Nikolaos Tsouroulas

It was on a Wednesday at 17:00h when the CIO of a potential customer, who was visiting our offices, asked for a meeting with the product team before leaving. During the session he asked many questions about the scope of our services, the SLAs, the customer portal and security status dashboards, the architecture of our platform, the processes of our SOCs, the training programme we use to keep our staff up to date, our roadmap and vision for the future, and so on. He did not ask anything about technologies. In fact, when I asked him about preferences and opinions his answer was surprisingly "whatever you think is best". His questions made it clear that he did not want a supplier simply to manage the security technology. Neither was he looking for a security supplier to patch up an occasional hole he had in his programme. He urgently needed a partner he could trust with all his security operations. His experience with a recent breach had made it clear to him that rebuilding everything from scratch with internal resources or a jigsaw puzzle of suppliers was not going to work. He did not have the time, budget or knowledge to do it. Especially in a market where there is plenty of technology, but a shortage of experienced professionals. This meeting was 3 years ago and since then we began to see a very clear trend. Very sophisticated customers, such as financial institutions, were increasingly asking to outsource most of their security operations. And smaller organisations, less mature in cyber security, were asking directly for turnkey end-to-end solutions. We began to respond to this type of demand with special projects, bespoke to each client. This customised approach is very powerful but is beyond the reach of some organisations due to its cost, leaving part of our customers unprotected. NextDefense is born As the leading cyber security company in Spain and Latin America, we had an obligation to do something to help as many customers as possible. And so the idea of NextDefense, our new brand of advanced cyber security services, was born. “NextDefense's mission is to provide a complete, leading edge cyber defence solution within the reach of any organisation.” The most important pillar of a solution with this ambition is undoubtedly the team, the cyber security operations. Over the last few years we have been recruiting over 1500 of the best cyber security professionals, and building a global SOC with 11 locations around the world that offers the most advanced services a customer could ask for. This year we have opened our global Managed Detection and Response competence centre, with intelligence analysts, malware analysts, hunters, forensic analysts, vulnerability analysts and all those profiles needed to offer advanced detection and response services. This team is supported by our iMSSP platform, which contains all the necessary pieces to offer cyber security services in an efficient, effective, and integrated way. A platform that, if a customer wanted to copy it, would take several million euros and several years to build. The journey starts with the customer portal for a single, integrated view of all services, case management for full control and millimetric measurement of everything that happens during service delivery to a customer. We have an orchestration and automation layer to deliver the fastest, most efficient service at the lowest possible cost. And telemetry and analytical capabilities based on the best technologies on the market, which have been selected after exhaustive testing in our laboratory and validated in the day-to-day work of hundreds of customers. On these pillars we have built a comprehensive portfolio of advanced cyber security services that can cover most of the functions of the NIST Cybersecurity Framework: Vulnerability Risk Management Most cyber security programmes are doomed to fail because of basic failures in the process of eliminating known vulnerabilities. Much of the complexity lies in the vulnerability remediation process and not just in the discovery of vulnerabilities. That is why we offer a managed Vulnerability Scanning service that does not stop just at discovery. Our analysts filter and prioritise vulnerabilities, and our portal makes it easy for customers to manage and track the entire lifecycle of a vulnerability, from discovery to remediation. Another basic limitation of many vulnerability programmes is that they do not monitor the risk introduced by their partners. Thanks to our Benchmarking, Audit and Compliance solution that uses automatic rating techniques, we can have a very broad, real-time picture of what is happening in our supply chain and therefore act. Finally, in all organisations there are vulnerabilities in proprietary applications or architectures that are only discovered when expert analysts try to gain access by combining different techniques and taking several consecutive steps to reach the target. These types of problems are not discovered with automated tools. That is why at NextDefense we incorporate Pentesting and Security Assistance services, as well as Red Team Assistance in order to provide our clients with a complete guarantee. Cyber Intelligence Sun Tzu said in his "Art of War" that a successful warrior had to know both himself and his enemy. If vulnerability management is the knowledge of oneself, then Cyber Intelligence is the knowledge of the enemy. We have invested a lot of effort over the last few years to have the best tools, identify the best sources and communities for Cyber Intelligence sharing, and carefully select the partners we work with to acquire and share intelligence. Intelligence at NextDefense is as much an attribute of differentiation and quality as it is a catalogue of services. Having our own indicators of compromise feed that is among the highest rated for quality in sharing communities such as the CyberThreat Alliance, where all the market leaders participate, allows us to offer better quality detection and response. On the other hand, we also offer the market leading Digital Risk Protection service in Spain and have incorporated specialised feeds from our partners into NextDefense to meet the most advanced Cyber Intelligence needs. Detection and Response Everything we have told you so far comes together in the core service of our value proposal. Detection and Response family. In short, what our clients ask us to do is to take responsibility for the entire detection and response process, and this is precisely what we have set out to do at NextDefense with our Managed Detection and Response service. A service that allows any company to have a complete and modern SOC without any initial investment. Offered as a monthly subscription, it includes both endpoint detection and response technology from the market leaders (Crowdstrike and Palo Alto) and the entire layer of detection and response services: deployment and configuration, 24/7 monitoring of alerts, threat hunting managed on a regular basis, and a DFIR retainer to provide peace of mind if something happens. A comprehensive service that is sure to bring security and reassurance to many of our clients. For more information about NextDefense you can read this report or get in contact with our experts.

Are you throwing more money than you can afford into your SOC but still failing to detect and respond quickly enough to incidents? Have you suffered the impact of an incident and need to quickly ramp up your security operations before the next one arrives? Are you confused with the hundreds of products and acronyms that the market is pitching to you everyday and just want a MDR partner you can trust to help you create the right solution for you? This is what we do at Telefonica Tech Cybersecurity & Cloud company. We believe that all organizations should be able to count on modern security operations with focus on: Post-breach detection on the endpoint and network based on full visibility and behavior-based techniques Threat intelligence to better detect new threats and guide preparation and response Advanced analytics on all sources available to the organization to add an additional advanced detection layer that unifies all threat vectors Proactive hunting campaigns to make sure nothing slips through the cracks An incident response and crisis management program with all the required capabilities available for when the rainy day comes Scalability and automation to reduce costs Everything you should know about the Managed Detection and Response market We believe that no size fits all and that not all MDR offerings are made equal. To further help our customers understand what they should be looking for in and MDR program and partner we have worked together with Harden Stance and leading MSSP and MDR providers in a report that reviews the MDR market and highlights all the important aspects that a customer looking to improve her detection and response capabilities should consider before engaging with a provider. What does ElevenPaths have to offer as a MDR partner? Our main components are: MDR Lab (detection and response) Our expert team of threats evaluate technologies from leading manufacturers (e.g. EDR, NTA, TIP, Intelligence Feed, Advanced Analytics Platforms etc.), in order to provide consulting services based on organizations’ needs and technical requirements. Managed services in technologies and platforms ElevenPaths provide tailored or turn-key managed services for those technologies and platforms. Administration and investigation of EDR alerts or integration of IoCs and management of TIPs for the application of threat intelligence. Intelligent SOC (iMSSP) Traditional MSSP capabilities merge with the sophisticated features of MDR to enable the customer to outsource their advanced capabilities of monitoring, detection, hunting and response in an ElevenPaths i-SOC.