The Advens CERT: here to save the day
CERT: definition
A CERT (Computer Emergency Response Team) is a defence team specialised in incident response, working close to crises and cyber attackers.
The two Advens CERTs
CSIRT (Computer Security Incident Response Team)
The CSIRT includes an operational team that steps in at the very beginning of a ransomware attack. It comprises individuals with an average of 20 years of experience, who can manage ultra-complex IS. The CSIRT also has a forensic team with surveyors and digital investigators. Their role is to examine evidence. These experts have extensive system administration skills.
CTI (Cyber Threat Intelligence)
This support team analyses and retrieves information on current threats and attack methods. Its members develop their knowledge using private information flows or by conducting open-source research, particularly by monitoring the deep or dark web.
The CERT has three main goals
- Help improve knowledge of cyber threats in France.
- Give back to the IT community by providing free reports. For example, it can collaborate with the ANSSI (the French National Cyber Security Agency) CERT to share information following an attack.
- Encourage “researcher” professionals to share their experiences with their peers at international conferences, like David Quesada’s feedback on an attack at the International Cybersecurity Forum.
The Advens CERT’s strengths
- The Advens CERT is in the process of being awarded PRIS certification (security incident response service provider) with ANSSI for its work in high-security contexts with French OIVs (companies vital for the French economy and security).
- It can provide services in all technological contexts (OT, IT), anywhere in the world.
Advens’ assets: a broad spectrum of experts that complement the CERT
When the CSIRT steps in at the heart of a crisis (a ransomware attack or otherwise), additional resources must be mobilised to continue the recovery and remediation stages. The aim? A 360° collaboration drawing on all of Advens’ expertise to provide the best possible assistance to the organisations we support.
#1 Recovery and remediation specialists
These experts rebuild a healthy information system that is founded on trusted areas. Cyber architects, technology specialists and SOC experts support the CERT, which can deploy an EDR to contain the attack and increase visibility.
#2 Crisis management specialists
Internal and external communication
These are people-focused professionals skilled at preparing for internal and external crisis communication. Their work ranges from talking to journalists who contact the affected client to helping to write press releases, reassuring internal teams, etc.
Operational monitoring in a crisis
These specialists are required to manage or provide operational support to the crisis unit, facilitate exchanges and ultimately reduce stress. They play a key role in coordinating or monitoring the measures agreed upon during the crisis management meetings.
“Volunteer firefighters”: back-up for the CERT
Like real volunteer firefighters, these staff members are here to reinforce the CERTs. They are our reservists! Their primary role may not be incident response, but they can help on-site during a crisis, which entails 24/7 assistance.
Contribution to rewarding assignments
Crisis management is about saving the client: everyone involved finds meaning in it. The sense of pride and satisfaction of being a volunteer firefighter is undeniable. These assignments come with important responsibilities!
Human and technical skills development
Supporting the CERT means growing and improving in your job at Advens, thanks to field experience and real-time crisis management. For a technical auditor, for example, learning about the attack methods used in “real life” allows them to refine their technique during a penetration test.
Breaking the routine
Being a volunteer firefighter at Advens is a new way of doing your job, closer to the attack. It also adds variety to your day-to-day work, while you develop your skills. Doubly useful!
“For an auditor, going on a CSIRT assignment offers a first-hand opportunity to analyse the methods of attack others use. It also lets you see the traces some tools and new attack techniques leave behind. The challenges of a pentest are always there because of the inherent demands. Within a limited time frame, we must retrieve the maximum amount of information and then correlate it to identify the process used by the attacker.”
Rémi Martin De Abia • Pentester at Advens
Becoming a volunteer firefighter or joining the Advens CERT is not just any job: it is an opportunity to experience an attack up close, develop your expertise with significant field experience and provide invaluable support to an organisation under attack. Apply now to become the next member of the Advengers team.