Threat actor capabilities are continually evolving; new and stealthier tools continuously emerge. Maintaining up-to-date threat intelligence is paramount. Through joining FIRST, we aim to share our knowledge and services to aid the global community in the fight against sophisticated threat actors and to continue to accumulate threat intelligence and experience to better serve our customer community with increased accuracy and efficiency against cyber threats.
As of February 25 of 2020, CyCraft’s Taiwan subsidiary, CyCarrier, has been a proud member of FIRST (the Forum of Incident Response and Security Teams).
The Forum of Incident Response and Security Teams (FIRST) is an international confederation of trusted incident response (IR) teams, also referred to as Computer Security Incident Response Teams (or CSIRTs). They cooperatively handle cybersecurity incidents by providing access to the best practices, tools, threat intelligence, and trusted communication with fellow FIRST members. Since its formation in 1990, FIRST has become a recognized global leader in incident response and currently has 531 IR teams in 96 different countries.
CyCraft’s CSIRT team, CyCarrier Computer Security Incident Response Team (CCCSIRT), is proud to join FIRST in its mission to promote a safer and more secure global cyber environment. Our CSIRT specializes in AI-driven forensics to detect threats, identify threats, analyze threats, and coordinate incident response.
Our AI-driven solution will not only conduct cross-endpoint root cause analysis but will also analyze the root cause of the overall incident and auto-correlate disparate attack data into one incident attack storyline to help SOCs understand the narrative of the attack in its entirety. We work with you to provide a fast, accurate, and thorough incident resolution.
FIRST is the premier international incident response organization. The collective shared threat intelligence of over 531 CSIRTs from 96 countries allows each of us to conduct incident response investigations more efficiently, accurately, and thoroughly.
We also contribute to global threat intelligence as Taiwan’s official departments suffer from hundreds of successful internet attacks each year, more than half of which come from assaults by China’s cyber army, Reuters reports. Taiwan governmental departments face frequent cyberattacks and scanning of their vulnerabilities, with the attack volume reaching 10 million a month.
Having Taiwan join the global cybersecurity conversation allows us to share firsthand threat intelligence, including observed adversarial TTP (tactics, techniques, procedures), hacker tools, and threat actor behavior.
While we continue to improve our capabilities and better our solutions, the real winner is our growing customer community.
CCCSIRT provides AI-driven digital forensics for security incidents, which can include APT-level attacks, malware infections, data breaches, identity theft, and web-based attacks. We offer five levels of support across the entire FIRST CSIRT Services Framework.
FIRST defines their CSIRT Services Framework as “a high-level document describing in a structured way the collection of cybersecurity services and associated functions that CSIRTs and other teams providing incident management related services may provide. The framework is developed by recognized experts from the FIRST community with strong support from the Task Force CSIRT (TF-CSIRT) Community, and the International Telecommunications Union (ITU).”
Powered by our AI-driven solution and team of expert analysts, our CSIRT provides five levels of support throughout all five areas of the CSIRT Services Framework. While our CCCSIRT does specialize in certain areas of the framework, such as Information Security Event Management, we understand that each organization’s cyber situation is unique and requires thorough and transparent communication with our team and yours.
This service area aims to identify incidents based on the correlation and analysis of security events from a wide variety of contextual data sources. In larger organizations, this service area is typically assigned to a Security Operations Center (SOC); however, not all organizations have SOCs capable of running an IR investigation to the degree they prefer.
Our CSIRT specializes in this service.
More information available here.
CSIRTs not only collect and evaluate information security incident reports but also analyze relevant data and perform detailed technical analysis of the incident itself and any artifacts used. In most instances, CSIRTs will not handle crisis management; however, they can offer support.
Our CSIRT is uniquely qualified to provide fast, accurate, and thorough analyses of securing incidents, artifacts, and forensic evidence. We work with you and your organization to provide professional, tailored solutions to your unique cyber situation.
More information available here.
This service area includes services related to the discovery, analysis, and handling of new or reported security vulnerabilities in a customer’s information systems. This also includes services related to detection and response to known vulnerabilities to prevent them from being exploited.
Our CSIRT specializes in vulnerability discovery, research, and analysis.
More information available here.
Our team of expert security analysts, combined with our AI-driven solution, quickly gain situational awareness of your cyber situation, identify and anticipate potential threats, correlate disparate attack data, and present our findings to you in a fast, accurate, simple, and thorough manner. Our goal is to empower you with accurate intelligence, so you can lead your organization with clarity and confidence.
More information available here.
Good security doesn’t stop at the end of an incident response. Organizations need to stay aware of their cyber situation, their defense capabilities, known potential threats, and more. Our CSIRT collaborates with you and your organization to ensure you stay cyber resilient.
More information available here.
CyCraft is a cybersecurity company founded in 2017, focusing on autonomous AI technology. Headquartered in Taiwan, it has subsidiaries in Japan and Singapore. CyCraft provides professional cybersecurity services to government agencies, police and defense forces, banks, and high-tech manufacturers throughout the Asia-Pacific region. It has received strong backing from the CID Group and Pavilion Capital, a Temasek Holdings Private Limited subsidiary.