Tristan PINCEAUX | Lead CERT
The increase in computer attacks is a threat that all companies are facing today. If they do not have the necessary maturity to manage an incident alone, they must be able to rely on cybersecurity experts.
The stakes are multiple: contain the actions of attackers, eradicate threats and mechanisms of persistence, restore operational conditions and restart production as quickly as possible.
The CWATCH Almond CERT team is there to accompany you in all these phases in order to react quickly and in the best way to cyber-attacks.
In light of the major trends that have marked the cyber landscape and the continuous evolution of the threat level due to the constant improvement of the capabilities of malicious actors whose main intentions remain financial gain, espionage and destabilization, there is an increased need to have a team capable of dealing with these cyber threats by proposing appropriate incident responses with good crisis management.
Our CERT team (Computer Emergency Response Team) CWATCH, with its highly qualified staff and its expertise developed through the various incidents treated, offers you a structured and quality support, at the technical and human level, so that you can overcome the possible security incidents affecting your information system.
Incident Response Process
You contact the CWATCH CERT as soon as you suspect or detect a security incident
A CWATCH expert calls you back to qualify the incident and get more information about the context
The CWATCH CERT offers you an initial response system
You formally confirm your agreement to start the response system
We start the response operations, intervening remotely or on site: collection, analysis, reaction & remediation
With the progressive understanding of the incident, the experts regularly review the response strategy with you. Regular reports and follow-ups can be made
A final report is written for the stakeholders, including details of the incident, investigations and recommendations to follow
Examples of missions
|Situation at the start of the CERT service||Operations carried out by the CERT
|The IT department has noticed abnormal behavior on a server exposed on the Internet and suspects a compromise.||
The CERT lists all the data to be collected in order to remove the doubt about the compromise and provides the IT team with a collection agent to launch on the server.
|A ransomware malware encrypts data on multiple workstations and network shares.||
CERT establishes with the IT manager an emergency plan to contain the attack and remotely monitors the technical actions (network isolation of certain machines, backup security, etc.)
Why choose us?
Almond is an authorized user of the CERT ™ mark:
Technological watch, continuous improvement of our methodologies
of incident response and knowledge sharing (IOC) between CERT ™.
The Almond CERT is a member of the InterCERT France network since 2020. InterCERT-FR is an association under the law of 1901 which gathers the incident response teams (CSIRT) in France.