Jet CSIRT (Computer Security Incident Response Team)

2025: PT Sandbox Implementation

Jet Infosystems Information Security Incident Response Unit has expanded the capabilities of Jet CSIRT thanks to the use of PT Sandbox from Positive Technologies. This was reported to Jet Infosystems on January 31, 2025.

Jet CSIRT uses both commercial and proprietary tools to analyze malware. ON The application of PT Sandbox is one of the steps to expand the response team's arsenal of tools and allows Jet CSIRT analysts to obtain additional information for analysis based on behavioral characteristics, compare data from other tools with the results of the PT Sandbox analysis, and use the sandbox's capabilities to automate some stages of the study.

The sandbox from Positive Technologies allows you to automatically receive information about the behavior and network interactions of malware, analyzes artifacts extracted from it. These and other PT Sandbox capabilities will enhance Jet CSIRT's analytical potential by allowing deeper exploration of malware behavior and more accurate identification of its type, directly affecting incident response rates and reducing potential damage to customers.

In the context of evolving cyber threats and the emergence of new types of malicious software, the completeness of analysis is a key factor for effective protection. The integration of PT Sandbox into the workflow has provided additional information about malware, as well as verify the conclusions drawn from data from our other tools. We expect that our experience in using PT Sandbox will positively affect the further development of the product, "said Ruslan Amirov, Head of Expert Monitoring and Response Services at Jet CSIRT, Jet Infosystems.

Cooperation between Positive Technologies and Jet Infosystems is aimed at improving the efficiency of identifying and investigating complex cyber threats.

The sandbox is indispensable for building comprehensive information security in any company, but it is also interesting to use Sandbox to investigate incidents, where it is also impossible to carry out full-fledged work without an effective and fast tool that determines whether a file or link is malicious, "said Sergey Osipov, head of malware protection at Positive Technologies. - The fact that PT Sandbox is part of the toolkit of one of the strongest Russian investigative teams proves that the market appreciates the product. We see the prospect in cooperation with Jet CSIRT and expect that the experience of using PT Sandbox in practical activities will allow us to receive valuable feedback for further development.

2023: Client Cabinet Design and Launch

The first Bit on April 19, 2023 announced that he had designed a client cabinet for the Jet CSIRT information security service. Read more here.

2021: Accreditation of the international information security community FIRST

On July 30, 2021, the Jet CSIRT Incident Monitoring and Response Center of Jet Infosystems received accreditation from the international information security community FIRST (Forum of Incident Response and Security Teams), which unites more than 500 expert teams from around the world as of July 2021.

Membership in the organization opens up additional opportunities for Jet CSIRT to combat. cyber threats Now the monitoring center specialists will be able to quickly exchange with other community members information about current cyber attacks (for example, indicators of compromise, vulnerabilities, harmful campaigns, etc.). In addition, Jet CSIRT can now proactively influence the process of suppressing regional and global cyber threats: announce information about attacks and influence the reputation of individual indicators of compromise.

For July 2021, Jet CSIRT's internal processes for the study of cybercriminal tactics and techniques, as well as incident investigation, have added information exchange capabilities with FIRST and included response mechanisms from this organization.

Exchange information is always better than isolation. It allows the industry to more effectively deal with cyber threats around the world, - said the Alexey Malnev head of the Jet CSIRT incident monitoring and response center of Jet Infosystems. - We thank the expert teams BI.Zone Fortinet and FortiGuard Labs for the positive recommendations during Jet CSIRT's entry into the FIRST community. Such support from colleagues is an excellent example of professional cooperation for the development of the industry and the information security community.

Jet CSIRT was created in 2018 to help organizations counter cyber threats and investigate complex information security incidents. As of July 2021, about 60 specialized specialists work in the center. Jet CSIRT provides expert services to more than 100 organizations, being one of the leaders in the information security industry among service providers.

To join FIRST Jet CSIRT, it was necessary to confirm the high qualifications of the team and the industry vision of information security in terms of cyber threats. Numerous victories of the center's specialists at specialized CTF events, ISO/IEC 27001:2013 certification, and the practical implementation of Threat Intelligence services also played a significant role.

2020: Obtaining status of the Corporate center State system of detection, prevention and elimination of consequences of computer attacks

On February 25, 2020, the company Jet Infosystems"" announced the conclusion of an agreement on the interaction INFORMATION SECURITY of the Jet CSIRT Incident Monitoring and Response Center with the National computer Incident Coordination Center () NCCCI to provide expert services for organizing interaction with. State system of detection, prevention and elimination of consequences of computer attacks

Earlier, the portfolio of Jet Infosystems services in terms of protecting critical information infrastructure (CII) facilities included examining and categorizing CII facilities, designing and implementing information protection tools, developing organizational and administrative documentation and operating security systems. With Jet CSIRT receiving the status of the Corporate State system of detection, prevention and elimination of consequences of computer attacks Center, expert services for transmitting data on information security incidents to the regulator were added to this list. Now the IT company will be able to close the tasks of customers to ensure the safety of CII facilities and fulfill the requirements of legislation in this area "turnkey."

The transfer of functions for interaction with State system of detection, prevention and elimination of consequences of computer attacks to outsourcing to Jet Infosystems allows companies to reduce the costs of forming and maintaining a staff of information security specialists, not to organize their own data transmission channel to NCCC and save on building the processes of categorization, filtering and processing cyber incidents in CII facilities.

The choice of the Corporate State system of detection, prevention and elimination of consequences of computer attacks Center to transfer data on information security incidents to the regulator does not cancel the requirements for the presence of an information security team at the customer, but it reduces the load on it. Such a service can be formed from a minimum number of specialists who will only oversee the work of the service provider and will be able to focus on solving internal problems. Moreover, due to the refusal of night shifts on duty, information security specialists can reduce the cost of PHY by 2-3 times. As for equipment and licenses, here the savings can also be multiple. At the same time, it is important that such outsourcing allows to increase the effectiveness of preventive protection measures, detection and response measures, since specialized experts with extensive experience are engaged in these tasks. commented Alexey Malnev, Head of the Center for Monitoring and Response to Incidents Information Security Jet CSIRT company "Jet Infosystems"

Jet CSIRT transmits information about incidents in significant objects to the State system of detection, prevention and elimination of consequences of computer attacks around the clock - within 3 hours from the moment of their occurrence. In the next 48 hours, the Center also notifies the NCCCA of the measures taken to respond to the attack. In the case of insignificant objects of CII, notification of malicious activity occurs within 24 hours.

Data is transmitted automatically via a secure channel in accordance with the regulations agreed with the customer. To exclude sending information about false positives of protective equipment to State system of detection, prevention and elimination of consequences of computer attacks, information is additionally checked by information security incident monitoring analysts.

{{quote 'author=added Alexey Malnev' We apply a systematic approach to protecting the data of our customers: we not only comply with the requirements of regulators in the field of information security, but also implement international standards. We recently received confirmation in the form of a Certificate of Compliance of our Information Security Management System with the requirements of the international standard ISO/IEC 27001:2013. I would like to note that in Russia few IT companies successfully pass such certification, since it involves a detailed audit of all internal processes, checking the technologies and skills of the team, }}

The Jet CSIRT team helps owners of CII facilities and in solving tasks to respond to cyber incidents. Depending on the option selected (consulting or technical response), experts can provide customers with accurate response instructions or implement the entire Incident Response process in-house.

A set of services from Jet Infosystems for the protection of turnkey CII facilities will be in demand by companies in the financial sector, enterprises in the power, mining, metallurgical and chemical industries, as well as other organizations covered by the 187-FZ "On the Security of Critical Information Infrastructure in the Russian Federation" and its by-laws.

2018: Jet CSIRT (Computer Security Incident Response Team) service launched

On August 30, 2018, Jet Infosystems announced that it was launching a service for monitoring and responding to information security incidents - Jet CSIRT (Computer Security Incident Response Team).

According to the company, Jet CSIRT includes both the services of the traditional commercial SOC (Security Operation Center) - monitoring and detection of information security incidents - and advanced services for responding to information security incidents, operating information protection tools, penetration testing and others.

CSIRT's flexible service policy allows customers to create a package of services based on their tasks and the level of maturity of information security processes:

• monitoring of information security events;
• investigation of information security incidents;
• information security incident lifecycle management;
• technical response to information security incidents;
• operation of information protection tools;
• comprehensive information security consulting;
• security audit and analysis and others.

One of the activities of Jet CSIRT is to help organizations with critical information infrastructure (CII) in the implementation of interaction with State system of detection, prevention and elimination of consequences of computer attacks. Jet CSRIT experts assist in building systems for the interaction of State system of detection, prevention and elimination of consequences of computer attacks segments with its center (main or territorial), as well as in fulfilling the technical and organizational requirements of regulators.

According to company representatives, to collect events and correlate information security incidents, customers can use both their own SIEM system and the cloud system provided by the integrator from a secure virtual data center. Jet CSRIT uses information security market leaders (HP, IBM, PT, Fortinet, Splunk, etc.) as monitoring and response tools, which also allows you to choose the architecture and configuration optimal for the customer. Own developments of "Jet Infosystems" are also used - for example, a product of the IRP (Incident Response Platform) class - Jet Signal is used to manage the life cycle of information security incidents.

The Jet CSIRT team is based on the monitoring team (solving the tasks of collecting, normalizing, storing events and correlating incidents, managing vulnerabilities, analytics) and the response team (responsible for limiting and neutralizing threats, restoring infrastructure, information security expertise, consulting, administering IPS, etc.). In addition to the allocated specialists, specialized experts of the Information Security Center "Jet Infosystems" are involved in the work: service administrators of SSI, pentesters, architects and auditors of information security.

As of August 2018, the Jet CSIRT Incident Response Center is already actively operating and providing services in the public sector and a number of industries in the commercial sector.