CERT-SEI

System Administrators

If you're a system administrator, you need to know how to keep your organization's components, code, networks, and operating environment secure and protected from malicious attack. We have many resources to help you do just that. Consider these questions and read on.

Read our FAQ or contact us if you have questions about our work.

Do You Have Up-to-the-Minute Information about Heartbleed?

Read our take on Heartbleed, and listen to technical staff from the SEI and Codenomicon discuss the impact of the Heartbleed bug.

Are You Keeping Up With the Latest Vulnerability Alerts?

Our work in the fields of vulnerability analysis and secure coding helps engineers detect, eliminate, and avoid creating vulnerabilities in software.

CERT/CC Blog
Our team members regularly contribute to the CERT/CC blog to discuss vulnerability discovery, analysis, and disclosure. The team also presents techniques for managing and mitigating vulnerabilities. Team members discuss current research in these areas and in the field of secure coding.

Vulnerability Notes Database
The Vulnerability Notes Database provides timely information about software vulnerabilities.
 

Are You Using the Latest Techniques to Keep Your Networks Secure?

Our network situational awareness researchers develop cutting-edge analysis techniques and tools for operational use in high-impact environments so that organizations are better able to defend their networks from potential attacks.

We have developed and maintain a suite of open source tools for monitoring large-scale networks using flow data. These tools have grown out of the work of the AirCERT project, the SiLK project and the effort to integrate this work into a unified, standards-compliant flow collection and analysis platform.

Are You Managing Risks?

Our resilience researchers create tools, techniques, and methods that help organizations manage operational risk and improve operational resilience.

OCTAVE Products and Services
These products and services include tools, techniques, and methods for risk-based information security strategic assessment and planning.

Are You Using the Latest Forensics Tools and Techniques?

Our forensics researchers create technologies, capabilities, and practices organizations can use to develop incident response capabilities and facilitate incident investigations.

We have created a suite of forensics tools that help you facilitate forensic examinations and assist authorized members of the law enforcement community, and our forensics case studies detail how we aided the U.S. Secret Service in solving the landmark TJX & Heartland and Iceman cases.

Are You Detecting Malicious Insiders?

Our insider threat work involves conducting research, modeling, analysis, and outreach to define socio-technical best practices so that organizations are better able to deter, detect, and respond to evolving insider threats.

Controls and Indicators
The CERT insider threat lab creates controls and indicators derived from our wealth of socio-technical information on insider crimes. These controls and indicators are designed to help organizations prevent, detect, and respond to insider attacks.

Case Analysis
Our analysis of different sectors has resulted in insider threat guidance that is tailored for banking and finance, government, critical infrastructure, and information technology sectors.

Insider Threat Blog
Our blog reflects with our latest research findings.

Take a Course

Assessing Information Security Risk Using the OCTAVE Approach
In this three-day course, participants learn to perform information security risk assessments using the Operationally Critical Threat, Asset, and Vulnerability Evaluation (OCTAVE) Allegro method.

OCTAVE Approach Instructor Training
This two-day course teaches candidate OCTAVE instructors how to deliver the Assessing Information Security Risks Using the OCTAVE Approach course.

Malware Analysis Apprenticeship″ Advanced Forensic Response and Analysis
This five-day hands on course provides participants with an opportunity to learn best practices for analyzing malicious code.

Applied Cybersecurity, Incident Response and Forensics
This five-day hands-on course is designed to increase the knowledge and skills of technical staff charged with administering and securing information systems and networks. Security topics such as vulnerability assessment, systems administration, network monitoring, incident response, and digital forensics will offer a comprehensive defense-in-depth experience.

Information Security for Technical Staff
This five-day course is designed to provide participants with practical techniques for protecting the security of an organization's information assets and resources, beginning with concepts and proceeding on to technical implementations. The courses focus on understanding and applying the concept of survivability through the effective management of risk, threats, policy, system configuration, availability, and personnel.

Managing Enterprise Information Security: A Practical Approach for Achieving Defense-in-Depth
This three-day course begins with a brief review of the conceptual foundations of information security. Next, students will be introduced to the CERT Defense-in-Depth Framework: eight operationally focused and inter-dependent management components which will be synergistically applied to a fictitious organization's Information Technology (IT) enterprise.

Use Our Tools

Monitor Your Networks

Our network situational awareness researchers develop cutting-edge analysis techniques and tools that help organizations defend their networks from potential attacks. Examples of our tools include SiLK, an efficient network flow collection and storage infrastructure that accepts flow data from a variety of sensors, and iSiLK, a graphical front-end for the SiLK tools. YAF processes packet data into bidirectional flow records that can be used as input into an IPFIX Collecting Process. Our fixbuf library provides a set of functions for processing the IPFIX protocol message format.

Discover and Mitigate Existing Vulnerabilities

Our vulnerability analysis and secure coding tools and techniques help engineers detect, eliminate, and avoid creating vulnerabilities in software.

Attend FloCon

At FloCon, an annual network security conference, operational network analysts, tool developers, researchers, and other parties interested in the analysis of large volumes of traffic showcase the next generation of flow-based analysis techniques. FloCon 2015 takes place in January 2015 in Portland, Oregon.

Plan Your Security Strategy

OCTAVE
These tools, techniques, and methods for risk-based information security strategic assessment and planning you can use to assess your organization's information security needs.

Assessing Information Security Risk Using the OCTAVE Approach
This course teaches you to perform information security risk assessments using the OCTAVE approach, which provides organizations a comprehensive methodology that focuses on information assets in their operational contexts.

Managing Enterprise Information Security: A Practical Approach for Achieving Defense-in-Depth
This course teaches you high-level best practices for effectively integrating eight components into all aspects of IT operations. Further, the course scenario is used extensively to reinforce these best practices with technical information security implementations.

Manage Your Risks

CERT Operational Resilience: Manage, Protect and Sustain
This webinar showcases the application of resilience models to operationalize risk management and solve hard problems in enterprise security.

CERT-RMM
Apply a process improvement approach to manage operational risk and resilience, security, business continuity, and IT operations.

Practical Risk Management: Framework and Methods
This course teaches you the foundation for a more practical approach to risk management that builds from a straightforward, broad-view method to a complex array of techniques needed for in-depth analyses of complex risks.

Protect Your Data from Malicious Insiders

Custom Onsite Insider Threat Workshops
We tailor confidential onsite workshops to use actual malicious insider incidents that occurred in your organization.

Insider Threat Vulnerability Assessments
Our confidential assessments explore your entire organization, including technical vulnerabilities, business process gaps, management issues, and your ability to deal effectively with behavioral issues.

Insider Threat Best Practices
Use these practices to mitigating IP theft, IT sabotage, and fraud in your organization.

Insider Threat Datasets
This generated collection of synthetic insider threat test datasets provide both synthetic background data and data from synthetic malicious actors.

Report a Vulnerability

We accept reports of security vulnerabilities and serve as a coordinating body that works with affected vendors to resolve vulnerabilities. Report a vulnerability or contact us if you have questions about vulnerabilities.

Ask Us to Help You

  • Use our software vulnerability tools and secure coding tools to discover software vulnerabilities.
  • Identify the insider threat products and services that are right for your organization.
  • Get help in producing and implementing technical controls to deter, detect, and respond to insider threats in your organization.
  • Solve your critical network-related problems.
  • Reduce security risks that result from software vulnerabilities.

Attend a Conference

FloCon 2015, our annual network security conference, provides a rich and rewarding forum for operational analysts, tool developers, researchers, and anyone interested in the analysis of large volumes of traffic to showcase the next generation of flow-based analysis techniques. FloCon 2015 takes place in January 2015 in Portland, Oregon.

Provide Feedback

Tell us how CERT insider threat controls have worked for you.

Send us feedback on our tools to help you monitor large-scale networks using flow data, code securely, or discover and remediate vulnerabilities.