Cyber Defense Center

NeoSecure provides SGS from its 2 CDC (Cyber Defense Center) in Santiago and Buenos Aires and its 2 CRC (Cyber Response Center) in Lima and Bogotá. In this way, timely responses can be delivered, with local support, and great flexibility regarding the needs of organizations in each market. CDC has state-of-the-art technology for the detection and management of security events in order to optimize protection for customers, with technologies such as SIEM Qradar, XForce, Cortex XSOAR, among others.

Predictive Security Model

Predictive Security Model

NeoSecure’s Managed Security Services are based on a Predictive Security Model. The main focus is to anticipate and this is given by the threat intelligence capacity that allows identifying threats and vulnerabilities of high potential and high probability for the region, based on a large set of data and indicators obtained by the organization. This intelligence allows generating actions to prevent, improving signatures, eliminating vulnerabilities and correcting configurations. Through the NeoSecure SIEM correlation, enriched by intelligence from all our markets and other global sources, the phase of detecting threats in real time is strengthened. The last stage is to respond, it is the moment when NeoSecure deploys its knowledge, processes and technology to support the client in containing a Cybersecurity incident.

Detection and Monitoring: RiskMonitor

The vast experience of the team of security analysts allows for high-level monitoring in real time, managing to identify relevant threats in a minimum of time. For this, there is a team of Level 1 Analysts who discriminate between false positives and the elements that represent a real dawn, rating the severity of the incidents in order to notify clients and escalate critical incidents to Level Analysts 2 for taking mitigation measures and research in greater depth.

Detection and Monitoring: RiskMonitor

Security Technology Management RiskManagement

Security Technology Management: RiskManagement

The administration team is dedicated to keeping the client’s security devices correctly configured in order to optimize their operation. Configuration backups, implementation of new rules and policies, log management, updates and all tasks that allow optimal operation are performed.

Configuration Life Cycle Management: RiskManagement

The CheckScore system, developed by NeoSecure, evaluates the security device configurations against a baseline defined by the NeoSecure Specialization Groups and giving a score of the protection level of the device. Checkscore, therefore, allows managing the life cycle of configurations by seeing and detecting variations, which allows maximizing the protection provided by security technologies.

Configuration Life Cycle Management: RiskManagement
RiskHunting

RiskHunting

RiskHuntingThrough the use of the Watson machine learning tool and the X-Force intelligence system, both from IBM, it is possible to identify relationships between apparently unconnected events, which could be part of a larger attack. In addition to the above, the NeoSecure Hunting team, supported by a solid methodology and training in this type of task, can face various scenarios, with various tools to identify activity not evident in complex environments.

RiskIntelligence

Analysis of more than one hundred sources of information, orchestrated in our intelligence system, allows us to discover emerging threats, new attack techniques, new TTPs, and the actions of cybercriminal groups and new indicators of commitment, and the findings are reported to clients. through alerts. Based on the detections, our operating teams can make decisions that allow us to prevent, detect and respond more effectively. Inputs from intelligence work, such as indicators of commitment, are automatically integrated into SIEM and multiple detection and prevention technologies, enriching information and actively responding to attacks.

RiskIntelligence
Incident Response: RiskMonitor

Incident Response: RiskMonitor

A team of expert engineers, trained and certified in intelligence methodologies, Hunting and forensic analysis, investigates high-severity incidents, managing to determine the scope and impact that they could have for the client. Based on the results of the investigations, countermeasures are implemented, recommendations are delivered to the organizations, and new rules are also generated in the SIEM and new dashboards are provided to customers. In addition, historical data and intelligence systems to obtain information from external sources, allow contextualizing and adding information to the investigation of offenses.

Advanced Correlation and Analytical: RiskMonitor

The QRadar offense system groups related events and context information, allowing information to be added by analyzing and investigating events. On the other hand, the visibility that NeoSecure has when monitoring multiple clients and industries and in various Latin American countries, allows detecting threats from their appearance and anticipating response and mitigation actions. In addition to the above, the NeoSecure Defense Methodology allows the construction of Use Cases for each of the stages of the @ttack Miter map, helping to detect various attack techniques at each stage..

Advanced Correlation and Analytical: RiskMonitor
Incident Management Automation

Incident Management Automation

The Cortex XSOAR (Security Orchestration Automation & Response) system is used in the monitoring process, which automates, through a set of playbooks, the execution of investigation and response actions against threats of various kinds, such as phishing analysis, virus and malware incidents, injection of indicators of commitment, among others. This allows to perform a greater number of tasks in less time, eliminating failures and standardizing the operation.

Security Information Visualization: RiskControl Center

NeoSecure developed the RiskControl Center portal, a tool that provides online visibility to the client about the security status of their organization, built based on the Predictive Security Model and has multiple views to have a better understanding of threats, state of systems, vulnerabilities of devices, service requirements and incidents.

Incident Management Automation