CSIRT as a Service and Rapid Response

CSIRT Services – professional incident response

Go to offer

Go to SME

It is impossible to prevent serious security incidents 100% of the time. Which makes it even more important to act quickly and stop any attacks. Complex IT infrastructures and a shortage of IT security specialists make it difficult to create an in-house cyber security incident response team (CSIRT), which can compromise cyber defence.

CSIRT Services: cyber defence as a service

Fast response and business continuity are paramount in an acute attack. However, the impact of a cyber attack is often felt beyond the incident itself. Any data breaches must be reported and communicated to customers. An evidence-gathering forensic investigation may also be required to press charges against the attackers, yet not all companies have the necessary expertise and specialists to set up their own incident response team. CSIRT as a Service can help here.

Your benefits

Professional CSIRT services at predictable costs

Experienced incident response specialists

Support for legal action and reporting obligations

When is it the right solution?

When dealing with a successful cyber attack, business continuity is paramount. You have to guarantee an appropriate incident response whatever your cost pressures or shortage of skills. Outsourcing IT security services could be an option worth considering.

It might not make financial sense for you to establish an in-house CSIRT team working around the clock to cover the entire incident response process. But you still need to meet the defined security standard and safeguard business continuity in the event of a cyber attack. At the same time, hybrid and multi-cloud approaches are making infrastructures increasingly complex and increasing the need for effective cyber defence.

Immediate assistance for security incidents

CSIRT Rapid Response provides professional support for security incidents. Call the emergency number below to access round-the-clock support from our IT security experts.

0800 850 000

Calls are free. Call outs are charged at a flat rate plus costs. This offer is exclusively available to companies in Switzerland.

Why Swisscom?

Experience: We successfully protect our own infrastructures and those of our customers.
Based in Switzerland: we provide all our services from a Cyber Defence Centre in Switzerland.
Industry perspective: You benefit from our sector-specific insights in any incident response.

CSIRT as a Service

Rapid, professional management of cyber attacks

Access incident response as a professional service from a Swiss Cyber Defence Centre and protect your infrastructure and data from the serious consequences of a successful cyber attack. With our CSIRT as a Service, you are prepared for emergencies and can rely on a professional incident response team for your cyber defence.

Request quotation

CSIRT Rapid Response

Immediate assistance in the event of a security incident, with no service contract

Use the services of a professional CSIRT when you need it and only pay the actual costs incurred, making Rapid Response suitable for occasional use.

0800 850 000

Calls are free. Call outs are charged at a flat rate plus costs. This offer is exclusively available to companies in Switzerland.

Services in detail

CSIRT as a Service (CSIRTaaS) involves a prior onboarding process and contract, while Rapid Response is provided as needed, with no contract necessary.

24/7 end-to-end management of security incidents in line with the process defined by Swisscom
Remote or on-site assistance
Final report documenting the incident and measures taken
In-depth analysis and evidence gathering (forensic) for legal proceedings (optional)
Guaranteed response based on SLA
Short response times thanks to previous onboarding process
Costs: Monthly plus per-use billing based on time and materials

24/7 end-to-end management of security incidents in line with the process defined by Swisscom
Remote or on-site assistance
Final report documenting the incident and measures taken
In-depth analysis and evidence gathering (forensic) for legal proceedings (optional)
Best-effort response
Longer response times than with CSIRTaaS as onboarding is required
Costs: Flat rate plus per-use billing based on time and materials

CSIRT as a Service & Rapid Response factsheet

CSIRT as a part of our TDR portfolio

CSIRT as a Service and Rapid Response are a modular extension of the analytical functions of Security Analytics and SOC as a Service.

FAQs: Cyber attacks on Enterprise customers

There is a multi-stage response to incidents. This is generally based on the NIST Incident Management process:

Identification: Establish an overview of the security incident, determine objective
Assessment: Analyse incident and recommend emergency measures
Containment: Secure evidence, classify attack vector, contain the attack
Eradication: Eradicate the security incident and clean up the systems
Recovery: Recover normal state, test and monitor system behaviour
Lessons learned: Debriefing, report and recommended measures

You can find detailed information on this in the CSIRT white paper.

To manage IT security incidents effectively, the Security Operation Center (SOC) and the CSIRT need to work hand in glove. While the SOC monitors infrastructure and applications in order to spot security incidents at an early stage (security monitoring, security analytics and security alert handling), the Cyber Security Incident Response Team (CSIRT) is the rapid reaction force, the IT firefighters. This team deals with complex security incidents and initiates threat protection and security incident eradication measures. Together, the two teams make it possible to launch an early response to cyber attacks and to limit any damage.

The shortage of specialist staff and the complex, demanding work of a CSIRT make it sensible to consider outsourcing this service. Service providers can guarantee 24/7, end-to-end management of security incidents. Service providers that have cyber security experts with a wealth of experience in dealing with security incidents can guarantee an efficient response to such incidents.

The type of communication depends on the nature of the incident and the company, and is determined at the start of each incident. If the customer’s infrastructure is compromised, it is advisable to switch to private devices and e-mail accounts, and to do the same with the telephone. Apart from that, the customer’s preferences determine whether communication takes place via e-mail, Microsoft Teams or SwissTrustRoom.

Firstly, the company is connected to our 24/7 Operation Control Center. The main details are recorded and an assessment is carried out to determine whether it is a confirmed cyber security incident. The CSIRT is then informed and calls the company back as quickly as possible.

Find out more

CSIRT

CSIRT: Professional incident response

In this whitepaper, find out how a CSIRT strengthens your cyber defence and discover the alternatives to building your own team.

Go to free download

Article

How does a Security Operation Center work?

Still looking for answers? Our security experts will be happy to advise you.

CSIRT as a Service and Rapid Response

CSIRT Services – professional incident response

CSIRT Services: cyber defence as a service

Your benefits

When is it the right solution?

Why Swisscom?

CSIRT as a Service

CSIRT Rapid Response

Services in detail

CSIRT as a Service

CSIRT Rapid Response

CSIRT as a part of our TDR portfolio

FAQs: Cyber attacks on Enterprise customers

How does a Cyber Security Incident Response team (CSIRT) respond to incidents?

Why is the interaction between the SOC and CSIRT important?

Why should a company consider outsourcing its CSIRT service?

How do CSIRT and CISO/security officers communicate with each other during a cyber security incident?

If a company calls the CSIRT Rapid Response emergency numbers, what happens before the team is deployed?

Find out more

CSIRT: Professional incident response