The subscription to the various services offered by the Cert-IST is based on a fee related to the requested services
Main services offered:
- Personalised dissemination of security advisories and alerts under different formats. Results from the analysis and the cross-checking of information gathered daily from many sources and from the qualification using objective criteria. Each year, the Cert-IST releases about 1,100 advisories, continuously updated (more than 3,200 updates all along the year), and around ten alerts.
- Release of a daily press review bulletin which lists the most interesting articles published on the web.
- Release of a monthly security bulletin. Records the vulnerabilities that have been released or not and deals with actuality topics through specific studies.
- Release of security advisories for SCADA systems thus a SCADA monthly bulletin
- Access to the Cert-IST vulnerability database, populated since 1997, which covers hardware and software components the most commonly used in information systems. The Cert-IST stores vulnerabilities concerning more than 1,900 products and 15,000 associated versions. This database enables multi-criteria search.
- Access to a hotline i.e. to request precisions on a released advisory.
- Daily collection and correlation of information from many reliable sources (public and private), responsible to identify machines suspected to be contaminated.
- Watch service for attacks and IOCs: an inovative cyber-intelligence service, which combines, on the one hand, an access to a database with description sheets for the main threat actors and attack campaigns, on the other, an access to a MISP instance. The indicators present in MISP are enriched with contextual information (example: targeted activity sector, geographical region affected, ...). In addition, it is possible to subscribe to a monthly bulletin providing a summary of the news regarding the cyber-attack landscape.
- Access to an incident handling service with intervention on site if necessary. Establishment of a trusted relationship that allows to handle security problems with all the privacy requirements. The service enables to find an explanation to reported problems (abnormal behaviour, loss of availability or confidentiality, etc...), to identify their causes (voluntary or involuntary) and the origin. It gives various recommendations, either corrective to palliate the incident, or general to improve the general security level.
- Incident response coordination: the Cert-IST coordinates with the other CERT nationally and internationally for security incident response, whenever a member of its constituency (Industry, Services and Tertiary sector) gets involved.
- Skills transfer, and on-demand training, to assist in the acquisition of expertise, for example in the field of incident investigation or log analysis.