CSIRT as a Service and Rapid Response

CSIRT Services – your incident response team

It is impossible to prevent serious security incidents 100% of the time.

Which makes it all the more important to act quickly and stop any attacks when such an incident occurs. Complex IT infrastructures and a shortage of IT security specialists make it difficult to create an in-house cybersecurity incident response team (CSIRT), which can compromise cyberdefence.

Incident response team for combating cyberattacks

Not all companies have the necessary expertise and qualified personnel to set up their own incident response team. This is where CSIRT as a Service and Rapid Response come in.

Fast response and business continuity are paramount in an acute attack. However, the impact of a cyberattack is often felt beyond the incident itself. Any data breaches must be reported and communicated to customers. And an evidence-gathering forensic investigation will be required to be able to press charges against the attackers.

Calls are free. Call outs are charged at a flat rate plus costs. This offer is exclusively available to companies in Switzerland.

When is it the right solution?

When dealing with a successful cyber attack, business continuity is paramount. You have to guarantee an appropriate incident response whatever your cost pressures or shortage of skills. Outsourcing IT security services could be an option worth considering.

It might not make financial sense for you to establish an in-house CSIRT team working around the clock to cover the entire incident response process. But you still need to meet the defined security standard and safeguard business continuity in the event of a cyber attack. At the same time, hybrid and multi-cloud approaches are making infrastructures increasingly complex and increasing the need for effective cyber defence.

Your benefits:

  • Professional CSIRT services at predictable costs
  • Experienced team of incident response experts
  • Support for legal action and reporting obligations

CSIRT as a Service

Services in detail

CSIRT as a Service (CSIRTaaS) involves a prior onboarding process and contract, while Rapid Response is provided as needed, with no contract necessary.

  • 24/7 end-to-end management of security incidents in line with the process defined by Swisscom
  • Remote or on-site assistance
  • Final report documenting the incident and measures taken
  • In-depth analysis and evidence gathering (forensic) for legal proceedings (optional)
  • Guaranteed response based on SLA
  • Short response times thanks to previous onboarding process
  • Costs: Monthly plus per-use billing based on time and materials  
  • 24/7 end-to-end management of security incidents in line with the process defined by Swisscom
  • Remote or on-site assistance
  • Final report documenting the incident and measures taken
  • In-depth analysis and evidence gathering (forensic) for legal proceedings (optional)
  • Best-effort response
  • Longer response times than with CSIRTaaS as onboarding is required
  • Costs: Flat rate plus per-use billing based on time and materials  

CSIRT as a part of our TDR portfolio

CSIRT as a Service and Rapid Response are a modular extension of the analytical functions of Security Analytics and SOC as a Service.

CSIRT als Bestandteil

Why Swisscom?


We successfully protect our own infrastructures and those of our customers.

Based in Switzerland

We provide all our services from a Cyber Defence Centre in Switzerland.

Industry perspective

You benefit from our sector-specific insights in any incident response.

FAQs: Cyber attacks on Enterprise customers

There is a multi-stage response to incidents. This is generally based on the NIST Incident Management process:

  • Identification: Establish an overview of the security incident, determine objective
  • Assessment: Analyse incident and recommend emergency measures
  • Containment: Secure evidence, classify attack vector, contain the attack
  • Eradication: Eradicate the security incident and clean up the systems
  • Recovery: Recover normal state, test and monitor system behaviour
  • Lessons learned: Debriefing, report and recommended measures

You can find detailed information on this in the CSIRT white paper.

To manage IT security incidents effectively, the Security Operation Center (SOC) and the CSIRT need to work hand in glove. While the SOC monitors infrastructure and applications in order to spot security incidents at an early stage (security monitoring, security analytics and security alert handling), the Cyber Security Incident Response Team (CSIRT) is the rapid reaction force, the IT firefighters. This team deals with complex security incidents and initiates threat protection and security incident eradication measures. Together, the two teams make it possible to launch an early response to cyber attacks and to limit any damage.

The shortage of specialist staff and the complex, demanding work of a CSIRT make it sensible to consider outsourcing this service. Service providers can guarantee 24/7, end-to-end management of security incidents. Service providers that have cyber security experts with a wealth of experience in dealing with security incidents can guarantee an efficient response to such incidents.

The type of communication depends on the nature of the incident and the company, and is determined at the start of each incident. If the customer’s infrastructure is compromised, it is advisable to switch to private devices and e-mail accounts, and to do the same with the telephone. Apart from that, the customer’s preferences determine whether communication takes place via e-mail, Microsoft Teams or SwissTrustRoom.

Firstly, the company is connected to our 24/7 Operation Control Center. The main details are recorded and an assessment is carried out to determine whether it is a confirmed cyber security incident. The CSIRT is then informed and calls the company back as quickly as possible.

Find out more


Our experts will be happy to answer your questions. Contact us.