¿Conoces nuestros servicios de Protección, basados en NIST CSF?

Do you know our Protection services, based on NIST CSF?

March 12, 2025 Iñigo Ladrón Morales

At Zerolynx we are specialists in professional services for companies in the field of cybersecurity. Specifically in corporate security, corporate cybersecurity, corporate intelligence, corporate cyberintelligence and patrimonial security.

Our services are aligned with the most important and recognized international cybersecurity recommendations, frameworks and standards. For this reason, our entire offer is based on the NIST framework (National Institute of Standards and Technologies of the United States) and, specifically, on its proposed cybersecurity framework, known as the NIST Cybersecurity Framework (NIST CSF) .

Thus, the Zerolynx offer is articulated through a wide range of professional services that match each of the six functions of the NIST CSF framework:

ID.
Protection.
Detection.
Answer.
Recovery.
Government.

In this article, we will focus on Zerolynx's service offering, aimed at protection against threats in terms of cybersecurity strong>.

Protection is one of the steps that leads to building an intelligent protection strategy. Without cyber defense (see the article “ Customized Cyber Defense Service ”) it is very difficult to mitigate threats, reduce the attack surface , and put all possible barriers to cyber attackers .

But what exactly is protection ? According to the RAE (Royal Academy of the Spanish Language) , it is simply “ the action and effect of protecting .”

Going one step further and focusing on information security and cybersecurity, information protection, or data protection, It consists of the “system that guarantees the confidentiality of personal data…”.

From this definition, and within the framework of cybersecurity, therefore, it is understood that the essential components and factors of protection are the following:

Increase the level of cybersecurity.
Defending / Cyber defense.
Deployment of defense tools.
Cyber threats (detection and fight against them).
Risk mitigation.
Reduction of the attack surface.
Identification of malicious actors.
Prevent the “free transit” of malicious actors and their carrying out “lateral movements”.
Detection of behaviors and anomalies.

Threats will come at any time and from any front, from which we least expect or suspect, and they may be internal or external.

Furthermore, they may be caused (intentionally or unintentionally) by employees and collaborators who have access to our corporate systems. But they could also be caused intentionally by external agents (malicious actors), our service providers in the supply chain, our partners, and even competitors or other sources in Internet, in the market and in social and geopolitical reality.

The protection services must be alert and vigilant in any situation that occurs. This can be done by following advice and security recommendations, applying the guidelines that determine the good practice guides in terms of security, the implementation, deployment, configuration and use of protection tools and services, automation of tasks, continuous monitoring, etc. And all this, from different fronts.

Well, that's what we are for. To help you with resources, knowledge, capabilities, skills and specific intelligence and cyber intelligence activities in which we are experts and which you do not have in your company.

But how do they work and how are these types of services provided? How do we offer them from Zerolynx so that they are the most effective, efficient and beneficial for your business or company?

We offer you these security guidelines and advice, in a completely personalized way for you, your business or company, your employees, your systems, your products and services, your suppliers, your partners, etc.
We help you install, configure conveniently (personalized to the needs of the business and the company) and put into operation those tools. strong>protection and defense, preventive and proactive that you need.
We offer you the implementation of software and hardware tools, applications, corporate solutions, services, etc. From a “simple” antivirus on any device (employee PCs and cell phones), to more complex pieces of application protection, data protection the network, cloud environments, etc., and more advanced services such as Threat Hunting.

We know that each company is a world, with different sectors of activity, different portfolios of services and/or products, different needs, objectives and strategies. For this emotional reason, we adapt to your company, to any type of company, objectives and needs, offering protection services totally personalized to each situation.

Thus, in providing this type of services, we establish several steps when working:

Personalized analysis of the company's situation and priority objectives.
Identification and consensus of needs and requirements.
Preparation of a proposal for a personalized Defense Plan that will include the proposal for protection/defense solutions to be deployed.
Support in the personalized implementation of the proposed and agreed solutions.
Support in the personalized and most convenient configuration of the proposed and agreed solutions within the organization.
Analysis of results.
Issuance of reports on the plan activities carried out.
Audit of the actions carried out and solutions implemented, with the aim of measuring their impact and effectiveness.

This subject is very extensive and our portfolio of protection , intelligence and cyber intelligence services is so broad that we leave you here a summary of all of them:

Security Office. We take charge of all your corporate cybersecurity. If it is not your core business, or if you do not have the capabilities or resources to dedicate time and money to it, we will do it for you. We will be your Blue Team within your teams, partially and completely.
Identity Management. Access control, the establishment of the correct or most appropriate roles and permissions, the implementation and implementation of robust identification and authentication services, are complex and tedious tasks that cannot be perform inexperienced personnel. We take care of it, evaluating the organization's situation, analyzing it and proposing the most appropriate and personalized models of Privileged Access Management (PAM) and Identity and Access Management (IAM) strong>.
Vulnerability Management. Have you ever performed a vulnerability analysis in your company? And, in the unlikely event that you have, have you taken action and performed vulnerability management? We take care of it, analyzing the company's infrastructures, systems, services and applications continuously, detecting the vulnerabilities that exist in all of them, “patching” them or solving them if possible by making updates strong>, thus reducing exposure time.
Security Architecture. Another complex issue that requires experts. With the evaluation and analysis of your organization, we will be able to have an exact picture of the existing level of cybersecurity. With this, we define and implement the corporate cybersecurity framework for the management of the organization's applications, services, network, devices and systems.
Awareness and Phishing Simulation Campaigns. A key issue in corporate cybersecurity is awareness , seasoned at the same time with education , training and coaching . Are your employees prepared to be deceived and attacked? Would they be able to detect one of these threats and know how to act appropriately against them? This is what is important and is key . In many cases, even more than having thousands of solutions, tools and an incredible and enormous battery of defenses and protections (even if they are the best). Leave it in our hands. We are in charge of analyzing the situation of the company and the level of knowledge and skill of the employees. With this, we will propose an action plan that will be based on the acquisition of the necessary knowledge and skills, through personalized training actions , preparation of documentation and training material , even the implementation of a training service for recognition , detection and convenient action against simulated phishing attacks . We already talked about this service in the article “ Cybersecurity awareness services, as important as protection tools ”.
Hardering/Basting of systems and networks. By analyzing and knowing your organization, its infrastructure, applications and services, we will propose the most appropriate applications for your company, the most secure configurations that you should use and we will propose models and secure networks to implement and how to implement them. We already talked about this service in the article “ The bastion of equipment and networks, crucial in corporate cybersecurity .”
Integration of Security Solutions. In many cases, for a good defense it is necessary to communicate different systems so that they interact with each other, both cybersecurity and corporate. This is not an easy task if you do not have the appropriate knowledge and experience. Are you going to deploy a managed antivirus in your organization? A monitoring system? A correlation system? A backup solution? A data and/or communications encryption system?... We help you implement everything and connect each of the parts if necessary.
Secure Development. Are you dedicated to software development ? Have you ever heard the term “ security by design ”, or “ security first ”? Are your developments cyber secure? Is your source code robust and free of vulnerabilities or security holes ? Cybersecurity must be present from the moment of design and definition of any service or software product, but, in addition, also in each of the software development cycles (SDLC) . We help you make this happen, training your staff and implementing secure development methodologies and technologies, to achieve security in software development cycles (SSDLC) . We already talked about this service in the article “ Security in the software life cycle ”.
Training. As we have seen, awareness, knowledge and training are key when we talk about strong>cybersecurity. For this reason, we make it easy for you and train the organization's staff in matters of cyber risks, cyber threats, protection and cybersecurity.
Asset Security Audit. Physical corporate assets are an asset to be protected, as is digital corporate assets. We must protect physical assets and digital assets in the manner most appropriate to their circumstances. For this reason, if you need it, we audit or review the entire physical infrastructure of your organization. This way we can analyze your systems and procedures and, with this, evaluate the level of asset security, detecting deficiencies and proposing improvements.
Management and Direction of Asset Security. In addition to carrying out a survey or audit of corporate assets, we can also take care of its management, in a complete and comprehensive manner strong>, in such a way that it affects the entire organization, all its areas, departments, objectives and processes.
Internal Threats. Those known as “insiders” pose an enormous and serious danger. These, whether they are not aware of being so (unintentionally, due to lack of care, knowledge, awareness and training), or being aware of it (intentionally carrying out illicit or malicious activities), can ruin the continuity of the business. We refer to employees, suppliers within the supply chain, partners, etc., who, having strong> authorized access to sensitive information of the organization, they may misuse it or act badly on it. We are in charge of detecting these types of situations and detecting possible insiders.
Operations Security (OPSEC). Your company operates on several fronts, both physical and logical/digital, operating with different infrastructures, communications, networks, devices, etc. All of this leaves traces, a series of data and information about the operations they perform . Such data could be exposed and compromised or intervened by malicious actors . We ensure that they are safe and secure, through the use of countermeasures that make it difficult for cyber attackers to know and access said information. We already talked about this service in the articles “ OPSEC, critical and sensitive information protection strategy ” and “ Why is it important to hire malicious actor analysis services?” ”.
TSMC Electronic Countermeasures. Do you know if they are spying on you? Is someone tracking any person, property, or company vehicle? Have you had a device or vehicle stolen? Let us help you discover and avoid it, detecting hidden image and sound recording and/or transmission systems, as well as beacons that facilitate the tracking of people, objects, devices or vehicles.