Incident Response Service
Cybersecurity-related attacks have become more numerous and diverse, additionally they became more damaging and disruptive. New types of security-related incidents emerge frequently. Preventive activities based on the results of risk assessments can increase the Readiness, but not all incidents can be prevented.
Therefore incident response can’t be avoided. Barikat offers a variety of CSIRT services to its customers through its professional and experienced staff. Barikat’s CSIRT Services include not only the Incident Response Service but also many other services that enhance the Readiness of its customers.
Readiness
Barikat’s CSIRT Services that relate to Readiness can be grouped into two categories; Proactive Services and Security Quality Management Services.
Proactive services provide assistance and information to help prepare, protect, and secure systems. Proactive services will directly reduce the number of incidents in the future.
Security quality management services augment existing and well-established services that are independent of incident handling and are performed by other departments such as the IT, audit, or training departments. These services are generally proactive but contribute indirectly to reducing the number of incidents.
Barikat’s Proactive CSIRT Services:
- Announcements
- Intrusion Alerts
- Vulnerability Warnings
- Security Advisories
- Technology Watch
- Penetration Tests
- Configuration and Maintenance of Security Tools, Applications, and Infrastructures
- Development of Security Tools by R&D Department
- ASMA (Asset Manager)
- LODDoS (DDOS Automation Tool)
- SIPER (Cyber Threat Sharing Platform)
- 7x24 Central Monitoring (SOC) Services
- Level-1 Security Analyst
- Level-2 Security Analyst
- Security-Related Information Dissemination
- Cyber Threat İnformation Gathering and Sharing
- Managed Security Services
- On-site Security Services Support
Barikat’s Security Quality Management Services:
- Risk Analysis
- Business Continuity and Disaster Recovery Planning
- Compliance Audits or Assessments,
- SOC Analysis
- Security Architecture Analysis
- Effective Security Controls Analysis
- Security Consulting
- Awareness Building
- Education/Training by Barikat Academy
- Hacker School
- Role Based Courses
- Job Based Courses
- CSIRT Personnel Training
Response:
The amount of weaknesses that cannot be detected due to the increasing complexity of modern systems is increasing day by day. Correct and timely İncident Response is very important when exposed to a security incident in some way.
During the cyber incident; response with incompetent people or late response, always causes bigger problems. In such a case;
- The data may be lost,
- The evidence may be lost,
- Backups may become unusable,
- The data leak can reach large sizes,
- An attacker can clean his tracks,
- The service can take a very long time to return.
The technical team to serve in incident response process; should be made up of personnel with special skills such as; malware analysis, forensic knowledge, log investigation, security products expert, deep knowledge on operating systems, databases and networking. An incident response team personnel with all of these competencies is rarely available within the organization. Therefore with its large number of highly experienced and trained staff Barikat offers professional and timely Incident Response Services to its customers.
Barikat’s Reactive Services:
Response part of CSIRT services are triggered by an event or request, such as a report of a compromised host, widespread malicious code or defaced web site. After the detection of an incident, Barikat’s incident respond team starts acting properly and timely manner.
The Barikat Incident Response team shaped according to the type and scope of the event includes the following personnel;
- Barricade Academy and SANS trained team leader,
- SIEM and Security products specialists,
- Vendor independent Cyber security consultants,
- Penetration testers, with the intention of supporting the hacker point of view,
Barikat Incident Response Team follows the Barikat’s Incident Response Methodology based on the following well known incident response steps. In addition to general methodology document detailed predefined playbooks for common attack vectors are also used.
During the incident response process Barikat Incident Response team communicates with various outside parties as shown at the following figure.
In addition to Incident handling process when an artifact is encountered, artifact handling processes such as; analysis, response and coordination with outside parties are executed as well.
Barikat-CSIRT PGP Key
We recommend that you encrypt sensitive information in email to protect it from being viewed by unintended recipients. We prefer OpenPGP standard cryptography, which usually means Pretty Good Privacy (PGP) or the GNU Privacy Guard (GnuPG or GPG).
Those unable to use PGP can contact us via e-mail UserID: BARIKAT csirt@barikat.com.tr or +90 312 235 44 41 to arrange alternative methods.
We also encourage you to check the PGP signature on email and documents to verify the authenticity and integrity of mail from the Barikat-CSIRT.
Download and Verify the Current Barikat-CSIRT Key
Our current PGP key is available below and has the following properties:
Barikat-CSIRT PGP Key Information
- Key ID: C486FDD9
- Key Type: RSA
- Created: 05 JANUARY 2022
- Expires: 05 JANUARY 2026
- Key Size: 4096
- Key Fingerprint: CE9A 11BA D5AB 1765 8A41 AD7F E884 6ADA C486 FDD9
- UserID: BARIKAT csirt@barikat.com.tr
Barikat CSIRT RFC 2350 Profile
https://www.barikat.com.tr/barikat-csirt-rfc-2350-profile.pdf