise on regulatory compliance and good security practices.
What process does Airbus Protect’s CSIRT follow?
Every cyber-security crisis is unique. But regardless of the incident, our CSIRT has a robust set of protocols it must follow. The basic pillars of this are:
- Diagnose the incident, establishing the root cause using advanced investigation techniques: Working quickly is essential, as it enables the CSIRT to kickstart its response. Identifying which systems are compromised and how also helps the team to understand attackers’ motives.
- Eradicate the problem while maintaining the digital chain of evidence: The first step to eradicating an incident is preventing any further damage. Incident containment is all about stopping the spread to more systems, networks and assets. After an incident is contained, the CSIRT moves fast to remove malicious code from systems and kick out any cybercriminals who’ve gained access.
- Reconstruct the system and deliver it in working order: By establishing and maintaining a digital chain of evidence, our CSIRT helps you understand emerging cyber threats and develop new, better ways to respond.
- Investigate further, providing a detailed report with recommendations for how to secure systems and support data recovery: The CSIRT isn’t just here to bring the chaos under control, but to prevent it from happening again. This means developing detailed recommendations to help organisations improve their cyber-security posture.
I’m experiencing a cyber emergency. How do I contact your CSIRT?
If you’re experiencing a security breach or have any other urgent request, call our 24/7 team or fill in this form for a rapid response.
⦁ France: +33 9 72 30 13 99
⦁ German: fill in the form
⦁ Anywhere else: +33 9 72 30 13 99
What skills do you need within a CSIRT?
Each incident responder has a diverse set of skills and responsibilities, such as reverse-engineering malware or conducting forensics in cloud-based or mobile environments.
As well as IT security skills, members of a CSIRT need to have technical and analytical capabilities. Strong communication skills are also important, as they enable you to work effectively with different teams and stakeholders. Coordination and problem-solving skills are also necessary.
Why Airbus Protect?
Airbus Protect’s CSIRT brings together an elite group of cyber incident responders, incident handlers and crisis managers to protect our clients from various sectors. Our customers include governments, critical infrastructure providers, the Airbus ecosystem, public sector organisations and private businesses in all sectors. Our experts will help you respond to threats and contain them quickly to maintain your business continuity.
Our experts can:
- Quickly and robustly restore affected systems to your level of compliance
- Reduce data loss through rapid response
- Minimise the loss of monetary assets
- Provide first-class protection for your assets
Meet our team
Theodore, Julien and Emma work within Airbus Protect’s CSIRT and are based across Europe. Meet them below.
" I'm very proud of the work that we do in the CSIRT. Throughout my career, I’ve contributed to many assignments that successfully take the worst people off the streets by using digital forensics. One standout project involved using vehicle forensics to pull digital data from vehicles. Another was an internal security breach within a business, caused by an employee stealing customer data. We secured a search warrant to set up a wiretap, then installed a few tools onto the network to gather evidence that later supported their arrest. "
Theodore Wiggins, incident responder, Airbus Protect
" As an incident responder, I find the field both challenging and rewarding. I enjoy solving complex problems and helping to protect organisations from cyber threats. It’s important to constantly learn and adapt – the same applies to all CSIRT jobs. I also get an enormous sense of satisfaction in knowing that I’m helping to keep organisations and individuals safe from cyber-attacks. Previously, I was an apprentice within Airbus Protect’s SOC, where my area of expertise was implementing attacks in order to participate in their detection. At the end of this apprenticeship, I decided that I wanted to increase my skills in digital forensics and reverse engineering – hence moving to the CSIRT! "
Julien Houry, incident responder, Airbus Protect
Watch Emma Mullins’ presentation, cybersecurity analyst, Airbus Protect