¿Conoces nuestros servicios de Identificación, basados en NIST CSF?

Do you know our Identification services, based on NIST CSF?

July 2, 2024 Iñigo Ladrón Morales

At Zerolynx we are specialists in professional services for businesses in matters of cybersecurity. Specifically in corporate security, corporate cybersecurity, intelligence corporate, cyber intelligence corporate and asset security.

Our services are aligned with the most important and recognized international cybersecurity recommendations, frameworks and standards. For this reason, our entire offer is based on the NIST framework (National Institute of Standards and Technologies of the United States) and, specifically, on its proposed cybersecurity framework, known as the NIST Cybersecurity Framework (NIST CSF) .

Thus, the Zerolynx offer is articulated through a wide range of professional services that mach with each of the six functions of the NIST CSF framework:

Identification.

Protection.

Detection.

Answer.

Recovery.

Government.

In this article, we will focus on Zerolynx's service offering, aimed at identification of threats in terms of cybersecurity.

identification is the initial step that leads to building an intelligent protection strategy. Without information, without knowledge, it is very difficult to protect and detect before a disaster occurs.

In this sense, corporate intelligence is essential. And, specifically threat intelligence, cyber threat cyber intelligence, or also known as threat intelligence.

But what exactly is intelligence ? According to the RAE ( Royal Academy of the Spanish Language ) , it is the “ ability to understand, understand and solve problems (knowledge, comprehension and act of understanding) ”.

In addition, it goes further, defining the “Intelligence Services” as the “State organization that provides the executive branch with analysis and information to improve strategic decision-making aimed at preventing or neutralizing threats and defending national interests”.

From this definition, therefore, it is understood that the essential components and factors of intelligence are the following:

Information / data.

Gathering / obtaining.

Understanding and analysis.

Research and surveillance.

Identification of risks and threats.

Conclusions and recommendations of problem resolution and/or improvement.

Decision making, informed.

But, then, what is cyber intelligence and what does it have to do with intelligence ? According to the CCN-CERT ( National Cryptological Center ) , cyber intelligence is “ the set of activities that use all intelligence sources in support of cybersecurity to map the overall cyber threat, gather cyber intentions and capabilities of potential adversaries. , analyze and communicate, and identify, locate and assign the source of cyber attacks .”

In the same way that we talk about security and cybersecurity, we can also talk about intelligence and cyber intelligence, always understanding that we transfer the original concepts to the field of technology, and more in specifically, of the digital environment, of the computer systems, of the ICT (Information and Communications Technologies ) in which we all, including organizations, operate daily (more and more, and it will become even more).

It is clear then that, to be prepared, knowledge is key and we must know ourselves perfectly and also know the adversary or adversaries.

The raising of doubts, the answers to specific questions regarding the state of corporate security and possible objectives, the power to reveal the risks and threats to which the organization could be see exposed, are essential points of the identification strategy.

intelligence and cyber intelligence consists of the acquisition of information and knowledge in this sense. First of all, any company must know what kind of threats and cyber threats can affect you. This is good knowledge, the acquisition of potential threat intelligence.

These threats will arrive at any time and from any front, from which we least expect or We suspect, they may be internal or external. They may be caused (intentionally or unintentionally) by employees and collaborators who have access to our corporate systems. But they could also be caused by external agents, such as our service providers in the supply chain, our partners, and even competitors or other origins on the Internet, in the market and in the social and geopolitical reality.

To achieve this, it is advisable that expert professional hands be dedicated to searching for possible sources of information, and even existing company information on the Internet, through techniques and tools OSINT (Open Source Intelligence).

In this sense, there are determining factors that must be detected and studied by expert analysts, such as as:

Digital presence of the company on the Internet.

Search and analysis of information about the company.

Search and analysis of information from suppliers.

Search and analysis of information from competitors.

Analysis of the security status of the company.

Identification of corporate assets or, at least, the most critical ones that may be exposed to threats.

Determination ofprotection initiativesand activities.

Investigation and analysis of incidents / cyber incidents.

Well, that's what we are for. To help you with resources, knowledge, capabilities, skills and specific intelligence and cyber intelligence activities in which we are experts and which you do not have in your company.

But how do they work and how are these types of services provided? How do we offer them from Zerolynx so that they are the most effective, efficient and beneficial for your business or company?

We support you with our human intelligence/cyber intelligence team. Our Intelligence Unit is made up of a large and multidisciplinary team of experts and operational capacity international.

We support you with our cybersecurity team. Our Cyber Unit is made up of a large team of experts in cybersecurity that will obtain the information necessary for the identification of threats and analysis of cyber incidents, using OSINT techniques, TECHINT, HUMINT, etc., from analysis of information sources on the Internet, the Deep Web and the Dark Web relative and/or of interest to your business.

All the research carried out and all the information collected by both teams at the service of your company is analyzed in detail by expert analysts to obtain conclusions and prepare proposals.

But each company is a world, with different sectors of activity, different portfolios of services and/or products, different needs, objectives and strategies. That is why we adapt to your company, to any type of company, objectives and needs, offering intelligence services and threat identification services Fully personalized to each situation.

For this reason, when providing this type of services, we establish several steps when working:

Personalized analysis of the company's situation, its needs and priority objectives.

Joint and consensual determination of the exact scope of the provision of the service.

Collection of preliminary internal information of interest to be able to begin the work.

Investigations, carried out by our team of expert analysts.

Presentation of the first results of the preliminary obtaining of information and initial conclusions.

Analysis of results and targeting or reorientation of the service in the aspects and objectives considered priority by the company.

Issuance of reports and expert recommendations from professionals, aligned with international frameworks, regulatory and legal compliance ; endorsed and signed by qualified researchers, computer experts, engineers and lawyers.

This subject is very extensive and our portfolio of identification, intelligence and cyber intelligence services is so broad that we leave you here a summary of all of them:

Threat Intelligence or Threat Intelligence. Analysis and evaluation of cybercriminals and cyber attackers, from the point of view of opportunities or “security holes” that they could take advantage of to attack and act, their capabilities and their intentionality. With this vision and information, based on theTIBER methodology, we will be in better conditions to improve corporate defenses.

Campaign and Event Monitoring. The threats are “crouching” and hiding everywhere, waiting for the best opportunity to materialize and attack. Any excuse is good: advertising campaigns, announcements, promotions, artistic, musical or sporting events, market launches of new products or services, electoral processes, etc. Monitoring all this type of activity for threats is of paramount importance.

Strategic Intelligence. The contribution of visibility, information, conclusions and recommendations, derived from the provision of intelligence and cyber intelligence, it is a good first step. But what strategy should we follow next? This specialized consulting service, provided by our extensive team of cyberanalysts and detectives, aims to offer expert and personalized professional advice to give you the guidelines to follow in your organization in establishing priority objectives, decision making and definition of the strategyto follow.

Digital Surveillance. What is happening in the world, and in other companies, organizations and institutions around cybersecurity, around cyber incidents, around cyber attacks, to cyberkidnappings, data exfiltration, etc.? It seems like it would have nothing to do with your company, but they can also affect you (directly or indirectly) and, above all, it is valuable information (intelligence). For this reason, it is important to know information, data and details in this regard, so we will send you periodic reports referring to notices, alerts and situations that have taken place or are taking place.

Corporate Digital Footprint . It basically consists of locating data and information from exfiltrations that have taken place and information exposed on the Internet (from your company or third parties) that may pose a risk to your company. Similarly, we analyzed the company's exposure on the Internet (the corporate digital footprint ). With all this, we will send you periodic reports . We already talked about this service in the article “ The corporate digital footprint and VIP employees ”.

VIP Fingerprint . Locating possible exposed data of your organization's key personnel ( VIP users or employees such as members of the Board of Directors, the CEO, C-Level members, and other key people in your company), as well as other well-known personalities or relevant , such as businessmen and celebrities . We will send you periodic reports with all the information collected in this regard. We already talked about this service in the article “ The corporate digital footprint and VIP employees ”.

Fraud Investigation and Analysis. Have they tried to scam or cyber-scam your company, any of its employees, executive positions, or VIP staff? Have they carried out fraudulent activities? We can help you with personalized investigations adapted to each case, situation and company, detecting the origin, the cause, the attack vector or means of attack, the tools or mechanisms used, with the aim of stopping them in time or taking the most appropriate measures after the incident / cyber incident.

Identification of Information Leaks (Surface, Deep Web and Dark Web) . Exfiltration of general, confidential and sensitive data, or information leaks , is the order of the day. Every day, every week, we hear of new cases that affect the confidentiality , privacy , regulatory compliance and intellectual property of large companies, small businesses, businesses, clients, suppliers and partners. This information, after being accessed and stolen, is usually monetized, being sold on eCrime forums and the black market , on the Deep Web and the Dark Web , thus obtaining huge profits from it. Has it happened in your company? Our service carries out continuous monitoring of all these forums to detect if information about your company exists and/or is being sold in them. We already talked about this issue of information exfiltration in the article “ Business data protection, exfiltration and data leaks ”.

Due Diligence Assistance . In business it is very common to have providers of services, products and resources, to seek alliances and partners with which to strengthen and grow our business by generating synergies, and even to make sales and acquisitions of other companies. But are these elements safe? Are our supply chain and our suppliers ? Are our partners ? Are they the companies we partner with or the companies we buy ? In this Due Diligence process, we search and analyze information about suppliers , partners and companies , to detect their possible risks and help the organization's decisions. We already talked about this service in the article “ Due Diligence, protecting against third-party risks ”.

Litigation Assistance. If your company has suffered unwanted situations, caused by fraudulent, illicit or illegal activities, or if information has been stolen that has been disclosed that has produced regulatory, regulatory, compliance and legal damages, if the identity of the organization has been impersonated, etc. ., we can help and assist you technically in any conflict or process in which you are involved, as the accused or as a victim, contributing the experience and knowledge of our technical investigators and experts

Digital Asset Recovery. Have they attacked your company and managed to steal your digital assets, information and data? Has the cyberattack consisted of a cyberkidnapping and cryption corporate information, through a ransomware and they ask you stop a rescue to be able to recover it and access it? Don't worry, we are at your entire disposal to try to recover such assets and information that may already be marketed (or not yet) on the Deep Web or in the Dark Web.

Shadow IT Search . The “ shadow of IT ” or the “ darkness of IT ” exists and is there. It is evident that the IT departments of organizations do not reach everything and may have their shortcomings, failures, dependencies and external needs. It is also possible (increasingly) that our IT areas have to subcontract and/or collaborate with third-party infrastructures and services that do not belong to the organization and that, therefore, they cannot control (third-party own in their infrastructures, or cloud services / third party cloud). Our work with the Shadow IT Search service is the identification of exposed assets and infrastructure, which are not under the umbrella of the IT department , but which could pose risks to the organization. We already talked about this service in the articles “ The risks of Shadow IT in organizations ” and “ Shadow IT in the corporate digital footprint: the fight against digital Diogenes ”.

Malicious Actor Analysis . If your company has suffered an incident / cyber incident , it is likely that you do not have much visibility about what happened, its origin, its causes, who caused it, how, where, why and where, etc. This knowledge is intelligence that will allow you to effectively improve your defenses and protections. For this reason, we analyze the information of each incident (data exfiltration , sale of corporate data , cyber scams , cyber fraud , ransomware cyber kidnappings , cyber extortions , corporate identity theft , cyber threats , etc.) that the organization has suffered, its effects and consequences. , also detecting the malicious actors responsible for it. We already talked about this service in the article “ Why is it important to hire malicious actor analysis services?” ”

If you want, learn more details by consulting all Zerolynx Identification services .

In addition, you can also learn about Zerolynx 's complete portfolio of cybersecurity and cyber intelligence services .

If you prefer that we inform you personally, do not hesitate to contact us .

Iñigo Ladrón Morales, Content Editor for Zerolynx .