Cybersecurity

Prosegur Cybersecurity launches a new era as Cipher.

The cybersecurity team, now under the Cipher brand, introduces this project focusing in securing assets, IT systems, processes and, ultimately, individuals.

Cipher represents Prosegur's determination to lead the cybersecurity industry.

  • A truly specialist and recognized brand in cybersecurity
  • With an experience of 18 years in the market
  • With a global reach and presence in the United States
  • A team of professionals with the highest industry certifications
  • A more robust portfolio of security solutions with global leadership in the field of Managed Security Services
  • Greater investment in R&D

 

We have developed a line of services centred on incident prevention, detection and response.

 

1 BILLÓN
EVENTS MONITORED/DAY

200.000
MANAGED SECURITY ASSETS

5.000
IMPLEMENTATION PROYECTS

10.000
THREATS DEFENDED/MONTH

1.000
CLIENTS

24x7x365
CONTINUOUS OPERATIONS CYCLE

Services

  • Provide visibility, control and continuous monitoring.
  • Administration, operation and security infrastructure management.
  • Resolution of any type of security incident. Protection, detection and risk mitigation.

 

Monitoring and Correlation of Events

 

  • Supervision and management of client's IT Security infrastructures.
  • Focused on efficiency and service quality.
     



 




Vulnerabilities Management

 

 

  • Based on the cyclical practice of Identifying, Classifying, Remedying and Mitigating risks.
  • The services are focused on risk, as a set of quantifiable procedures that are responsible for continuously detecting and mitigating the risks generated by the security vulnerabilities.

 


 

 

Operation and Administration of the Security Infrastructure

THROUGH SOC:

  • We operate.
  • Assess. 
  • Maintain and provide support to any security infrastructure.

 


 

Response to Incidents and Forensic Handling of Incidents

 

As a response to an incident, we follow these steps:

  • Preparation.
  • Identification.
  • Containment.
  • Eradication.
  • Recuperation.
  • Forensics.
  • Lessons Learned.

 


 

Outsourcing Services

 

Professionals available for any temporary Security, Cybersecurity and GRC need. From junior level to C levels (including virtual CISO / CIO / Head of Cyber Security).

  • Monitoring of the Customer's Security Centre.
  • Security Operation and Administration.
  • Incident response.
  • Training.
  • Monitoring of open, hidden sources and anonymous networks in the Deep Web. Analysis of data and information. Risks evaluation. Response proposals.
  • Identification of events related to information leaks, cyber attacks, cybercrimes and digital fraud.
  • Early detection of threats for illicit use of cyberspace.

 


 

Brand Protection

 

  • Administration of the company and the risk-related brand protection.
  • Early detection and response to any type of threat (including neutralised and deleted content).
  • Examples: False profiles, negative mentions, ex-employee mentions.

 


 

Social risks

 

  • Administration of risks and threats related with social movements that could affect the organisation, cyber activism and hacktivism.
  • Examples: Protests, mass events, flash mobs, strikes, protests, boycotts, etc.

 


 

Business risks

 

  • Based on characteristic factors of the company and its business area.
  • Identification and analysis of potential risks.
  • Continuous tracking of indicators.

 


 

Threat Detection

 

  • Detection of potential threats for the organisation, of any nature.
  • Discovering sensitive information about customers to block threats.

 


 

We follow the process below for all these services:

 

 

  • Knowledge about the environment / Organisation / Group.
  • Nature of the pertinent threats.
  • Catalogue of threats.
  • Parametrisation of a service.
  • Work procedures.

 


 

Information Leak, Detection and Remediation

 

Constant monitoring of Digital Sources:

  • Open (public).
  • Hidden (hidden websites, hidden networks, TOR, etc.).
  • Search for relevant data, information from digital press, forums, blogs that could represent a threat.
  • With specific surveillance technology: Information about Risks Map, List of Key Words, Semantic Analysis.
  • Real-time.

 


 

Monitoring of Digital Infrastructure Threats

 

  • Vulnerabilities Tracking and Advice:
    • Real-time mediation.
    • Risk level mediation.
  • Cyberthreats newsletter: Security warnings, cybernetic threat newsletters and publications.
  • Impact analysis + associated Action Plan.

 


 

Cyber Intelligence sources supply

 

  • Gathering and correlating intelligence information from + 100 intelligence sources.

 

   

 


 

Digital Fraud

 

  • Cybersquatting: Domain registration Monitoring.
  • IPs/Domain reputation.
  • Fraud malware prevention:
  • Detection and analysis of malware to identify malicious binaries.
  • SOCs witch access to global intelligence malware networks.
  • Prosegur CERT.

 

TECHNICAL AUDIT: 

  • Organizations Support in risk identification and remediation.
  • Increase in the level of maturity and frameworks of Information Security control.
  • Forensic Digital Analysis to clarify an event that occurred in a IT equipments and preparation of an expert report.
  • Response to incidents (DFIR). Advanced management of security incidents both in OnPremise and Cloud systems.

 


 

Ethical Hacking

 

  • Holistic approach.
  • Methodologies such as OSSTM, OWASP and frameworks developed internally.
  • Analysis of:
    • White Software Box and Pentestings.
    • Black Box, Grey Box and Footprinting.
    • Red Team.

 

 


 

Social Engineering

 

We divide the services into three phases:

  • Recognition: Inclusion of search engines, collecting emails, DNS records, social media, metadata, public records.
  • Intrusion: Phishing attacks to get credentials and access to network levels.
  • Analysis and Reports: Analysis of the information gathered.

 


 

Security in applications: Static and Dynamic Analysis

 

  • Static Analysis: Discovering software vulnerabilities by auditing the source code without having to run the application.
  • Dynamic Analysis: Analysis of applications, extracting information from its dynamic and design through a controlled execution and without accessing the source code.

 

 


 

Security in Applications: Safe Software Development Life Cycle (SSDLC)

 

  • Safety from the start of the development using static and dynamic Code Analysis and Best Practice tools.
  • Compliance with requirements such as OWASP Top 10, OWASP Top 10 Mobile, NIST, PCI DSS and others.

 


 

DIGITAL FORENSICS:

 

Judicial computer experience

 

  • The objective is to clarify an event occurred in a computer or IT system, with the creation of a Forensics Report that can be presented Out of Court or in Court.

 

 

 

 

 


 

Digital DFIr service forensic and incident response

 

  • Main tasks are broken down into three phases: Collection of information, in-situ and operating procedures generation, both in OnPremise and laaS Cloud environments.
  • Multi-disciplinary team made up of different profiles: Ethical hackers, System-Network Administrators and Forensic Analysts, with the most relevant certifications in their field.
  • As an IT Emergency Response Team (CERT - CSIRT), we are able to contain threats, analyse malware and perform DDOS data analysis and forensic analysis.
  • SLAs and time banks, selected according to the customer's needs.
  • Bag of hours in 8x5 or 24x7 mode and SLA, selected according to the needs of the client.

 

Example of cases: Service Refusal, Malware Analysis, Information Leaks, Ransomware, Compromised Systems, Remediation Of Cloud Attacks, Intellectual Property Vulnerabilities, Regulatory Violations, Internal/External Intruder Test and Data Recovery.

 

  • Support in the normative and legal compliance of Information Security.
  • GAP analysis and action plans of Level of Risk.
  • Cybersecurity Technical office for risk management and resilience.

 


 

Regulatory and legal compliance

 

  • Personal data protection: LOPD, GDPR
  • Security certifications: ISO 27001, ISO 22301, PCI-DSS...
  • Legal compliance with cyber security: PIC, ENS, NIS...

 


 

Security Management

 

  • Security governance model (GRC).
  • Management, analysis and control of Cybersecurity risks.
  • Security office: global strategy, indicators, metrics, controls, resilience level, etc.

 


 

Information security services

 

 

  • Security Audits.
  • Guidance plans, business continuity plans, creation of procedures and policies.
  • Training and awareness.
  • Design and implementation of Cybersecurity solutions for protection and response to incidents.
  • Configuration and programming of Cybersecurity tools to reduce IT and OT risks.

 


 

Solutions design

 

  • Analysis of the Technical architecture security and status of current customer solutions.
  • GAP analysis between current situation and desired level of risk.
  • Design of technological architectures focused on protection and cybersecurity resilience.

 


 

Infrastructures implementation

 

  • Agreements with the main international Security software vendors.
  • Continuous research of new technologies.
  • Protection of the perimeter, job, in the cloud and OT installations.

 


 

Configuration and customisation

 

  • Configurations based on the customer's risks.
  • Collaboration with the Hacking Departments to create customized patterns.
  • Application of best-in-breed Project Management Methodologies.

 

Solutions Integration

 

.

Strategic Agreements


Company Certificates