CyCraft Joins International Forum of Incident Response & Security Teams

Threat actor capabilities are continually evolving; new and stealthier tools continuously emerge. Maintaining up-to-date threat intelligence is paramount. Through joining FIRST, we aim to share our knowledge and services to aid the global community in the fight against sophisticated threat actors and to continue to accumulate threat intelligence and experience to better serve our customer community with increased accuracy and efficiency against cyber threats.

As of February 25 of 2020, CyCraft’s Taiwan subsidiary, CyCarrier, has been a proud member of FIRST (the Forum of Incident Response and Security Teams).

Who is FIRST?

The Forum of Incident Response and Security Teams (FIRST) is an international confederation of trusted incident response (IR) teams, also referred to as Computer Security Incident Response Teams (or CSIRTs). They cooperatively handle cybersecurity incidents by providing access to the best practices, tools, threat intelligence, and trusted communication with fellow FIRST members. Since its formation in 1990, FIRST has become a recognized global leader in incident response and currently has 531 IR teams in 96 different countries.

CyCraft’s CSIRT is Ready to Get to Work

CyCraft’s CSIRT team, CyCarrier Computer Security Incident Response Team (CCCSIRT), is proud to join FIRST in its mission to promote a safer and more secure global cyber environment. Our CSIRT specializes in AI-driven forensics to detect threats, identify threats, analyze threats, and coordinate incident response.

Our AI-driven solution will not only conduct cross-endpoint root cause analysis but will also analyze the root cause of the overall incident and auto-correlate disparate attack data into one incident attack storyline to help SOCs understand the narrative of the attack in its entirety. We work with you to provide a fast, accurate, and thorough incident resolution.

Increased Threat Intelligence

FIRST is the premier international incident response organization. The collective shared threat intelligence of over 531 CSIRTs from 96 countries allows each of us to conduct incident response investigations more efficiently, accurately, and thoroughly.

We also contribute to global threat intelligence as Taiwan’s official departments suffer from hundreds of successful internet attacks each year, more than half of which come from assaults by China’s cyber army, Reuters reports. Taiwan governmental departments face frequent cyberattacks and scanning of their vulnerabilities, with the attack volume reaching 10 million a month.

Having Taiwan join the global cybersecurity conversation allows us to share firsthand threat intelligence, including observed adversarial TTP (tactics, techniques, procedures), hacker tools, and threat actor behavior.

While we continue to improve our capabilities and better our solutions, the real winner is our growing customer community.

Security Incidents

CCCSIRT provides AI-driven digital forensics for security incidents, which can include APT-level attacks, malware infections, data breaches, identity theft, and web-based attacks. We offer five levels of support across the entire FIRST CSIRT Services Framework.

CCCSIRT Offers Five Levels of Support

CCCSIRT Services Framework

FIRST defines their CSIRT Services Framework as “a high-level document describing in a structured way the collection of cybersecurity services and associated functions that CSIRTs and other teams providing incident management related services may provide. The framework is developed by recognized experts from the FIRST community with strong support from the Task Force CSIRT (TF-CSIRT) Community, and the International Telecommunications Union (ITU).”

Powered by our AI-driven solution and team of expert analysts, our CSIRT provides five levels of support throughout all five areas of the CSIRT Services Framework. While our CCCSIRT does specialize in certain areas of the framework, such as Information Security Event Management, we understand that each organization’s cyber situation is unique and requires thorough and transparent communication with our team and yours.

CyCraft CSIRT Prioritized Services as Defined by the FIRST CSIRT Services Framework

Service Area: Information Security Event Management

This service area aims to identify incidents based on the correlation and analysis of security events from a wide variety of contextual data sources. In larger organizations, this service area is typically assigned to a Security Operations Center (SOC); however, not all organizations have SOCs capable of running an IR investigation to the degree they prefer.
Our CSIRT specializes in this service.

More information available here.

Service Area: Information Security Incident Management

CSIRTs not only collect and evaluate information security incident reports but also analyze relevant data and perform detailed technical analysis of the incident itself and any artifacts used. In most instances, CSIRTs will not handle crisis management; however, they can offer support.

Our CSIRT is uniquely qualified to provide fast, accurate, and thorough analyses of securing incidents, artifacts, and forensic evidence. We work with you and your organization to provide professional, tailored solutions to your unique cyber situation.

More information available here.

Service Area: Vulnerability Management

This service area includes services related to the discovery, analysis, and handling of new or reported security vulnerabilities in a customer’s information systems. This also includes services related to detection and response to known vulnerabilities to prevent them from being exploited.

Our CSIRT specializes in vulnerability discovery, research, and analysis.

More information available here.

Service Area: Situational Awareness

Our team of expert security analysts, combined with our AI-driven solution, quickly gain situational awareness of your cyber situation, identify and anticipate potential threats, correlate disparate attack data, and present our findings to you in a fast, accurate, simple, and thorough manner. Our goal is to empower you with accurate intelligence, so you can lead your organization with clarity and confidence.

More information available here.

Service Area: Knowledge Transfer

Good security doesn’t stop at the end of an incident response. Organizations need to stay aware of their cyber situation, their defense capabilities, known potential threats, and more. Our CSIRT collaborates with you and your organization to ensure you stay cyber resilient.

More information available here.

Let’s Get to Work

CyCraft hunts for, detects, and defeats APT-level threats. Our CyCraft CSIRT, combined with our AI-driven digital forensics, works with you and your organization to keep your organization safe and clean. We’re ready to get to work and get you back to business.

Contact Us

Contact our CSIRT via our PGP key or through our website.

CyCraft at the MITRE ATT&CK Evaluations

Craft joined the second round of evaluations against APT29. CyCraft is the first Taiwanese cybersecurity firm to participate in the ATT&CK Evaluations as well as the youngest firm to ever participate. You can view our results against the APT29 Evaluation.

Follow Us

Blog | LinkedIn | Twitter | FacebookCyCraft

When you join CyCraft, you will be in good company. CyCraft secures government agencies, Fortune Global 500 firms, top banks and financial institutions, critical infrastructure, airlines, telecommunications, hi-tech firms, and SMEs.

We power SOCs with our proprietary and award-winning AI-driven MDR (managed detection and response), SOC (security operations center) operations software, TI (threat intelligence), Health Check, automated forensics, and IR (incident response), and Secure From Home services.

Additional Related Resources

Article Link: