LISIRT – LIFARS Computer Security Incident Response Team

When it comes to cybersecurity, experts have often noted that most organizations lack the appropriate technical and human resources to attain a level of incident response readiness commensurate with the threats they are facing. At times, you have some pieces of the cybersecurity puzzle, but the rest are missing. This is where LIFARS, a service provider specializing in incident response and digital forensics can help.

The LIFARS CSIRT (LISIRT) analyzes and responds to the events internal or external teams have identified as security incident, actual or potential, and that was reported to LIFARS’ cyber emergency number. Once contacted, LIFARS incident responders utilizes the logs collected from its clients’ systems and, in the case of the advanced program, the vulnerability information and the network security monitoring data, to contain the possible threat and, with the help of local IT team, eradicate and recover from the incident.

LISIRT Becomes a Client’s Key Incident Response HELPR as we strive to:

Help prepare for cybersecurity incidents

Educate regarding current cybersecurity incidents, events, and threats

Liaise with law enforcement agencies where necessary, mandated, or required by law

Partner with public and private CERTs

Respond promptly to cybersecurity incidents by assisting with identification, containment, eradication, and recovery from the incident, using LIFARS’s professional services

Incident Response (at the LISIRT hourly rate)

• Alerts & Warnings
• Managed Detection and Response
• Containment, Eradication & Recovery
• Post-Incident Activity
• On-Site Incident Response
• Remote Incident Response
• Incident Response Coordination
• Digital Forensics & Malware Analysis
• Bitcoin Payments

Proactive Services

Monthly information on threats, vulnerabilities, and malware analysis​

Bi-yearly external network scan​

Information when part of the infrastructure of the constituency shows in threat intel or in dark web searches​

• Security Audits
• Threat Hunting
• Cyber Resiliency Trainings

LISIRT is an existing member in the TF-CSIRT Trusted Introducer (TI), a forum where its members exchange experiences and knowledge and which maintains a system for registering and accrediting CSIRTs (​Trusted Introducer​), as well as certifying service standards. LISIRT adopted the Security Incident Management Maturity Model (SIM3) to govern, document, perform and measure its functions and operations. This model is also used for the TF-CSIRT/TI Certification. For more information on LISIRT, please visit its website.

CSIRT is the abbreviation for ‘Computer Security incident response team’ and it is a dedicated or ad-hoc team in an organization with the main goal to respond to cybersecurity incidents. The terms CSIRT and CERT are usually used interchangeably but there may be slight differences in the scope of services they provide.

Historically, the term Computer Emergency Response Team (CERT) has been used first by the CERT Coordination Center (CERT-CC) at Carnegie Mellon University (CMU) in 1988 and it is now a registered trademark in many jurisdictions. The emergence of the term is tied with the outbreak of the infamous Morris Worm. Ultimately, this worm paralyzed approximately 10% of the Internet and which was the first felony in the US under the 1986 Computer Fraud and Abuse Act.

• https://lifars.com/knowledge-center/923-words-on-ntuser-dat/
• https://lifars.com/2020/05/what-can-happen-when-you-click-on-phishing-link-containing-malicious-vbs-script/
• https://lifars.com/knowledge-center/the-spy-who-encrypted-me/
• https://lifars.com/knowledge-center/session-hijacking-case-study/
• https://lifars.com/knowledge-center/windows-shellbags-forensics-investigative-value-of-windows-shellbags/
• https://lifars.com/knowledge-center/osquery-for-cyber-incident-response/
• https://lifars.com/knowledge-center/malware-analysis-of-dridex-bitpaymer-and-doppelpaymer-campaign/