We have developed a line of services centred on incident prevention, detection and response.


  • Provide visibility, control and continuous monitoring.
  • Administration, operation and security infrastructure management.
  • Resolution of any type of security incident. Protection, detection and risk mitigation.


Monitoring and Correlation of Events


  • Supervision and management of client's IT Security infrastructures.
  • Focused on efficiency and service quality.


Vulnerabilities Management



  • Based on the cyclical practice of Identifying, Classifying, Remedying and Mitigating risks.
  • The services are focused on risk, as a set of quantifiable procedures that are responsible for continuously detecting and mitigating the risks generated by the security vulnerabilities.




Operation and Administration of the Security Infrastructure


  • We operate.
  • Assess. 
  • Maintain and provide support to any security infrastructure.



Response to Incidents and Forensic Handling of Incidents


As a response to an incident, we follow these steps:

  • Preparation.
  • Identification.
  • Containment.
  • Eradication.
  • Recuperation.
  • Forensics.
  • Lessons Learned.



Outsourcing Services


Professionals available for any temporary Security, Cyber Security and GRC need. From junior level to C levels (including virtual CISO / CIO / Head of Cyber Security).

  • Monitoring of the Customer's Security Centre.
  • Security Operation and Administration.
  • Incident response.
  • Training.
  • Monitoring of open, hidden sources and anonymous networks in the Deep Web. Analysis of data and information. Risks evaluation. Response proposals.
  • Identification of events related to information leaks, cyber attacks, cybercrimes and digital fraud.
  • Early detection of threats for illicit use of cyberspace.



Brand Protection


  • Administration of the company and the risk-related brand protection.
  • Early detection and response to any type of threat (including neutralised and deleted content).
  • Examples: False profiles, negative mentions, ex-employee mentions.



Social risks


  • Administration of risks and threats related with social movements that could affect the organisation, cyber activism and hacktivism.
  • Examples: Protests, mass events, flash mobs, strikes, protests, boycotts, etc.



Business risks


  • Based on characteristic factors of the company and its business area.
  • Identification and analysis of potential risks.
  • Continuous tracking of indicators.



Threat Detection


  • Detection of potential threats for the organisation, of any nature.
  • Discovering sensitive information about customers to block threats.



We follow the process below for all these services:



  • Knowledge about the environment / Organisation / Group.
  • Nature of the pertinent threats.
  • Catalogue of threats.
  • Parametrisation of a service.
  • Work procedures.



Information Leak, Detection and Remediation


Constant monitoring of Digital Sources:

  • Open (public).
  • Hidden (hidden websites, hidden networks, TOR, etc.).
  • Search for relevant data, information from digital press, forums, blogs that could represent a threat.
  • With specific surveillance technology: Information about Risks Map, List of Key Words, Semantic Analysis.
  • Real-time.



Monitoring of Digital Infrastructure Threats


  • Vulnerabilities Tracking and Advice:
    • Real-time mediation.
    • Risk level mediation.
  • Cyberthreats newsletter: Security warnings, cybernetic threat newsletters and publications.
  • Impact analysis + associated Action Plan.



Cyber Intelligence sources supply


  • Gathering and correlating intelligence information from + 100 intelligence sources.





Digital Fraud


  • Cybersquatting: Domain registration Monitoring.
  • IPs/Domain reputation.
  • Fraud malware prevention:
  • Detection and analysis of malware to identify malicious binaries.
  • SOCs witch access to global intelligence malware networks.
  • Prosegur CERT.



  • Organizations Support in risk identification and remediation.
  • Increase in the level of maturity and frameworks of Information Security control.
  • Forensic Digital Analysis to clarify an event that occurred in a IT equipments and preparation of an expert report.
  • Response to incidents (DFIR). Advanced management of security incidents both in OnPremise and Cloud systems.



Ethical Hacking


  • Holistic approach.
  • Methodologies such as OSSTM, OWASP and frameworks developed internally.
  • Analysis of:
    • White Software Box and Pentestings.
    • Black Box, Grey Box and Footprinting.
    • Red Team.




Social Engineering


We divide the services into three phases:

  • Recognition: Inclusion of search engines, collecting emails, DNS records, social media, metadata, public records.
  • Intrusion: Phishing attacks to get credentials and access to network levels.
  • Analysis and Reports: Analysis of the information gathered.



Security in applications: Static and Dynamic Analysis


  • Static Analysis: Discovering software vulnerabilities by auditing the source code without having to run the application.
  • Dynamic Analysis: Analysis of applications, extracting information from its dynamic and design through a controlled execution and without accessing the source code.




Security in Applications: Safe Software Development Life Cycle (SSDLC)


  • Safety from the start of the development using static and dynamic Code Analysis and Best Practice tools.
  • Compliance with requirements such as OWASP Top 10, OWASP Top 10 Mobile, NIST, PCI DSS and others.





Judicial computer experience


  • The objective is to clarify an event occurred in a computer or IT system, with the creation of a Forensics Report that can be presented Out of Court or in Court.







Digital DFIr service forensic and incident response


  • Main tasks are broken down into three phases: Collection of information, in-situ and operating procedures generation, both in OnPremise and laaS Cloud environments.
  • Multi-disciplinary team made up of different profiles: Ethical hackers, System-Network Administrators and Forensic Analysts, with the most relevant certifications in their field.
  • As an IT Emergency Response Team (CERT - CSIRT), we are able to contain threats, analyse malware and perform DDOS data analysis and forensic analysis.
  • SLAs and time banks, selected according to the customer's needs.
  • Bag of hours in 8x5 or 24x7 mode and SLA, selected according to the needs of the client.


Example of cases: Service Refusal, Malware Analysis, Information Leaks, Ransomware, Compromised Systems, Remediation Of Cloud Attacks, Intellectual Property Vulnerabilities, Regulatory Violations, Internal/External Intruder Test and Data Recovery.


  • Support in the normative and legal compliance of Information Security.
  • GAP analysis and action plans of Level of Risk.
  • Cybersecurity Technical office for risk management and resilience.



Regulatory and legal compliance


  • Personal data protection: LOPD, GDPR
  • Security certifications: ISO 27001, ISO 22301, PCI-DSS...
  • Legal compliance with cyber security: PIC, ENS, NIS...



Security Management


  • Security governance model (GRC).
  • Management, analysis and control of Cybersecurity risks.
  • Security office: global strategy, indicators, metrics, controls, resilience level, etc.



Information security services



  • Security Audits.
  • Guidance plans, business continuity plans, creation of procedures and policies.
  • Training and awareness.
  • Design and implementation of Cybersecurity solutions for protection and response to incidents.
  • Configuration and programming of Cybersecurity tools to reduce IT and OT risks.



Solutions design


  • Analysis of the Technical architecture security and status of current customer solutions.
  • GAP analysis between current situation and desired level of risk.
  • Design of technological architectures focused on protection and cybersecurity resilience.



Infrastructures implementation


  • Agreements with the main international Security software vendors.
  • Continuous research of new technologies.
  • Protection of the perimeter, job, in the cloud and OT installations.



Configuration and customisation


  • Configurations based on the customer's risks.
  • Collaboration with the Hacking Departments to create customized patterns.
  • Application of best-in-breed Project Management Methodologies.


Solutions Integration



Strategic Agreements

Company Certificates