CSIRT: Computer Security Incident Response Team

  1. Home
  2. Cybersecurity
  3. CSIRT: Computer Security Incident Response Team

Are you under attack and unsure how to react?
Contact our CSIRT team here if it’s an emergency.

If not, read on to find the answers to all your burning CSIRT questions and learn more about our services.

Discover Airbus Protect’s CSIRT and international Cyber Incident Response Centre.

When faced with a cyber-attack, many organisations understandably react in panic. A common reflex might be to unplug everything, but this can inadvertently destroy crucial digital evidence and lead to the loss of significant organisational data and assets. IT security incidents can have devastating effects, making it essential to be prepared to respond effectively. This is where the Cyber Security Incident Response Team (CSIRT) and its Cyber Incident Response capabilities play a vital role.

What is a CSIRT?

A CSIRT is a team dedicated to handling live cybersecurity incidents. Within such a team you will find skills like forensic analysis, reverse engineering, cyber threat intelligence and vulnerability analysis. Its main role is to respond to cybersecurity incidents, analyse and resolve them while minimising their impact. They use their downtime for tooling, hunting and overall preparation purposes. Large organisations may have their own in-house team. However, many use the services of a specialist third-party partner, such as Airbus Protect. This is a major advantage for your organisation, because you don’t have to maintain a permanent, costly team that has to constantly hone its skills and train live. Instead, it ensures that you call on a team that is regularly mobilised, experienced and up to date with regulations and best practices in the field of investigation. Our CSIRT team is often deployed to work on cybersecurity incidents affecting governments, public institutions and private sector businesses across Europe.

Have more questions? Contact our team (non-emergency)

cyber incident response

Airbus Protect Cyber Incident Response capabilities:

Airbus Protect, as your trusted partner, is always on the alert, looking out for you. Our priority is to protect your most valuable assets to build a safer future. Our 200+ experts specialise in digital forensics and incident response, reverse engineering and malware analysis, security operations, incident handling and threat management. We defend information systems, businesses, and critical services.

With Airbus Protect, you can focus on what’s really important – your core business! We will help you meet tomorrow’s challenges!

How does the CSIRT work at Airbus Protect?

Our team is aligned with best practice and national standards and procedures such as PRIS, BSI, CHECK, CREST, ISO27001 and ISO27035. The basic pillars of this are:

  • We qualify and analyse the incident, using various investigation techniques based on the situation: live forensics, hard drive cold copy, dead box, maximum stealth level. Working quickly is essential, so as to limit as much as possible the impact on your organisation. 
  • Using all the specialists within our organisation, we can scale an ad hoc team to meet the specific needs imposed on you by the attacker,  be it in size or in technical expertise.
  • We bring our own set of tools and capabilities, so as to be able to deliver our mission whatever the circumstances. In the eventuality that your own communications channels are compromised, we can onboard your organisation’s crisis management stakeholders into our communication infrastructure to allow for execution and command of your incident response plan.
  • Using our threat management capabilities, we identify the threat actor or modus operandi to help us in understanding the attacker’s motive, behaviour and means. This will in turn help us into formulating with you an adequate reaction plan.
  • Protecting and quickly getting back on track your activity is our foremost priority when engaged. But besides this, our endgame is to ensure that it won’t happen again. This means providing you with a complete walkthrough of the incident and recommendations to improve your system and posture.

Why is a CSIRT useful?

A CSIRT enables the fast identification of the scope of a breach, and guides an organisation through the most efficient course of action to remedy the situation. Having a standing CSIRT significantly improves your ability to respond to security incidents by reducing response times and minimising potential damage. 

Why choose Airbus Protect’s CSIRT services?

Airbus Protect offers its CSIRT services as a built-in capability to all its SOC clients, available 24/7 whenever you need us. With 15 years of experience, we have successfully tackled adversaries ranging from Advanced Persistent Threats and state-sponsored actors to ransomware attacks, where precision, technical expertise, stealth, and rapid decision-making have been crucial to our success.

Our Incident Responders are supported by a team of SOC analysts, engineers, and specialists in vulnerability analysis and digital risk protection. This enables us to deploy emergency SOC monitoring to ensure the quick reopening or continuity of your services and to determine if a breach resulted from a specific information leak.

We offer a retained service to act as your dedicated Cybersecurity Incident Response Team or to strengthen your internal CERT capabilities.

Retained Cyber Incident Response Services

To quickly stop an active breach or swiftly conduct digital forensic investigations, it’s crucial to prepare for such scenarios in your Cyber Incident Response plan. This includes securing the retained services of a CSIRT, ready to respond within the agreed service levels. The first hours of an incident are critical, so having pre-established contracts and response preparations will significantly enhance your ability to manage a crisis effectively.

The Cyber Incident Response of Airbus Protect retained service includes initial onboarding and annual refresher workshops to ensure your team is well-prepared before any crisis occurs. This service guarantees our prompt support within contractual service level agreements, providing the assistance you need when it matters most.

Meet our team

Julien and Markus work within Airbus Protect’s CSIRT and are based across Europe. Meet them below!

I’m very proud to be part of this amazing CSIRT Team. Together, we possess specialised knowledge and skills that are crucial in defending organisations against sophisticated cyber threats. We play a pivotal role in safeguarding sensitive information from unauthorised access, ensuring the privacy and security of data. As a team, we identify Ransomware and APT Groups, mitigate the incident and help avert potential damage to an organisation. Due to the constantly changing landscape of cyber threats, we are constantly learning the latest tactics of adversaries and challenging ourselves to stay one step ahead. Our work has a direct impact on neutralising cyber threats and helping to track down the criminals. This makes me proud to be part of the Airbus Protect CSIRT Team.

Markus Neumaier, Incident Responder, Airbus Protect

I’m an incident responder. This means I’m responsible for identifying, containing, and mitigating cybersecurity incidents for the customers of Airbus Protect’s CSIRT. This might include responding to security breaches, investigating cyber-attacks to establish a timeline of malicious actions or finding the modus operandi of threat actors.

Julien Houry, incident responder, Airbus Protect

Want to engage the services of Airbus Protect’s computer security incident response team? Contact us here.