We added the Swiss Government CSIRT team to one of our most well established Community Services last week, bringing the total number of members to 129 national and regional organizations in over 85 countries for our CAP program.
Team Cymru’s mission is to save and improve lives. To further that mission, we have always been embedded in the internet and threat intelligence communities. We spend a lot of time working in the background to deliver critical information to people on the front lines working to make internet and the world a safer place. The CSIRT (Computer Security Incident Response Team) Assistance Program was set up by Dave Monnier nearly a decade ago to give us a channel through which we can send notifications of the malicious activity we observe.
Team Cymru needed trusted conduits to CSIRT teams who could deal with constant actionable intelligence at scale for their entire constituency. Daily feeds of our leading threat intelligence is delivered to these teams at zero cost to any CAP members. Yes that’s correct, we don’t charge for our threat intelligence delivered to our CAP participants.
But don’t just take our word for it…
“Thanks to Team Cymru’s CSIRT Assistance Program CSIRT CEDIA gathers important information regarding present vulnerabilities in our networks, this allows us to start a prompt reaction in order mitigate or correct the issues ahead of time.”
CSIRT CEDIA (cedia.org.ec – Ecuador)
CEDIA is the National Network of Ecuadorian Research and Education
Here are a series of maps detailing which countries are already part of the CAP program. This means that we have an established and on-going relationship providing threat intelligence daily to at least one organization in that country. This threat data is often redistributed to internal stakeholders in that country, based on additional jurisdictional or sector responsibility (typically government, industry, academic or critical infrastructure).
Globally, here is our coverage as of August 2020:
In some countries, there may be more than one CSIRT responsible for securing networks within different sectors (e.g. government or academic). Our policy is to be transparent and to partner with the organization with the most appropriate experience and ongoing resources to process our notifications. Contact us if you have questions about any aspects of our program.
CAP is well known in Europe, thanks to our long standing relationships with our peers in TF-CSIRT (a task force that promotes collaboration and coordination between CSIRTs in Europe and neighboring regions):
Equally we have good representation in South America:
And pockets of strong collaboration in the Asia Pacific region:
Looking forward to Q4 2020, we’re keen to extend our work with African CSIRT teams in sub-Saharan and West Africa:
A quick browse through the daily directories that are typically uploaded for CAP members, reveals text files in the tens of MB range, covering threats such as kasidet, ponyloader, smokeloader, minerpanel, isrstealer, quant amongst other malware with category, IP, ASN, protocol and related supporting information.
“As a National CERT, CERT.br has a strong focus on making the Brazilian Internet ecosystem healthier. To this end we are always looking for partnerships with organizations that can provide data with assured quality, that can help us prioritize the most pressing issues, and the Team Cymru CSIRT Assistance Program is one of the leading sources.”
We know numbers in InfoSec are often hyperbole, but our data confirms that we provide up to 20 million events to global CSIRT teams every day. Does that equate to 20 million lives saved or improved? Of course not, but it’s a a powerful component of what we do, and it costs you nothing. So maybe it’s time to reach out to say hello.
“The program is designed so that the right data goes directly into the hands of people who can use that insight. So if you are involved in a CISRT you should head over to Team Cymru and have a look at their CSIRT Assistance Program. It may be the most productive few minutes of your time that you spend this year.”
(National CIRT of Bangladesh)