Caso Práctico

Level 3 expertise and support in CSIRT

Experto en ciberseguridad analizando un incidente de seguridad

Industry
  • Banking & Finance

 

Challenge
  • We were integrated into the Computer Security Incident Response Team (CSIRT) of a major player in the banking sector

Solution

The service involved:

  • Managing level 3 incidents (vulnerabilities, APTs, viruses, etc.);
  • Creating, testing, implementing and maintaining security incident detection rules;
  • Creating and implementing incident management procedures;
  • Coordinating level 2 SOC operations;
  • Carrying out digital investigations / forensics;
  • Hunting threats, analyzing weak signals and developing SIEM use cases;
  • Taking part in the implementation and maintenance of the SIEM, and other security platforms managed by the team;
  • Contributing to log collection and onboarding architecture projects.

Keys to success

  1. Our expertise in security and an in-depth understanding of security production issues in a bank;
  2. Our ability as a service provider to advance subjects in a matrix organization by relying on other production teams;
  3. Our resistance to stress in order to apply their analytical skills and the ability to remain calm during security incidents;
  4. Our good communication skills to manage resistance to change within projects.