You are a victim of a cybersecurity incident?

> Disconnect (when possible) the machines from the network and keep them powered on. Do not reboot them to avoid losing useful information during the analysis of the incident. Do not reboot them to avoid losing useful information during the analysis of the incident.

> Notify your hierarchy by phone / SMS or preferably in person, avoid email which can be compromised if you suspect an extended takeover of your information system.

> Secure your backups.

> Start keeping a complete and time-stamped paper trail of events and actions.

> Don’t contact the cybercriminals.

> Call us quickly.

How to contact us?

The cyber incident response cell is composed of CERT (Computer Emergency Response Team) CWATCH analysts. They are professionals who regularly intervene in response to security incidents. Our experts are available Monday to Friday from 8:30 am to 7:00 pm (CET, excluding holidays) to qualify any IT security incident and offer you an appropriate response mechanism. Active 24×7 customers have the option of triggering the response mechanism by phone in 24×7.


=> always preferred in case of emergency

+33 (0)1 83 75 36 94


You contact CWATCH CERT as soon as you suspect an incident is in progress.


A CWATCH expert calls you back to qualify the incident.

Response System

CERT CWATCH offers you an initial response system.


You formally confirm your agreement to start the response system.


We start response operations by intervening remotely or on site: collection, analysis, reaction & remediation.


With the progressive understanding of the security incident, SOC experts regularly review the response strategy with you.


How can CWATCH CERT help you?

The CERT CWATCH Security Incident Response Team is a team of multidisciplinary experts with the tools and skills and the ability to intervene remotely and on site to:

> Confirm the security incident and the malicious nature.

> Determine the impacted perimeter.

> Identify the attacker’s modus operandi, the sequence of events and the vulnerabilities and other flaws that have been exploited.

> Propose appropriate protective and/or corrective measures.

> Collect and securely store evidence and technical traces related to the incident.

> Present an exhaustive chronology of the incident, indicators of compromise and available information on the actors.

We can also advise you on crisis management, internal and external communication, insurance triggering, incident notification and complaint filing.

Find the content of this page in PDF format:
Do you want more information on our SOC CERT expertise?