Vulnerabilities are discovered every day. Once found, they make their way into any number of databases that can be used to help organizations take action to put a patch in place... if one is available. But what about the case where the weakness is actively exposed or being exploited?
Vulnerabilities are discovered every day. Once found, they make their way into any number of databases that can be used to help organizations take action to put a patch in place... if one is available. But what about the case where the weakness is actively exposed or being exploited? This is where CSIRT.global comes in.
Born from the work being done at the Dutch International for Vulnerability Disclosure (DIVD), a team of volunteers have decided to take things to the next level, helping organizations take action when action matters most ... when a vulnerability exists, when that vulnerability is being exploited in the wild, and when an organization is prone to (or is under) attack. That's when the email is sent from CSITR.global to the affected organization, letting them know what the team uncovered.
"We don't send marketing emails. We don't send emails promoting conferences. When a company gets an email from us, it really means something.” ~Eward
There's a lot going on in this process, from scanning the entire global Internet for every system exposed, identifying vulnerabilities on those systems, and mapping the proof of concept to those two results to determine whether or not an organization is vulnerable or is showing signs of having been compromised. The next piece of the puzzle is figuring out who or what is behind the IP address that was scanned and flagged. This isn't always easy given how IP addresses are assigned and looked up. The next piece of the puzzle is even harder, in that CSIRT.global needs to find a way to contact the affected entity that lives behind the IP address ... which department or person should receive the info and what is their email address? Good luck finding that in a pinch. And, to top it all off, the receiving party needs to trust that the email they received from CSIRT.gloal is both legitimate and must be taken seriously. The process is rooted in information and built on trust - which is one of the main reasons they sought and receive support from the Dutch government.
It's this full circle scenario that delivers the real value provided by this group. It can scale to a global nature, but requires the help of the global community. Listen in to hear more about how this works, how to get involved, and how this non-profit organization is redefining cybersecurity.
____________________________
Guests
Eward Driehuis
Founder at 3Eyes Security and Chairman at CSIRT.global
On LinkedIn | https://www.linkedin.com/in/ewarddriehuis/
On Twitter | https://twitter.com/e3huis
Lennaert Oudshoorn
CSIRT Coordinator And Webmaster at Dutch Institute for Vulnerability Disclosure (DIVD) [@DIVDnl]
On Twitter | https://twitter.com/lennaert89
On LinkedIn | https://www.linkedin.com/in/lennaertoudshoorn/
____________________________
This Episode’s Sponsors
Asgardeo by WSO2: https://itspm.ag/asgardeo-by-wso2-u8vc
HITRUST: https://itspm.ag/itsphitweb
____________________________
Resources
CSIRT.global: https://csirt.global/ & https://www.divd.nl/
DIVD: https://www.divd.nl/ and on LinkedIn: https://www.linkedin.com/company/divd-nl/
May Contain Hackers (MCH2022) Hacker Conference: https://mch2022.org/#/
____________________________
To see and hear more Redefining Security content on ITSPmagazine, visit:
https://www.itspmagazine.com/redefining-cybersecurity
Are you interested in sponsoring an ITSPmagazine Channel?
👉 https://www.itspmagazine.com/podcast-series-sponsorships