Contact
EDNON Support
 

Services

We are focused on delivering value as a Managed Service Provider (MSP) (cybersecurity, data protection and backups, business continuity, etc.) so that our clients can focus their energy and resources on their activity, on what really matters: their business, not worrying about secondary or non-essential activities and guaranteeing the quality of service by signing Service Level Agreement contracts (SLA).

Ednon’s ambition is to be your trusted technology partner, so our goal is to provide you tranquility by delivering value through our services, resulting in better operations and lower costs.

MANAGED SERVICES

  • SERVICES ENOC-CSIRT
    ENOC ENOC-CSIRT ENOC-Intel
    MDR (24x7x365)
    (Managed Detection & Response)    		 Includes the benefits of ENOC Includes the benefits of ENOC or ENOC-CSIRT
    Threat Hunting DFIR
    (Digital Forensics and Incident Response)    		 Cyber-surveillance
    (Silvia – Advanced Surveillance System)
    TDE
    (Threat Detection Engineering)    		 Analysis of Malware and Phishing
    CTI
    (Cyber Threat Intelligence)    		 Incident Readiness

     

    • MDR (Managed Detection and Response).
      The MDR service combines the extensive experience of our highly trained security analysts with fundamental capabilities such as the definition and use of own alerts, Threat Hunting (TH), TDE (Threat Detection Engineering) and enrichment of tools with third-party intelligence. The service is supported by advanced technologies such as SIEM/UEBA, EDR and NDR which allows for complete visibility and an effective response to any type of threat.

      The ENOC-CSIRT operates in 24x7x365 mode in order to have a team of cybersecurity specialists that is always available to provide an agile response to any security incident.

      The ENOC-CSIRT presents regular reports to its clients to enable the tracking of KPIs in order to guarantee the quality and continuous improvement of the service.

    • TH (Threat Hunting)
      It is the core of the ENOC-CSIRT, the objective of this activity is to reduce the dwell time (dwell time), that is, the time a malicious actor spends on an infrastructure until it is detected.For this, a formal process is followed based on a hypothesis that will identify a malicious actor in case of prior commitment and, in any case, ensure that a similar scenario in the future can be detected the threat. The way in which this is guaranteed is through simulation of adversaries, that is, making sure to generate simulated malicious events to validate that adequate visibility, policies and correct configurations are available, etc. This allows us to improve the visibility of the operating state of security organizations. In addition, future detection of such events is guaranteed because each TH campaign ends with a “TDE (Threat Detection Engineering)” activity.
    • TDE (Threat Detection Engineering)
      Threat Detection Engineering (TDE) is another fundamental capability of our SOC significantly strengthening the ability to detect and respond to security threats..

      Threat Detection Engineering (TDE) is an engineering process that allows to deploy signals, alerts or automatisms in order to improve detection capabilities. The aim of this process is to cover all the cases that the tools do not cover by default, taking advantage of other parts of the telemetry so as to increase the number of detections, this will improve visibility and, therefore, will reduce the “dwell time” significantly after each new detection.

     

    • CTI (Cyber Threat Intelligence)

      ENOC-CSRIT relies on different tools to collect intelligence from open sources in order to improve the knowledge base of reactive security tools.

      • MISP is a nuclear element of ENOC-CSIRT as it is connected in a bidirectional way with other MISP instances of other CSIRTs, as well as the National Network of SOCs (RNS) and CSIRT.es, sharing threat intelligence with the entire network of CSIRTs. This allows us to collect, for example, Indicators of Commitment (IOCs), shared in real time by the network of defenders, and apply it to the technological tool stack of the SOC, and if applicable, to the software/security equipment of our customers.

        REYES (valid only for Spanish public sector organizations): this is a solution developed by the CCN-CERT to streamline the work of analysis of cyberincidents and share information on cyberthreats. It’s a cyberintelligence exchange tool.

        Through this centralized information portal any investigation can be carried out quickly and easily, accessing from a single platform the most valuable information about cyberincidents. Information contextualized and correlated with the main sources of information, both public and private.

        The information core of REYES is based on MISP (Malware Information Sharing Platform) technology, which is enriched with external sources of information that allow faster prevention and response to incidents.

    • DFIR (Digital Forensics and Incident Response)
      Our analysts are present in all phases of the life cycle of an incident, from the preparation with periodic reports, new detections own after campaigns of TH (Threat Hunting) and TDE (Threat Detection Engineering), their subsequent identification and once they identify a threat as relevant to the containment, eradication and recovery phases.

      When dealing with a security incident, analysts are activated to actively collaborate with our customers to collect the necessary information through “Live incident response” processes. The acquired evidence will allow an in-depth investigation in order to identify entry vector, artifacts and indicators in order to contain the threat, eradicate the threat actor from the client’s infrastructure and allow the prompt recovery of affected assets.

    • Malware and Phishing Analysis
      Malware and phishing analysis is critical to understanding threats and developing effective protection measures. By understanding how Threat Actors operate, it allows us to improve defense and security incident response strategies.
    • Incident Readiness
      By simulating scenarios with exercises known as “tabletops” our analysts collaborate with customers to identify flaws in procedures and technologies in order to improve them and ensure that, when the time comes to deal with an incident, communication is fluid and all necessary means are available to contain, eradicate and recover from a threat as soon as possible.
    • Ciber vigilancia
      Cyber surveillance allows us to anticipate new threat models that are prepared outside the perimeter of the organization’s network, to know and reduce exposure to potential attackers, as well as monitoring such threats and associated risks in order to be able to act in a timely manner, leading to sound decisions.

      EDNON’s cyber surveillance service is dedicated to observing external networks (Internet, Deepweb, Darknet, etc.) to find these risk signals through:

      • Domain and brand monitoring
        • Reputation
        • Newly Registered Domains

         

      • Credential Leak (Leaked Credentials) or Information Leak (Data Breaches) Monitoring
        • OSINT, SOCMINT
        • Git
        • Pastebins
        • DeepWeb
        • Darkweb

         

      • For this purpose, we have our own tool called Silvia

 

  • RESPONSE TO COMPUTER SECURITY INCIDENTS.
     Our goal is to handle critical cybersecurity incidents, resolve immediate problems, and put solutions in place to address the systemic causes of the incident. A security commitment doesn’t have to mean the same as a disaster. Threats outlook is full of highly qualified, well-funded and motivated adversaries whose sole job is to overcome your security measures, and thus, steal, deliver malware, and generally disrupt your business. When our clients are endangered, we respond quickly to understand the significance and the impact of the incident, and to be sure that it has been contained and eradicated.
  • VULNERABILITY ANALYSIS AND MANAGEMENT
    The Scans service provides our customers with a continuous review of their assets that allows them to minimize the lifetime of known vulnerabilities in their systems.
    We generate actionable technical reports with concise and updated solution proposals. The analysis of vulnerability reports carried out by our technicians will provide the information that allows us to make proposals for improvement, not only to correct vulnerabilities in a timely manner, but to implement configurations that allow to solve them, manage them (possible mitigations), or even avoid them centrally.
    Executive deliverables will also be generated with indicators of service maturity and evolution, among others.
    This will allow the associated security risk to be managed.
    Vulnerability analysis is an integral component of any cybersecurity program, and a vulnerability analysis and management system or service is cited in security certifications (ISO 27001, ENS)by regulatory bodies and a multitude of relevant bodies in the sector (Incibe, CISA, CIS, etc.) as an essential good practice since it is a common entry vector in security incidents.
  • MANAGED SAFE BACKUP.EDNON Managed Backup services allow organizations to stop worrying about a routine activity, but of fundamental importance for the organization, since it is the guarantor of the continuity of the activity after an incident with data loss or data hijacking, or a disaster.
    EDNON provides both the infrastructure necessary to carry out encrypted backups (remote and / or local), as well as the managed and secure services of monitoring, operation and administration of the backup, be they first copies, replicas, second copies, etc.. All with the best security guarantees in local data centers.

  • CYBERSECURITY ASSET MANAGEMENT..
    Delegated service for management, administration, operation and support of different security assets: firewalls, email protection gateways, web traffic gateways, endpoint protection platforms, EDR, etc.

OUTSOURCING

We provide outsourcing services, through specialized and flexible teams that vary depending on the needs of the service of each client.

We carry out the management of IT services based on good practices of ITIL and international standards UNE-ISO / IEC 20000-1: 2018. We are certified and we are audited annually.

We are committed to an efficient delivery of services, guaranteeing both quality and compliance with Service Level Agreements (SLAs) signed.

The main IT outsourcing services we provide -both for public entities and companies- are:

  • Network Operations Center (NOC).
  • System Center Operations Management.
  • Security Operations Center.
  • User Service Centers.
  • Project Management Offices (PMO), etc.

PROFESSIONAL SERVICES

From Ednon, we provide professional information technology services in the areas we are specialized (Cybersecurity, Data, Analytics, Network and Systems Integration):

  • Technology Consulting and Advice.
  • Design and implementation of turnkey technological solutions.
  • Technical audits.
  • Technical assistance.
  • After-sales service.