CERT-LEXSI Update w - TERENA · CERT-LEXSI Services 12 5 RT-XSI n Our direct CSIRT-related activities for our constituency: • Incident Response (Forensics, RCE, DDoS) • Cybercrime

1

CERT-LEXSI > 35th TF-CSIRT Meeting

CERT-LEXSI Update

1

CERT-LEXSI 06/02/2012

Serv

ices

ove

rvie

w

CERT-LEXSI Presentation

1. Independent Service Provider Customer Base CSIRT team in France

established in 2001

2. 34 (+4) Multilingual Team

3. Our services are available on:

• A basic schedule : Monday to Friday, 9hr to 19hr

• An extended schedule : 7hr30 to 20hr30

• 24/7/365

4. Network of strong relationships (LEAs, CSIRTs, Editors, etc.)

5. Accredited in 2009 by Trusted Introducer into TF-CSIRT

6. Autorized “CERT” User by CERT® Coordination Center (CERT/CC)

7. Member of several Working Groups

(SignalSpam, Phishing-Initiative, etc.)

06

/02

/20

12

2

CER

T-LE

XSI

pre

sen

tati

on

CERT-LEXSI 24/7

06

/02

/20

12

3

CER

T-LE

XSI

pre

sen

tati

on

Montreal

Paris

Singapore

CERT-LEXSI Constituency

06

/02

/20

12

4

CER

T-LE

XSI

pre

sen

tati

on

50%

21%

15%

9% 5%

Banking - Assurance

Industry - Energy -Utilities

Services - Transports - Distribution

Public

Télécoms

CERT-LEXSI Services

06

/02

/20

12

5

CER

T-LE

XSI

pre

sen

tati

on

Our direct CSIRT-related activities for our constituency:

• Incident Response (Forensics, RCE, DDoS)

• Cybercrime detection, investigation and mitigation

• Phishing, malware, domains, profiling, studies

• Vulnerability management (vulnerability database and alerting)

• IT products stressing (fuzzing, RCE, code audit)

• Awareness and training

CERT-LEXSI Extranet

06

/02

/20

12

6

CER

T-LE

XSI

pre

sen

tati

on

• Secure Extranet platform to check and manage alerts

• Important Internal development

CERT-LEXSI 2011 Projects

06

/02

/20

12

7

CER

T-LE

XSI

pre

sen

tati

on

• Malware Analysis Sandboxes (Android, iPhone)

• Malware day to day monitoring platform

• Hacktivism & Malware Data Leakage Detection

• “so-called” APTs

• Building Internal CSIRTs

CERT-LEXSI Main Issues

06

/02

/20

12

8

CER

T-LE

XSI

pre

sen

tati

on

• 2008: 100 Phishing Countermeasures -> 2011: 10.000 !

• How to deal with Smartphone's security and monitoring ? (iPhone iOS emulation, Android Market / AppStore apps fluxes)

• Heterogeneous & large constituency -> Less visibility (no IRT)

06

/02

/20

12

9

CER

T-LE

XSI

pre

sen

tati

on

CERT-LEXSI

https://cert.lexsi.com/weblog

[email protected]

+33 810 33 60 60