Orange Cyberdefense has achieved NCSC-assured Cyber Incident Response (CIR) provider status.
Orange Cyberdefense has been named as a CIR Level 2 provider, a standard designed to support organisations most at risk of cyberattack, including most private sector businesses, charities, local authorities, and smaller public sector companies within the UK. The NCSC recommends that businesses only use an assured provider when dealing with a cyberattack.
As a CIR Assured Service Provider (ASP), incident response and management is a core principle of Orange Cyberdefense’s business. By assuring Orange Cyberdefense, the NCSC and CREST, a delivery partner for the scheme and provider of its own Cybersecurity Incident Response (CSIR) accreditation, have confirmed that it helps businesses quickly secure and recover their environments; provides technical support at least between 9am-5pm seven days a week; and operates a mature and repeatable incident response methodology.
ASPs must also make use of threat intelligence, which Orange Cyberdefense uses to influence its service portfolio and offer its clients unparalleled knowledge of current and emerging threats. As part of the Orange Group, one of the largest telecoms operators globally with 263 million clients in 29 countries, it holds a unique position in its sector. Last year its SOCs identified and analysed over 99,000 potential security incidents.
As an L2 CIR ASP, Orange Cyberdefense also communicates effectively with its stakeholders, has a diverse technical skillset at all managerial and operational levels, and can mitigate all common incidents with tools including Endpoint Detection and Response. Combined, these capabilities have enabled its CSIRT teams to handle over 400 incident response and forensic engagements in both 2022 and 2023.
John Askew, Country Lead CSIRT (UK/ZA) at Orange Cyberdefense, said, “We are exceptionally proud to have achieved L2 CIR status, which recognises the dedication and skills of our staff and the work that we do for our clients. As an NCSC-assured incident response provider, we hope to support even more businesses during intensely stressful situations, helping them contain, eradicate, and recover from attacks safe in the knowledge that they are in capable hands.”
“As a delivery partner for the NCSC’s Cyber Incident Response (Level 2) scheme, we are delighted to congratulate Orange Cyberdefense for gaining Assured Service Provider status,” said Rowland Johnson, President of CREST. “This means Orange Cyberdefense has been assessed as capable of supporting most organisations with common cyberattacks, such as ransomware. It provides valuable assurance to buyers of the high quality of Orange Cyberdefense’s incident response services.”
Orange Cyberdefense already exceeds some of the qualifiers for L2 status, such as providing 24/7 technical support, so it is on the way to achieving L1. This advanced level will provide its larger public sector customers greater assurance that it can help them recover in the event of an attack.