IntelProbe CSIRT enables efficient management of institutions and organizations with its experienced security experts in terms of cyber security. IntelProbe CSIRT provides organizations and organizations with the information they need to detect threats to them in a timely manner, without wasting time. Along with the detection and elimination of cyber threats, IntelProbe CSIRT also attaches importance to incident response.
IntelProbe CSIRT Services
IntelProbe CSIRT works with professionals specializing in different areas of information technology security, such as forensics, incident response and analysis, network management, penetration testing, and cyber intelligence. IntelProbe CSIRT follows global security standards in the process of probable threats and cyber security incidents, 24/7 full time monitoring, research and response. IntelProbe CSIRT employees work on current developments and methods related to cyber security.
IntelProbe CSIRT supports IT security professionals with a variety of possibilities, such as monitoring and forensic information management systems that control the networks owned by organizations and organizations, and information retrieval systems related to the latest cyber threats.
As seen in the above image, IntelProbe offers CSIRT services under three main headings:
1) Proactive Services: It consists of determining the cyber-attacks that may occur before the cyber events occur and the precautions that can be taken against it. The services provided under this main service title are to prevent possible cyber incidents and to minimize the impact of these incidents if cyber incidents occur. In this context, warning information generated by IntelProbe CSIRT is distributed to customers to ensure the security of information assets and not to be the target of attacks. Some of the services provided under this main service are listed below.
- Announcements / News: Creating alerts for cyber-attacks, potential threats and vulnerabilities, informing customers about current cyber threats and their possible effects, sharing news gathered against current security incidents and vulnerabilities.
- Tracking of New and Emerging Technologies: Following up the current developments in the field of cyber security, monitoring the emerging threats and methods, and following the new regulations and news about cyber security.
- Developing Cyber Security Technologies: Developing tools to rework the exploited information assets due to weaknesses and to increase the effectiveness of existing security measures.
- Security Tests and Audits: Performing best practices and infrastructure evaluations to protect information assets, scanning networks and systems for any vulnerability and anomalies, performing penetration tests.
- Configuration, Tightening and Maintenance: Configuring system security tools, serving applications, system infrastructures and attack detection systems related to these infrastructures, services such as firewalls and VPNs and tightening and maintaining existing technologies.
- Intrusion Detection Services: Analysis of system records for cyber-attack detection, initiating the incident response process for detected cyber events, informing the affected parties about the detected attacks, monitoring all records related to cyber security.
2) Reactive Services: Focuses on support requests from customers about cyber incidents or cyber incident reports. Under this main service title, effective protection of compromised information assets, malware, cyber threats and vulnerabilities is effectively addressed. In addition, it is aimed to ensure the security, improvement, reconstruction and development of information systems. Some services performed under this main service title are described below.
- Warnings: Distribution of information regarding cyber-attacks, threats, vulnerabilities, exploits, viruses and errors that may occur in the system, informing customers about possible or recent cyber security incidents and making suggestions for the protection or recovery of the affected systems.
- Incident Management: Collecting evidence about the incidents of cyber incidents, examining the events in detail, taking various steps to ensure the security of the systems affected by the incident, taking various steps, creating response plans and scenarios related to the incidents, recovering the systems, monitoring abused systems, intervening in cyber incident and cyber incident ensuring the flow of information and the integrity of action between all parties affected by the event so that it can be properly intervened.
- Vulnerability Management: In order to obtain information about possible vulnerabilities in the hardware, software and different technologies used by customers, to conduct vulnerability analysis through technical analysis and examinations carried out by expert consultants, to develop vulnerabilities and fixes, to detect and eliminate vulnerabilities. To provide the necessary communication for the development of plans and projects and elimination of the identified weaknesses.
3) Security Management Services: It is designed to improve the cyber security of organizations served by IntelProbe CSIRT. Some services under this main service heading are as follows:
- Information Security and Cyber Security Consultancy: Providing consultancy to protect the information assets of the customers from possible dangers, guiding the systems, devices and applications that are expected to be acquired in order to provide cyber security, and supporting the customers with the preparation and implementation of policies for ensuring cyber security.
- Risk Analysis: Conducting a risk analysis focused on potential and existing cyber threats, evaluating strategies for measures and improvements related to risks, analyzing risks to customers' information assets.
- Product / Technology Assessment: Assessment of products and security of products regarding systems or applications used or planned to be used by customers.
- Competence Development and Awareness Raising: Organizing seminars, workshops or trainings to inform customers about important cyber security issues, and providing support to raise awareness about cyber security through these trainings.
The activities of IntelProbe CSIRT are performed by tools and platforms developed by its own specialist staff with its own resources. IntelProbe CSIRT is able to offer additional services to meet the new needs identified in order to protect its customers in cyber security.
Today, attacks on information systems and information assets seriously threaten institutions and organizations. Cyber-attack techniques and the harmful software used in these attacks have become more complex and structural over time, causing institutions and organizations to experience very critical data leaks and increased attack rates. In today's cyber world, it is vital to prevent these threats. In this context, IntelProbe has established IntelProbe CSIRT, which has the task of being a shield against possible threats and attacks against the leading institutions and organizations of our country with its team formed by experienced cyber security experts.
IntelProbe CSIRT; it has the ability to intervene systematically about threats and events from all layers of cyberspace. It offers various possibilities to its stakeholders with whom it cooperates to distribute and report necessary information before, during and after the cyber incidents that may occur. In this way, institutions and organizations can have a 360-degree perspective on possible cyber threats and incidents, and can respond to dangers in a timely and effective manner.
IntelProbe CSIRT serves institutions and organizations in both the public and private sectors. The IntelProbe CSIRT team has become an important point of contact for the elimination of cyber threats that handles cyber threats quickly and effectively with its experienced and expert staff.
IntelProbe CSIRT aims to take systematic and rapid information gathering, analysis, reporting and intervention against the threats and attacks in cyber space.
The purpose of IntelProbe CSIRT is cyber security to ensure the security of all data belonging to institutions and organizations, to make information access processes faster and higher quality, to ensure authorization to access information correctly, to protect confidentiality about systems and data, and to ensure a sustainable and performance evaluation of the data to take the necessary precautions.
The main objectives of IntelProbe CSIRT are; to determine the measures to be taken against cyber threats, to ensure that these measures are taken within the framework of standards that are important to comply with systematically prepared plans and programs, and to coordinate all these processes.
Summarize the tasks of IntelProbe CSIRT are:
- To provide a systematic and methodological intervention opportunity for the events related to cyber security.
- To coordinate the communication with national and global response teams in emergency situations related to cyber security.
- To ensure that the problems related to cyber security are overcome quickly and healthily for institutions and organizations in the public and private sectors.
- To prevent data leaks and service failures that may occur as a result of cyber security incidents
- To provide high quality protection for information systems and data in institutions and organizations.
- Archive information about cyber threats faced by institutions and organizations for use in analysis studies by correctly classifying possible processes that may occur in the future.
- To provide early warning service against cyber threats that may be encountered.
- To ensure the correct creation of the cyber security understanding in institutions and organizations, to increase the quality of the solutions used and to ensure the freshness and sustainability of the solutions.
IntelProbe works with many institutions and organizations in the national framework. In this context, IntelProbe CSIRT provides services to many organizations to eliminate cyber threats.
IntelProbe CSIRT team provides service to its customers in their sectors on a 24/7 basis. Our cooperation with the public side is public institutions that have critical importance.
Furthermore, IntelProbe CSIRT provides support to the customers who need to set up their own security operations center. IntelProbe shares its knowledge and experience with its customers at the point of management of processes as well as providing all necessary support for the establishment of a security operation center if requested by the customers.
CSIRT Director: The CSIRT director is responsible for managing all processes related to cyber security. It is the highest decision maker in the CSIRT organization. The delegation of the tasks to the team members is carried out by the CSIRT Director.
CSIRT Information Security Manager: CSIRT Information Security Manager is responsible for effective information security processes. CSIRT Information Security Manager is responsible for producing procedures and policies for the protection of information systems, assets and data belonging to customers that work with.
SOC Manager: The SOC manager is responsible for the management of all security operations center activities. The SOC manager ensures that all SOC policies and procedures are operational. He is responsible for the management of the security operations center and monitoring the performance of the staff.
NOC Manager: The NOC manager is responsible for the management of all network operations center activities. The NOC manager ensures that all NOC policies and procedures are operational. He is responsible for the management of the network operation center and monitoring the performance of staff.
CIC Manager: The Cyber Intelligence Center manager works in collaboration with SOC and NOC managers. Its main responsibility is to ensure that preliminary research on cyber security incidents is carried out by the CIC team. It is also the responsibility areas of the CIC Manager to provide threat analysis for anomalies detected by SOC and NOC.
CSIRT Coordination Team Leader: CSIRT Coordination Team Leader provides the necessary coordination to improve the security system, manage security alerts and also respond to all security-related events.
CSIRT Engineering Team Leader: CSIRT Engineering Team Leader is responsible for ensuring the sustainability and effectiveness of SOC and NOC systems. It reports the developments or problems about the security of the systems to the management. It is responsible for the administration of all security systems such as IDS and firewalls available in the corporate network.
CSIRT Monitoring Team Leader: CSIRT Monitoring Team Leader, together with his team, monitors all networks that provide security service and is responsible for analyzing the traffic on these networks. CSIRT Monitoring Team Leader allows his team to use a variety of tools to identify potential threats or unauthorized actions on the network.
CSIRT Incident Response Team Leader: CSIRT Incident Response Team Leader dispatches and manages the cyber incidents response team to respond quickly and effectively to actual cyber threats. It is responsible for analyzing policies and procedures that must be followed during intervention to possible cyber security incidents.
CSIRT Cyber Intelligence Team Leader: The CSIRT Cyber Intelligence Team Leader coordinates the cyber intelligence center team to generate frontal warnings about possible security threats and to conduct intelligence investigations of cyber incidents that have occurred. They analyze the policies and procedures to be followed regarding the necessary discoveries and subsequent research before a security incident occurs.
Security System Officer: The Security System Officer is responsible for preventing unauthorized access of critical information and ensuring systems security. It takes the necessary precautions to fulfill this duty. It works in coordination with the teams associated with corporate management and information assets.
Senior Threat Analysist: The Senior Threat Analyst performs its duties to monitor all networks to which it is responsible and to detect anomalies. The threat analyst regularly reviews data on security vulnerabilities using current threat intelligence information provided by the CIC team.
Threat Response Analyst: Threat Response Analyst is responsible for investigating the most effective tools or techniques for correct response to cyber threats and cyber incidents. It collects and analyzes data for improvements to these tools and techniques and for later use in threats and incidents.
Incident Handler: The Incident Handler ensures that event data is analyzed correctly. It examines the possible effects and consequences of a cyber incident. It works to minimize the damage that may occur after a possible cyber incident and to ensure the sustainability of the service. It works in coordination with the Cyber Incident Response Team.
Open Source Intelligence Analyst: The Open Source Intelligence Analyst prepares intelligence reports by scanning all open layers of the internet for real-time cyber incidents that may occur. In addition, it shares the information obtained from the internet with the relevant teams so that cyber events can be analyzed correctly.
Penetration Test Specialist: Penetration Test Specialist exploits vulnerabilities in the systems it is working on and ensures that the tested system is vulnerable to threats. It performs the task of performing penetration tests in critical infrastructure and information assets related to customer information systems.
System Analyst: The System Analyst is responsible for analyzing all the systems it is responsible for against possible cyber threats and cyber incidents. It determines the requirements of the systems in charge and is responsible for informing the manager about this issue. It is the System Analyst's responsibilities to investigate, plan and test the viable solutions to system problems experienced and likely to be experienced.
Network Analyst: The Network Analyst is responsible for regularly managing all relevant topics for the networks he is responsible for. It makes planning, analysis and technical support for the continuity of managed networks. Guidelines for the provision of the necessary network components are also among the duties of the Network Analyst.
Emergency Response Specialist: The Emergency Response Specialist examines and updates existing policies and procedures to identify the capabilities and opportunities that need to be developed to respond to the emergency situation. It determines the most effective emergency response strategies for the events that may occur. It provides an inclination to the Emergency Team it works with in order to respond quickly and accurately to the cyber incidents that may occur.
Social Media Intelligence Analyst: He/she makes regular examinations of the cyber events planned to be realized through Social Media. It examines the phishing and spear-phishing attacks that can be carried out on social media. It informs its managers about a cyber incident that may occur by following social media trends.
Forensic Analyst: The Forensic Analyst is responsible for maintaining, identifying, extracting and documenting the evidence available in information systems on cyber incidents that have occurred. It conducts search and screening activities in the relevant information systems to collect the information to be used to prove that the crime was committed during the cyber incident.
Device Specialist: The Device Specialist manages all devices related to cyber security used in the institution. It provides regular monitoring of the security status of all devices, checks and examines the security of devices. Responsible for ensuring that all adjustments of the devices are correct and that there are no weaknesses against attacks.
Risk Analyst: The Risk Analyst conducts research on the risks that may arise against the critical data of the organization, information assets and information systems. Uses the results obtained from the researches carried out to propose risk improvement strategies.
Incident Response Help Desk: It is responsible for the prompt and complete transmission of all help calls created by customers to the relevant department in IntelProbe CSIRT. Then, categorizing the incident in the call for help and then forward the incident to the Event Managers.
Cyber Threat Intelligence (CTI) Information Flow Analyst: It conducts studies for the correct evaluation and regular classification of the CTI information flows obtained by the institution. Follows international CTI sharing organizations, examines the information and documents shared by these organizations for better understanding of structured attacks and shares their analysis with relevant units.