Excellium CSIRT: giving your organization effective incident response
DATA BREACH [n]: compromise of security that leads to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to protected data transmitted, stored or otherwise processed (ISO/IEC 27040:2015)
Going to Work for You
A Computer Security Incident Response team is a bit like the fire brigade, only instead of putting out fires, they help organizations contain, neutralize, and eradicate intrusions. Just as fire drills help to save lives if a real fire strikes, so careful preparation makes it easier to detect, handle and mitigate actual intrusions.
Key Benefits of the Service
CERT-XLM consists of experts able to react in real-time to security incidents. Moreover, intelligent analysis of network and other data can greatly improve threat modeling, which in turn allows customers to develop more effective defences.
Key benefits of CERT-XLM include the following:
- Improved cyber response capability,
- Rapid and reliable outsourcing of incident management,
- Better anticipation of threats,
- Prevention of incident recurrence,
- Strengthening human factor weaknesses in cyber security,
- Improved cyber security maturity through better alignment of people, processes, and technology,
- Being confident about your cyber security.
CERT-XLM is composed of highly experienced security experts who can handle sophisticated attacks and threats.
CERT-XLM gathers, aggregates, integrates and analyses intelligence feeds.
CERT-XLM also develops tools to identify threats to your infrastructure.
CERT-XLM is member of the CERT.LU initiative and an accredited member of Trusted Introducer.
CERT-XLM as Excellium has held PSF accreditation since 2016.
Mission statement
CERT-XLM is the Computer Security Incident Response Team (CSIRT) of Excellium Services S.A.
The purpose of the CERT-XLM is to assist Excellium customers located in Luxembourg and Belgium by implementing proactive measures to reduce the risks of computer security incidents.
CERT-XLM is also able to manage security incidents or second customer deployed team when such incidents occurs.
Communication and authentication
General rules
The preferred method for contacting the CERT-XLM is via e-mail. If you require urgent assistance, see the RFC2350 Document below for further information.
In view of the types of information that CERT-XLM deals with, telephones will be considered sufficiently secure to be used even unencrypted.
Unencrypted e-mail will not be considered particularly secure, but will be sufficient for the transmission of low-sensitivity data.
If it is necessary to send highly sensitive data (i.e. information classified as Confidential) by e-mail, encryption (preferably PGP) will be used.
All e-mail or data communication originating from CERT-XLM will be digitally signed, using either the generic PGP key mentioned below, or the CERT team members’ own signature keys available in the RFC 2350 document.
Electronic Mail Address
All incident report should be submitted to <emergency(at)excellium-services.com>.
The team may be contacted at <cert(at)excellium-services.com>. This email alias relays emails to the human(s) on duty for the CERT-XLM.
Public Keys and Other Encryption Information
The emergency email address has a PGP key, whose KeyID is 0x42662EFE. The Public key is available HERE.
The CERT-XLM has a PGP key, whose KeyID is 0xD74E5AC0. The Public key is available HERE.
Advisory
The CERT-XLM publishes advisory notes about vulnerabilities found in products during assessments.
Documents
Accreditation
