A Mexican company with 15+ years of experience, formed by a group of consultants that designs information security strategies aligned with our clients' business objectives, to generate competitive advantages through a comprehensive security architecture.
Provide quality IT services through collaboration, talent development and productivity for the satisfaction of our customers.
We will be the most recognized Mexican brand for its practice of quality and innovation in the delivery of IT services.
Provide the highest quality and innovation in cybersecurity, orchestration and end-to-end managed services.
The purpose of the Nordstern Technologies Incident Response Center is to immediately address the cybersecurity incidents of organizations to mitigate financial, legal, operational and reputational impacts.
The Nordstern Technologies Incident Response Center uses the framework of the National Institute of Standards and Technology (NIST) that defines four phases:
- Detection and Analysis
- Containment, Eradication, and Recovery
- Post-Event Activity (learned lessons)
The activities and reports of the Nordstern Technologies Incident Response Center during an incident are:
- Analyze and define the severity of the incident (triage)
- Collect and safeguard the evidence
- Define the strategy to solve the incident based on containment, eradication and response actions
- Coordinate other responsible areas, when necessary, to attend and recover services
- Keep informed stakeholders during all phases of the incident
- Make an incident report, including lessons learned
The typical scenarios that affect organizations and are attended by the Nordstern Technologies Incident Response Center are:
- Advanced Persistent Threat
- Data breach
- Denial of Service (DoS)
- Social engineering
- Unauthorized access
- Business Email Compromise (BEC)
- Website Defacement
It is a proactive and systematic search process carried out by the Nordstern Technologies Incident Response Center to detect and isolate cyber threats or IoC's in the systems or in the network, with the intention of anticipating a security attack or breach.
The threat hunting process considers the following phases:
- Generate attack hypothesis
- Search for evidence on servers, network, etc.
- If suspicious elements are identified in the investigation, the scope of the search is extended.
- Otherwise, a new hypothesis is generated.
When the hypothesis is confirmed, an incident is declared and is attended by the Nordstern Technologies Incident Response Center according to the response plan.
The advantage of threat hunting over reactive processes and technologies is to stop the threat before the attacker achieves his goal.
We have proprietary KlugIT software technology, to control our operations under quality and safety standards certified under international standards (ISO 9001, ISO 20000 and ISO 27001).
With KlugIT we continuously monitor the health and availability of all the technological components that support our clients' business processes. In this way, we prevent, identify and attend security events and incidents effectively.
During the monitoring processes the following actions are followed:
- Log collection and preservation and security events
- Event analysis
- Discard of false positives
- Knowledge Base Generation
- Documentation and initial classification of the incident
When the event meets the severity and impact criteria, Nordstern Technologies Incident Response Center is informed.
We develop services focused on the management of our clients' Cybersecurity infrastructure, thereby reducing their operating costs (personnel, training, infrastructure) and obtaining the maximum benefit of technology in favor of the operation of your business.
- Perimeter security
- Endpoint Security
- Network security
- SIEM as a Service
- Secure SD-WAN
Diagnostic services to know in detail the current state of information security and technological infrastructure of each company. The results allow us to build a Cybersecurity strategy tailored to each organization.
- Risk analysis and management
- Vulnerability scan
- Security Governance Model
- Code analysis
- Security testing
- Industrial cybersecurity
By fully understanding the operation and security requirements of the business, we can design a technological architecture in which we integrate solutions (hardware and software) from leading manufacturers in the Cybersecurity market; adapting to the strategic, technological and budgetary needs of the organization.
Our experience in the area allows us to offer highly specialized services, such as the automation of the Cybersecurity infrastructure of our clients (Orchestration), which seek to manage the digital risks of each organization in the most appropriate way.
- Advanced configuration
- Threat intelligence