Los ataques a la plataforma y sistema TI de las empresas son cada vez más frecuentes y sofisticados. Los atacantes tienen todo el tiempo del mundo, además de un casi ilimitado acceso a recursos, para planificar y ejecutar sus ataques, mientras que las organizaciones tienen muchas restricciones que no les permiten responder de manera oportuna a las amenazas que se presentan.
Attacks on corporate IT platforms and systems are becoming increasingly frequent and sophisticated. Attackers have all the time in the world, in addition to almost unlimited resources, in order to plan and execute their attacks, while organizations have many restrictions that do not allow them to promptly respond to these threats.
Cisco’s 2018 Annual Cybersecurity Report indicates that only 26% of the problems found by security equipment could be resolved only using technology, leaving a gap of 74% unresolved. The report confirms that the current trend is towards outsourcing security services. While 21% of companies kept their security services in-house in 2014, this had fallen to just 6% by 2017. Monitoring services grew from 42% to 49% between 2014 and 2017.
In fact, in the United States of America most companies contracted security services from third parties over the past few years, to ensure that security strategy is aligned with business processes. Furthermore, delegating security to a third party solves the most common problems facing companies, such as budget constraints, inability to invest in hardware and recruit trained personnel, and incident response time being too slow.
SONDA has created a competence center to supply standardized security services across the region, using industry best practices and excellent people, processes and technologies. It provides our customers with integrated coverage for all their IT system security requirements, particularly the monitoring service provided by our Security Operations Center SOC, which has a security monitoring system that correlates events. It is based on a team of engineers organized into various knowledge levels, who use incident management processes based on NIST guidelines, such as SP 800-61 Rev. 2 and the best practices contained in ISO 2000.
This service increases visibility within the customer’s environment using the current infrastructure, where we can configure use cases adaptable to each customer type, such as blind spot attacks, credential theft, penetration outside office hours, and discovery of compromised systems acting as an http bot, among others. An exemplary case was that of a customer from the Government sector in Colombia. On the first day that the system went live, access to an active directory was misused by an administrator, as User “X” had the highest number of successful logins from several cities over a very short period. The investigation discovered that User “X” had administrator privileges and was used by domain administrators for testing, which resulted in a major security problem. If this access had fallen into the wrong hands, then significant changes to the system or processing within the domain could have been achieved without any problem. The widespread use of this access went undetected every day. The issue would only have come to light when an incident occurred, unless an appropriate monitoring system had been installed. However, such a monitoring system detected the issue in time and it was corrected.
As a first step to efficiently managing security, we recommend that you perform a security status analysis, which includes an architecture review, vulnerability analysis and security policy review, to recommend the most appropriate service for the needs and challenges of your organization (Security Operations Center SOC, Managed Services, Vulnerability Management and Consulting), since the ultimate goal should be aligning security to business processes, and protecting your most valuable corporate asset, which is your data and business systems, in order to maintain operational continuity.