News Item

Getting ready for the next security incidents

The EU Agency for Cybersecurity publishes a new report and accompanying repository on measures and information sources to proactively detect network security incidents in the EU.

Published on May 29, 2020

As of April 2020, more than 500 European incidents response teams are listed in the ENISA CSIRTs by Country - Interactive Map. These teams work on a daily basis to improve the prevention, detection and analysis of cyber threats and incidents.

As envisioned by the NIS Directive and in the Cybersecurity Act ENISA is given the responsibility to assist the CSIRTs Network and the Member States in improving the prevention, detection and capability to respond to cyber threats and incidents by providing them with knowledge and expertise. It is within this context that ENISA launched this project in order to improve the proactive detection of network security incidents in the EU, by:

  • Providing an inventory of available measures and information sources;
  • Identifying good practices;
  • Recommending possible areas for development.

In this respect, proactive detection of incidents is defined as the process of discovery of malicious activity in a team's constituency through internal monitoring tools or external services that publish information about detected incidents, before the affected constituents become aware of the problem.

ENISA published the first version of a study entitled “Proactive detection of network security incidents” in 2011. The current work builds and expands on this. It aims to provide a complete inventory of all available methods, tools, activities and information sources for proactive detection of network security incidents. Such tools are used already or could possibly be used by incident response teams in Europe nowadays.

This study identifies the evolution of proactive detection in EU over time, between 2011 and 2019. It also explores new areas that could help improving operational cooperation and information exchange. The goal is to help both new teams that are starting to use new tools and sources, and more advanced teams to assess their level and identify what they could still improve.

Moreover, this work can be used together with the recently released ENISA training on Orchestration of CSIRT Tools or to conduct more focused peer reviews using ENISA maturity methodology.

The results of the project are divided in three reports and in a living repository hosted on GitHub. The objective is to offer a point of reference for new or well-established teams who need to identify or reassess appropriate measures for proactive detection of incidents.

1- Report - Survey results

  • Survey among incident response teams in Europe;
  • Comparison with the 2011 survey.

2- Report - Measures and information sources

  • Inventory of available methods, tools, activities and information sources;
  • Evaluation of identified measures and information sources.

3- Report - Good practices gap analysis recommendations

  • Analysis of the data gathered;
  • Recommendations.

4- Online repository - GitHub

  • Information sources;
  • Measures and tools.


Proactive detection of incidents:

Proactive measures web

Further information:

ENISA - CSIRT Services section

ENISA - CSIRTs and communities section

ENISA - CSIRTs in Europe section

Brochure - Bolstering Incident Response in Europe

For more questions you can contact

For press questions and interviews


Stay updated - subscribe to RSS feeds of both ENISA news items & press releases!

News items:


We use cookies on our website to support technical features that enhance your user experience.
We also use analytics. To opt-out from analytics, click for more information.

I've read it More information