CERT-SEI

System Administrators

If you're a system administrator, you need to know how to keep your organization's components, code, networks, and operating environment secure and protected from malicious attack. We have many resources to help you do just that. Consider these questions and read on.

Read our FAQ to learn more about the CERT Division;watch videos and see other artifacts that summarize our latest research. If you have questions, please feel free to contact us.

Are You Keeping Up With the Latest Vulnerability Alerts?

Our work in the fields of vulnerability analysis and secure coding helps engineers detect, eliminate, and avoid creating vulnerabilities in software.

CERT/CC Blog
Our team members regularly contribute to the CERT/CC blog to discuss vulnerability discovery, analysis, and disclosure. The team also presents techniques for managing and mitigating vulnerabilities. Team members discuss current research in these areas and in the field of secure coding.

Vulnerability Notes Database
The Vulnerability Notes Database provides timely information about software vulnerabilities.
 

Secure Coding Standards
We coordinate the development of secure coding standards by security researchers, language experts, and software developers using a wiki-based community process.

Mobile Standards and Analysis
This research extends CERT Secure Coding Standards to mobile platforms, including Android, iOS (iPhone and iPad), and Windows Phone 8.

Are You Using the Latest Techniques to Keep Your Networks Secure?

Our network situational awareness researchers develop cutting-edge analysis techniques and tools for operational use in high-impact environments so that organizations are better able to defend their networks from potential attacks.

We have developed and maintain a suite of open source tools for monitoring large-scale networks using flow data. These tools have grown out of the work of the AirCERT project, the SiLK project and the effort to integrate this work into a unified, standards-compliant flow collection and analysis platform.

Are You Managing Risks?

Our resilience researchers create tools, techniques, and methods that help organizations manage operational risk and improve operational resilience.

Cybersecurity Assurance Solutions
Read more about our comprehensive Cybersecurity Assurance Solutions such as the Cyber Resilience Review, Risk and Vulnerability Assessment, and External Dependencies Management Assessment.

OCTAVE Products and Services
These products and services include tools, techniques, and methods for risk-based information security strategic assessment and planning.

Are You Using the Latest Forensics Tools and Techniques?

Our forensics researchers create technologies, capabilities, and practices organizations can use to develop incident response capabilities and facilitate incident investigations.

We have created a suite of forensics tools that help you facilitate forensic examinations and assist authorized members of the law enforcement community, and our forensics case studies detail how we aided the U.S. Secret Service in solving the landmark TJX & Heartland and Iceman cases.

Are You Detecting Malicious Insiders?

Our insider threat work involves conducting research, modeling, analysis, and outreach to define socio-technical best practices so that organizations are better able to deter, detect, and respond to evolving insider threats.

Insider Threat Certificates and Training
Our Insider Threat training and certificate programs are designed for individuals in organizations looking to build, assess, or evaluate an insider threat program, while protecting the privacy and civil liberties of their employees.

Controls and Indicators
The CERT insider threat lab creates controls and indicators derived from our wealth of socio-technical information on insider crimes. These controls and indicators are designed to help organizations prevent, detect, and respond to insider attacks.

Case Analysis
Our analysis of different sectors has resulted in insider threat guidance that is tailored for banking and finance, government, critical infrastructure, and information technology sectors.

Insider Threat Blog
Our blog reflects with our latest research findings.

Take a Course

Assessing Information Security Risk Using the OCTAVE Approach
In this three-day course, participants learn to perform information security risk assessments using the Operationally Critical Threat, Asset, and Vulnerability Evaluation (OCTAVE) Allegro method.

OCTAVE Approach Instructor Training
This two-day course teaches candidate OCTAVE instructors how to deliver the Assessing Information Security Risks Using the OCTAVE Approach course.

Malware Analysis Apprenticeship″ Advanced Forensic Response and Analysis
This five-day hands on course provides participants with an opportunity to learn best practices for analyzing malicious code.

Applied Cybersecurity, Incident Response and Forensics
This five-day hands-on course is designed to increase the knowledge and skills of technical staff charged with administering and securing information systems and networks. Security topics such as vulnerability assessment, systems administration, network monitoring, incident response, and digital forensics will offer a comprehensive defense-in-depth experience.

Information Security for Technical Staff
This five-day course is designed to provide participants with practical techniques for protecting the security of an organization's information assets and resources, beginning with concepts and proceeding on to technical implementations. The courses focus on understanding and applying the concept of survivability through the effective management of risk, threats, policy, system configuration, availability, and personnel.

Managing Enterprise Information Security: A Practical Approach for Achieving Defense-in-Depth
This three-day course begins with a brief review of the conceptual foundations of information security. Next, students will be introduced to the CERT Defense-in-Depth Framework: eight operationally focused and inter-dependent management components which will be synergistically applied to a fictitious organization's Information Technology (IT) enterprise.

Use Our Tools

Monitor Your Networks

Our network situational awareness researchers develop cutting-edge analysis techniques and tools that help organizations defend their networks from potential attacks. Examples of our tools include SiLK, an efficient network flow collection and storage infrastructure that accepts flow data from a variety of sensors, and iSiLK, a graphical front-end for the SiLK tools. YAF processes packet data into bidirectional flow records that can be used as input into an IPFIX Collecting Process. Our fixbuf library provides a set of functions for processing the IPFIX protocol message format.

Discover and Mitigate Existing Vulnerabilities

Our vulnerability analysis and secure coding tools and techniques help engineers detect, eliminate, and avoid creating vulnerabilities in software.

Attend FloCon

We sponsor FloCon conferences, where operational network analysts, tool developers, researchers, and other parties interested in the analysis of large volumes of traffic showcase the next generation of flow-based analysis techniques. FloCon 2016 takes pace in Daytona Beach, Florida, in January 2016.

Plan Your Security Strategy

OCTAVE
These tools, techniques, and methods for risk-based information security strategic assessment and planning you can use to assess your organization's information security needs.

Assessing Information Security Risk Using the OCTAVE Approach
This course teaches you to perform information security risk assessments using the OCTAVE approach, which provides organizations a comprehensive methodology that focuses on information assets in their operational contexts.

Managing Enterprise Information Security: A Practical Approach for Achieving Defense-in-Depth
This course teaches you high-level best practices for effectively integrating eight components into all aspects of IT operations. Further, the course scenario is used extensively to reinforce these best practices with technical information security implementations.

Manage Your Risks

CERT Operational Resilience: Manage, Protect and Sustain
This webinar showcases the application of resilience models to operationalize risk management and solve hard problems in enterprise security.

CERT-RMM
Apply a process improvement approach to manage operational risk and resilience, security, business continuity, and IT operations.

Practical Risk Management: Framework and Methods
This course teaches you the foundation for a more practical approach to risk management that builds from a straightforward, broad-view method to a complex array of techniques needed for in-depth analyses of complex risks.

Protect Your Data from Malicious Insiders

Custom Onsite Insider Threat Workshops
We tailor confidential onsite workshops to use actual malicious insider incidents that occurred in your organization.

Insider Threat Vulnerability Assessments
Our confidential assessments explore your entire organization, including technical vulnerabilities, business process gaps, management issues, and your ability to deal effectively with behavioral issues.

Insider Threat Best Practices
Use these practices to mitigating IP theft, IT sabotage, and fraud in your organization.

Insider Threat Datasets
This generated collection of synthetic insider threat test datasets provide both synthetic background data and data from synthetic malicious actors.

Report a Vulnerability

We accept reports of security vulnerabilities and serve as a coordinating body that works with affected vendors to resolve vulnerabilities. Report a vulnerability or contact us if you have questions about vulnerabilities.

Ask Us to Help You

  • Use our software vulnerability tools and secure coding tools to discover software vulnerabilities.
  • Identify the insider threat products and services that are right for your organization.
  • Get help in producing and implementing technical controls to deter, detect, and respond to insider threats in your organization.
  • Solve your critical network-related problems.
  • Reduce security risks that result from software vulnerabilities.

Attend a Conference

FloCon 2015, our annual network security conference, provides a rich and rewarding forum for operational analysts, tool developers, researchers, and anyone interested in the analysis of large volumes of traffic to showcase the next generation of flow-based analysis techniques. FloCon 2015 takes place in January 2015 in Portland, Oregon.

Provide Feedback

Tell us how CERT insider threat controls have worked for you.

Send us feedback on our tools to help you monitor large-scale networks using flow data, code securely, or discover and remediate vulnerabilities.