Jet CSIRT (Computer Security Incident Response Team)

2023: Client Cabinet Design and Launch

The first Bit on April 19, 2023 announced that he had designed a client cabinet for the Jet CSIRT information security service. Read more here.

2021: Accreditation of the international information security community FIRST

On July 30, 2021, the Jet CSIRT Incident Monitoring and Response Center of Jet Infosystems received accreditation from the international information security community FIRST (Forum of Incident Response and Security Teams), which unites more than 500 expert teams from around the world as of July 2021.

Membership in the organization opens up additional opportunities for Jet CSIRT to combat. cyber threats Now the monitoring center specialists will be able to quickly exchange with other community members information about current cyber attacks (for example, indicators of compromise, vulnerabilities, harmful campaigns, etc.). In addition, Jet CSIRT can now proactively influence the process of suppressing regional and global cyber threats: announce information about attacks and influence the reputation of individual indicators of compromise.

For July 2021, Jet CSIRT's internal processes for the study of cybercriminal tactics and techniques, as well as incident investigation, have added information exchange capabilities with FIRST and included response mechanisms from this organization.

Exchange information is always better than isolation. It allows the industry to more effectively deal with cyber threats around the world, - said the Alexey Malnev head of the Jet CSIRT incident monitoring and response center of Jet Infosystems. - We thank the expert teams BI.Zone Fortinet and FortiGuard Labs for the positive recommendations during Jet CSIRT's entry into the FIRST community. Such support from colleagues is an excellent example of professional cooperation for the development of the industry and the information security community.

Jet CSIRT was created in 2018 to help organizations counter cyber threats and investigate complex information security incidents. As of July 2021, about 60 specialized specialists work in the center. Jet CSIRT provides expert services to more than 100 organizations, being one of the leaders in the information security industry among service providers.

To join FIRST Jet CSIRT, it was necessary to confirm the high qualifications of the team and the industry vision of information security in terms of cyber threats. Numerous victories of the center's specialists at specialized CTF events, ISO/IEC 27001:2013 certification, and the practical implementation of Threat Intelligence services also played a significant role.

2020: Obtaining status of the Corporate center State system of detection, prevention and elimination of consequences of computer attacks

On February 25, 2020, the company Jet Infosystems"" announced the conclusion of an agreement on the interaction INFORMATION SECURITY of the Jet CSIRT Incident Monitoring and Response Center with the National computer Incident Coordination Center () NCCCI to provide expert services for organizing interaction with. State system of detection, prevention and elimination of consequences of computer attacks

Earlier, the portfolio of Jet Infosystems services in terms of protecting critical information infrastructure (CII) facilities included examining and categorizing CII facilities, designing and implementing information protection tools, developing organizational and administrative documentation and operating security systems. With Jet CSIRT receiving the status of the Corporate State system of detection, prevention and elimination of consequences of computer attacks Center, expert services for transmitting data on information security incidents to the regulator were added to this list. Now the IT company will be able to close the tasks of customers to ensure the safety of CII facilities and fulfill the requirements of legislation in this area "turnkey."

The transfer of functions for interaction with State system of detection, prevention and elimination of consequences of computer attacks to outsourcing to Jet Infosystems allows companies to reduce the costs of forming and maintaining a staff of information security specialists, not to organize their own data transmission channel to NCCC and save on building the processes of categorization, filtering and processing cyber incidents in CII facilities.

The choice of the Corporate State system of detection, prevention and elimination of consequences of computer attacks Center to transfer data on information security incidents to the regulator does not cancel the requirements for the presence of an information security team at the customer, but it reduces the load on it. Such a service can be formed from a minimum number of specialists who will only oversee the work of the service provider and will be able to focus on solving internal problems. Moreover, due to the refusal of night shifts on duty, information security specialists can reduce the cost of PHY by 2-3 times. As for equipment and licenses, here the savings can also be multiple. At the same time, it is important that such outsourcing allows to increase the effectiveness of preventive protection measures, detection and response measures, since specialized experts with extensive experience are engaged in these tasks. commented Alexey Malnev, Head of the Center for Monitoring and Response to Incidents Information Security Jet CSIRT company "Jet Infosystems"

Jet CSIRT transmits information about incidents in significant objects to the State system of detection, prevention and elimination of consequences of computer attacks around the clock - within 3 hours from the moment of their occurrence. In the next 48 hours, the Center also notifies the NCCCA of the measures taken to respond to the attack. In the case of insignificant objects of CII, notification of malicious activity occurs within 24 hours.

Data is transmitted automatically via a secure channel in accordance with the regulations agreed with the customer. To exclude sending information about false positives of protective equipment to State system of detection, prevention and elimination of consequences of computer attacks, information is additionally checked by information security incident monitoring analysts.

{{quote 'author = added Alexey Malnev' We apply a systematic approach to protecting the data of our customers: we not only comply with the requirements of regulators in the field of information security, but also implement international standards. We recently received confirmation in the form of a Certificate of Compliance of our Information Security Management System with the requirements of the international standard ISO/IEC 27001:2013. I would like to note that in Russia few IT companies successfully pass such certification, since it involves a detailed audit of all internal processes, checking the technologies and skills of the team, }}

The Jet CSIRT team helps owners of CII facilities and in solving tasks to respond to cyber incidents. Depending on the option selected (consulting or technical response), experts can provide customers with accurate response instructions or implement the entire Incident Response process in-house.

A set of services from Jet Infosystems for the protection of turnkey CII facilities will be in demand by companies in the financial sector, enterprises in the power, mining, metallurgical and chemical industries, as well as other organizations covered by the 187-FZ "On the Security of Critical Information Infrastructure in the Russian Federation" and its by-laws.

2018: Jet CSIRT (Computer Security Incident Response Team) service launched

On August 30, 2018, Jet Infosystems announced that it was launching a service for monitoring and responding to information security incidents - Jet CSIRT (Computer Security Incident Response Team).

According to the company, Jet CSIRT includes both the services of the traditional commercial SOC (Security Operation Center) - monitoring and detection of information security incidents - and advanced services for responding to information security incidents, operating information protection tools, penetration testing and others.

CSIRT's flexible service policy allows customers to create a package of services based on their tasks and the level of maturity of information security processes:

• monitoring of information security events;
• investigation of information security incidents;
• information security incident lifecycle management;
• technical response to information security incidents;
• operation of information protection tools;
• comprehensive information security consulting;
• security audit and analysis and others.

One of the activities of Jet CSIRT is to help organizations with critical information infrastructure (CII) in the implementation of interaction with State system of detection, prevention and elimination of consequences of computer attacks. Jet CSRIT experts assist in building systems for the interaction of State system of detection, prevention and elimination of consequences of computer attacks segments with its center (main or territorial), as well as in fulfilling the technical and organizational requirements of regulators.

According to company representatives, to collect events and correlate information security incidents, customers can use both their own SIEM system and the cloud system provided by the integrator from a secure virtual data center. Jet CSRIT uses information security market leaders (HP, IBM, PT, Fortinet, Splunk, etc.) as monitoring and response tools, which also allows you to choose the architecture and configuration optimal for the customer. Own developments of "Jet Infosystems" are also used - for example, a product of the IRP (Incident Response Platform) class - Jet Signal is used to manage the life cycle of information security incidents.

The Jet CSIRT team is based on the monitoring team (solving the tasks of collecting, normalizing, storing events and correlating incidents, managing vulnerabilities, analytics) and the response team (responsible for limiting and neutralizing threats, restoring infrastructure, information security expertise, consulting, administering IPS, etc.). In addition to the allocated specialists, specialized experts of the Information Security Center "Jet Infosystems" are involved in the work: service administrators of SSI, pentesters, architects and auditors of information security.

As of August 2018, the Jet CSIRT Incident Response Center is already actively operating and providing services in the public sector and a number of industries in the commercial sector.