Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Incident Response

ENSIA Report Says Many CERTs Fail on Proactive Detection

ENSIA Identifies 16 Areas Where CERTS Fail on Proactive Detection of Network Security Incidents

In a report detailing the findings of a study on proactive detection of network security incidents, the European Network and information Security Agency (ENISA) has identified 16 areas where Computer Emergency Response Teams (CERTs) are being hindered by process gaps that are impacting their job performance and overall effectiveness.

ENSIA Identifies 16 Areas Where CERTS Fail on Proactive Detection of Network Security Incidents

In a report detailing the findings of a study on proactive detection of network security incidents, the European Network and information Security Agency (ENISA) has identified 16 areas where Computer Emergency Response Teams (CERTs) are being hindered by process gaps that are impacting their job performance and overall effectiveness.

CERTs

According to ENSIA, CERTs are not fully utilizing all the possible external sources of information at their disposal. Similarly, many CERTs neither collect, nor share incident data about other constituencies with other CERTs. This, the agency said, is concerning, “…as information exchange is key to effectively combating malware and malicious activities, which is extremely important in fighting cross-border cyber threats.”

“The most important technical gaps identified include problems with data quality (such as the existence of false positives in reports, poor timeliness of delivery, lack of contextual information, no validity indicators, unclear data aging policies), and lack of automation and correlation, partly due to data quality issues, but also due to the lack of standard formats, tools or simply resources and skills,” the report noted.

Proactive Network Security

Moreover, the report adds, the most important legal problem the CERTs face involves privacy regulations and data protection laws in the EU, which often hinder the exchange of information. Such an obstacle is commonly faced by CERTs, but unfortunately not by criminals responsible for network attacks.

For each issue discovered, ENSIA offers one or more recommendations to address it.

“National/government CERT managers should use the report to overcome identified shortcomings, by using more external sources of incident information, and additional internal tools to collect information to plug the gaps,” said the agency’s Executive Director, Professor Udo Helmbrecht.

Advertisement. Scroll to continue reading.

In total, 45 CERT responded to the survey. While it is a bit of a read at 144 pages, the report’s worth examining if your organization has its own CERT-based team. The full report is available here

Written By

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

SecurityWeek’s Threat Detection and Incident Response Summit brings together security practitioners from around the world to share war stories on breaches, APT attacks and threat intelligence.

Register

Securityweek’s CISO Forum will address issues and challenges that are top of mind for today’s security leaders and what the future looks like as chief defenders of the enterprise.

Register

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Cybercrime

A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Identity & Access

Zero trust is not a replacement for identity and access management (IAM), but is the extension of IAM principles from people to everyone and...

CISO Strategy

SecurityWeek spoke with more than 300 cybersecurity experts to see what is bubbling beneath the surface, and examine how those evolving threats will present...

Management & Strategy

SecurityWeek examines how a layoff-induced influx of experienced professionals into the job seeker market is affecting or might affect, the skills gap and recruitment...

Data Breaches

LastPass DevOp engineer's home computer hacked and implanted with keylogging malware as part of a sustained cyberattack that exfiltrated corporate data from the cloud...

CISO Conversations

In this issue of CISO Conversations we talk to two CISOs about solving the CISO/CIO conflict by combining the roles under one person.

CISO Strategy

Security professionals understand the need for resilience in their company’s security posture, but often fail to build their own psychological resilience to stress.