eCSIRT (CZ)

Constituency Type

• Commercial Organisation
• Financial Sector
• Government

Country of constituency

• Czech Republic

ASNs, Domains, IP ranges

• datasys.cz
• esoc.cz
• logmanagement.cz
• faxchange.cz
• faxchange.eu
• mobilchange.cz
• mobilchange.eu
• ums.cz
• workmate.cz
• 86.49.172.145
• 185.154.62.114
• 87.249.140.58
• 93.153.125.192/27
• 94.113.255.160/27
• 77.95.41.159
• 77.78.101.16/28

The eCSIRT provides services to external and them internal clients (managed security services) who have signed a Service Level Agreement (SLA) for 24/7 Monitoring and Incident Response. The constituency consists of organizations operating in Government, State organization, in the energy, healthcare, finance, service provision and other sectors in the Czech Republic, specifically targeting their ICT infrastructure. The eCSIRT has the authority to monitor, collect logs, analyze traffic, and initiate predefined incident response procedures on IT assets under its management, as defined in the client's contractual agreement. The team acts as the trusted point of contact for its constituency in security matters. The constitution is aimed at entities with a direct contractual relationship and covers the monitored infrastructure, including cloud environments, network devices and endpoints defined within the scope of the ELISA SIEM platform deployment. eCSIR Summary The service provides continuous security monitoring of clients' ICT infrastructure on a 24x7x365 basis. It is delivered as either an internal or external service with clearly defined parameters and SLA agreements tailored to each client's requirements. The primary platform for service delivery is our proprietary SIEM solution ELISA, which handles log collection, integration, and analysis from network devices and other security tools. The service encompasses Network Behavior Anomaly Detection, continuous evaluation of security events and incidents, and activation of predefined response procedures upon threat detection. The service can also be operated on top of alternative SIEM platforms based on client requirements. An integral part of the service is knowledge-based client support, including consultations, security issue resolution, and assistance with security infrastructure configuration. Where required, the service can be extended to include vulnerability scanning and security audits, enabling proactive identification of weaknesses within the client's infrastructure. In the areas of Cyber Threat Intelligence (CTI) and threat hunting, we are actively building our own research capabilities, which we are currently in the early stages of developing. Findings regarding attacker techniques, tactics, and procedures (TTPs) are progressively being integrated into the service's detection and analytical processes.