Cybersecurity
Is a fundamental pillar in the technological development of this century
We cannot understand the phenomenon of digitalization and digital transformation without linking it to the evolution of cybersecurity in all its breadth. In addition, governments have made this issue one of the areas of greatest legislative development.
In a context of risks and the growth of cyber-incidents, in terms of volume and impact, managed cybersecurity services are a basic element in the sustainable management of enterprises. These services can be provided from specialized centers CERT (Computer Emergency Response Team), CSIRT (Computer Security Incident Response Team) or in its more generic name SOC (Security Operation Center).
We have S2 Grupo CERT, S2 Grupo’s Cyber Security Operations Center. Created in 2007, it is one of the most modern SOCs and has not stopped evolving in its service catalogue, the technology it uses, the work methodologies and the training of a team that supports its operational processes 24×7, 365 days a year.
S2 Grupo CERT is an operations center which provides service in both the IT and OT fields, and we attend to clients of all types anywhere in the world. We have 4 operational centers in Valencia, Madrid, Bogotá and Mexico City from which we provide, in a syndicated manner, continuous protection, detection and response services in cyber security.
The main Operations Center
Located in Valencia, it has a physical infrastructure of more than 2,000 m2 with restricted access spaces for handling sensitive information, IT and OT cyber security laboratories, its own Data Processing Centre, crisis room, training center specialized in cyber security with a capacity for 50 people, 24×7 operations service room, restricted access area (ZAR) for handling classified information, machine room with Generator Set that guarantees the continuity of the electricity supply, physical access control measures and a long etcetera. The Madrid Operations Center functions as the main backup for the Valencia center.
We have more than 300 people working in the CERT, specialists in different areas of IT and OT cyber security with multiple technical and management certifications. The Operations Center team maintains its technological vitality by participating in the management of complex incidents, joining prestigious international events as speakers and attendees and working on cutting-edge R&D+I projects.
In addition to the personnel distributed in the 4 centers of the S2 Grupo CERT, we also add Distributed Operational Groups (DOG) who go to the homes of the clients who need them. These DOGs work directly on the client’s infrastructure and use the entire CERT technological platform as support.
The services of the S2 Grupo CERT
The S2 Grupo Cybersecurity Operations Center has a complete catalogue of services with which we cover all the needs of an organization in terms of cybersecurity:
Cybersecurity awareness
Governance, Risk and Compliance
Software Security
Security audit
Management of cybersecurity services.
Industrial cybersecurity
Digital operations
Cybersecurity incident management
Cybersurveillance
Advanced cyberintelligence
Our catalogue of services is based on the Enterprise Mitigations of MITRE ATT&CK and on the services derived from the application of the National Security Scheme and the STIC Guidelines of the CCN-CERT. We classify incidents according to the STIC 817 Guide for the management of cyber-incidents.
At S2 Grupo CERT we use both our own technology which we have developed and that of third parties when the service requires it. Having our own technology allows us to make flexible, fast and competitive proposals in the deployment of managed security services, also with very fast tactical field deployments for temporary operations (elections, incidents and all types of events).
The operation of the S2 Grupo CERT
S2 Grupo CERT maintains relations with a multitude of national and international cybersecurity centers through FIRST, GÉANT and CSIRT.es, in which it is a very active member. The relationship with the State Security Forces and Corps and with the National Intelligence Center (CNI) is also very close.
We have a complete Unified Management Model and certified with standards such as ISO 27001, ISO 20000, ENS HIGH category, ISO 9000, ISO 14001 and the UNE 166002 standard specialized in Research, Development and Innovation. The deployment of the processes defined in the Management System in the syndicated center guarantees compliance with quality and security standards in the operation of the Service Center.
Level 0: Technological
Where all the autonomous action capabilities of the Service center are concentrated through thousands of “bots” capable of acting automatically in risk situations.
Level 1: Procedural
Able to make an initial suit of the events that jump on the platform scaled by level 0 and thus attend to them quickly. Level 1 of the service center operates in 24×7 every day of the year and also performs the online support function of the Service Center.
Level 2: Specialist
Specialist level that acts for the resolution of security incidents scaled by Level 1 and in the development of intelligence and new “bots” for the Service Center.
Level 3: Specialist
Made up of the Rapid Intervention Teams (RITs) of the S2 Grupo CERT. These teams act in the resolution of critical danger incidents for the clients of the center.
Prevention, detection, support and assistance against ransomware
Ransomware attacks are one of the most damaging incidents for organizations: they exploit software vulnerability, infect the operating system, and can take charge. To prevent this, we offer ransomware attack prevention, simulation, detection, response, containment, support and assistance services, which allows us to minimize their impact and be better prepared.
Response and containment services
This includes customer notification, a remote preliminary diagnosis, the isolation of infected infrastructures, the management of communication to third parties and advice on the next steps.
Prevention services
We evaluate and advise our clients to establish an action plan that increases the organization’s robustness against attacks. We identify sensitive corporate information, develop a plan for prevention measures, an information recovery plan, study the legal implications of attacks and, if necessary, educate employees on cybersecurity.
Detection services
From our CERT we monitor the generation of behavior patterns in the organization’s network and infrastructures that can show that a ransomware-type attack is being prepared. Examples: file deletion, configuration changes, deletion and cancellation of backup copies.
Simulation services
We simulate a ransomware-type attack without harming the organization. In this way we evaluate the measures and behavior of the employees, discover what information is most sensitive to an attack and prepare an action plan with corrections to be applied, according to the deficiencies we detect.
Support and assistance services
We provide on-site assistance to contain the attack, advise on the acquisition and preservation of evidence, evaluate the impact and the possibilities of recovery, help in executing the information recovery plan and also in reversing the effects of the attack, as far as possible.
Industrial Cybersecurity
At S2 Grupo we specialize in strategic sectors and critical infrastructures. The industrial sector is increasingly overlapping with technology, and the actions of automation, sensorization and data processing are articulated through the digital.
Given the need to protect the security of industries in their digitization, at S2 Grupo we provide industrial cybersecurity services from the iSOC, our own operations center, equipped with an operational intelligence platform specialized in industrial facilities. ;
We jointly monitor IT and OT systems and do so using our own technology. We help companies detect vulnerabilities, identify anomalies in industrial systems early on and respond appropriately to possible incidents, with response, contingency and business continuity plans.
We have a wide range of solutions that adapt to the particularities of each environment. Our monitoring architecture is minimally invasive, allows the infrastructure manager to maintain control at all times and ensures that the security of the systems is not compromised. Thanks to S2’s industrial cybersecurity services, you raise the level of protection of your infrastructures and systems.