Belonging to the CiSOC of Evolutio Cloud Enabler, S.A, Evolutio CERT was created with the mission of protecting the information systems of our customers, monitoring their control systems and existing digital assets to detect unauthorized activities and intrusions, vulnerabilities and violations of procedures and policies and acceptable use. Provide direct support to our customers in the event of a cybersecurity incident to contain, eradicate and restore information systems to their original situation.
Evolutio-CERT as part of the Evolutio CiSOC, provides specific services to the evolutio customers and we are also the CERT and the SOC our own company. Additionally, informative tasks are carried out on threats and trends of a public nature and open to business environment in Spain.
Download: RFC 2350
Services
Consulting and Auditing
The initial objective of this service is to be able to carry out an analysis to shows us in a precise way the cybersecurity posture of our clients and the preparation of a report that includes an action plan and a roadmap with possible improvements, recommendations for compliant with other reference frameworks and security standards.
Another consulting service provided to our clients focuses on the analysis of the tactics, techniques and procedures used by cybercriminals and attackers that affect an organization based on its own characteristics (size, countries in which it operates and sector of activity) to obtain an offensive matrix of threats.
Additionally, the established controls (defensive matrix) is compared with the offensive matrix in order to detect the gaps that must be covered to reduce the risk of attack.
Preventive
Evolutio-CERT, together with CiSOC provides services aimed at the prevention of security incidents such as:
- Detection and analysis of corporate network traffic anomalies (NTA: Network Traffic analysis)
- Detection and analysis of anomalies or possible endpoint threats
- Detection and analysis of anomalies or possible threats of Public or private cloud infrastructure or SaaS (Casb)
- Vulnerability assessment.
- Newsletters on new vulnerabilities, campaigns, and emerging threats
- Dissemination of good practices in cybersecurity.
- Conducting phishing awareness campaigns.
- Proactive search and threat analysis in Clear Web, Deep Web and Dark Web.
Incidents response
Evolutio-CERT offers technical and operational support in the different stages of the incident management process: preparation, detection, response and post incident. Within these stages, the Evolutio CiSOC performs the triage of the detected threat alerts, the classification, and their analysis. In those alerts that are identified as incidents, we work with the CERT in the containment, mitigation and monitoring of the incidents until the recovery. To do this, we rely on the systems and controls managed by Evolutio’s CiSOC as XDR, WAF, Firewalls and antiDDOs systems.
Finally, the incident report and the lessons learned, as part of the established continuous improvement process, are delivered.
We always maintain coordination with our customers’ incident response teams during all phases of the incident management process.
The scope of incident response will cover the following areas:
- Endpoint: through actions executed based on solutions based on EDR technologies (TrendMicro, Microsoft, PaloAlto and CrowdStrike)
- Network: through actions executed based on solutions based on NDR technologies and actions executed directly on perimeter network infrastructure technologies such as Proxies, WAF, New Generation Firewalls etc.
Monitoring
Evolutio-CERT, relying on the threat monitoring capabilities of Evolutio’s CiSOC, performs the permanent monitoring of threat alerts based both on Evolutio’s SIEM infrastructure, deployed on Evolutio’s centralized multi-client and on the SIEMs that we manage for our clients.
We are constantly developing new use cases for improved threat detection. This SIEM Service is enriched, as well as from the configuration of use cases owned by Evolutio and from the Threat Intelligence Sources with which Evolutio’s team of analysts works, all together with the continuously evolving SOAR capabilities.
Digital Surveillance
Through Evolutio’s CiSOC, we provide Digital surveillance services on sensitive assets of our clients, identifying external threats on them both in the clear, Deep and dark web.