It was on a Wednesday at 17:00h when the CIO of a potential customer, who was visiting our offices, asked for a meeting with the product team before leaving. During the session he asked many questions about the scope of our services, the SLAs, the customer portal and security status dashboards, the architecture of our platform, the processes of our SOCs, the training programme we use to keep our staff up to date, our roadmap and vision for the future, and so on. He did not ask anything about technologies. In fact, when I asked him about preferences and opinions his answer was surprisingly “whatever you think is best”.
His questions made it clear that he did not want a supplier simply to manage the security technology. Neither was he looking for a security supplier to patch up an occasional hole he had in his programme. He urgently needed a partner he could trust with all his security operations. His experience with a recent breach had made it clear to him that rebuilding everything from scratch with internal resources or a jigsaw puzzle of suppliers was not going to work. He did not have the time, budget or knowledge to do it. Especially in a market where there is plenty of technology, but a shortage of experienced professionals.
This meeting was 3 years ago and since then we began to see a very clear trend. Very sophisticated customers, such as financial institutions, were increasingly asking to outsource most of their security operations. And smaller organisations, less mature in cyber security, were asking directly for turnkey end-to-end solutions. We began to respond to this type of demand with special projects, bespoke to each client. This customised approach is very powerful but is beyond the reach of some organisations due to its cost, leaving part of our customers unprotected.
NextDefense is born
As the leading cyber security company in Spain and Latin America, we had an obligation to do something to help as many customers as possible. And so the idea of NextDefense, our new brand of advanced cyber security services, was born.
“NextDefense’s mission is to provide a complete, leading edge cyber defence solution within the reach of any organisation.”
The most important pillar of a solution with this ambition is undoubtedly the team, the cyber security operations. Over the last few years we have been recruiting over 1500 of the best cyber security professionals, and building a global SOC with 11 locations around the world that offers the most advanced services a customer could ask for. This year we have opened our global Managed Detection and Response competence centre, with intelligence analysts, malware analysts, hunters, forensic analysts, vulnerability analysts and all those profiles needed to offer advanced detection and response services.
This team is supported by our iMSSP platform, which contains all the necessary pieces to offer cyber security services in an efficient, effective, and integrated way. A platform that, if a customer wanted to copy it, would take several million euros and several years to build. The journey starts with the customer portal for a single, integrated view of all services, case management for full control and millimetric measurement of everything that happens during service delivery to a customer. We have an orchestration and automation layer to deliver the fastest, most efficient service at the lowest possible cost. And telemetry and analytical capabilities based on the best technologies on the market, which have been selected after exhaustive testing in our laboratory and validated in the day-to-day work of hundreds of customers.
On these pillars we have built a comprehensive portfolio of advanced cyber security services that can cover most of the functions of the NIST Cybersecurity Framework:
Vulnerability Risk Management
Most cyber security programmes are doomed to fail because of basic failures in the process of eliminating known vulnerabilities. Much of the complexity lies in the vulnerability remediation process and not just in the discovery of vulnerabilities. That is why we offer a managed Vulnerability Scanning service that does not stop just at discovery. Our analysts filter and prioritise vulnerabilities, and our portal makes it easy for customers to manage and track the entire lifecycle of a vulnerability, from discovery to remediation.
Another basic limitation of many vulnerability programmes is that they do not monitor the risk introduced by their partners. Thanks to our Benchmarking, Audit and Compliance solution that uses automatic rating techniques, we can have a very broad, real-time picture of what is happening in our supply chain and therefore act.
Finally, in all organisations there are vulnerabilities in proprietary applications or architectures that are only discovered when expert analysts try to gain access by combining different techniques and taking several consecutive steps to reach the target. These types of problems are not discovered with automated tools. That is why at NextDefense we incorporate Pentesting and Security Assistance services, as well as Red Team Assistance in order to provide our clients with a complete guarantee.
Sun Tzu said in his “Art of War” that a successful warrior had to know both himself and his enemy. If vulnerability management is the knowledge of oneself, then Cyber Intelligence is the knowledge of the enemy. We have invested a lot of effort over the last few years to have the best tools, identify the best sources and communities for Cyber Intelligence sharing, and carefully select the partners we work with to acquire and share intelligence. Intelligence at NextDefense is as much an attribute of differentiation and quality as it is a catalogue of services. Having our own indicators of compromise feed that is among the highest rated for quality in sharing communities such as the CyberThreat Alliance, where all the market leaders participate, allows us to offer better quality detection and response.
On the other hand, we also offer the market leading Digital Risk Protection service in Spain and have incorporated specialised feeds from our partners into NextDefense to meet the most advanced Cyber Intelligence needs.
Detection and Response
Everything we have told you so far comes together in the core service of our value proposal. Detection and Response family. In short, what our clients ask us to do is to take responsibility for the entire detection and response process, and this is precisely what we have set out to do at NextDefense with our Managed Detection and Response service. A service that allows any company to have a complete and modern SOC without any initial investment. Offered as a monthly subscription, it includes both endpoint detection and response technology from the market leaders (Crowdstrike and Palo Alto) and the entire layer of detection and response services: deployment and configuration, 24/7 monitoring of alerts, threat hunting managed on a regular basis, and a DFIR retainer to provide peace of mind if something happens. A comprehensive service that is sure to bring security and reassurance to many of our clients.