The project

Level 3 expertise and support in CSIRT
We were integrated into the CSIRT team of a major player in the banking sector. The service involved:
- Managing level 3 incidents (vulnerabilities, APTs, viruses, etc.);
- Creating, testing, implementing and maintaining security incident detection rules;
- Creating and implementing incident management procedures;
- Coordinating level 2 SOC operations;
- Carrying out digital investigations / forensics;
- Hunting threats, analyzing weak signals and developing SIEM use cases;
- Taking part in the implementation and maintenance of the SIEM, and other security platforms managed by the team;
- Contributing to log collection and onboarding architecture projects.
Keys to success
1
Our expertise in security and an in-depth understanding of security production issues in a bank.
2
Our ability as a service provider to advance subjects in a matrix organization by relying on other production teams.
3
Our resistance to stress in order to apply their analytical skills and the ability to remain calm during security incidents.
4
Our good communication skills to manage resistance to change within projects.