Comprehensive Cybersecurity Package
for companies of all sizes
The COVID-19 pandemic accelerated digital transformation for businesses. This situation managed to maintain the availability and operation of their services, but increased their cyber risk, making them a perfect target for cybercriminals. We are now at the highest peak of cyberattacks in the world, and they continue to rise.
To address this challenge, Nordstern has designed a package of eight premium Cybersecurity as a Service services to build a solid strategy within your business's reach.
Talk to a consultant right now on WhatsApp
It's time!
Take your business to the next level of security.
Have you ever wondered what would happen if your company fell victim to a cyberattack?
In addition to the significant economic impact it could cause, its reputation would also be jeopardized, and it could even lead to the complete paralysis of the company if all information is lost during this incident.
The increase in this risk worldwide, and particularly in Mexico, is pushing organizations to become more aware of the importance of cybersecurity. However, this approach must be implemented intelligently with services and solutions that address critical business processes, improving service availability and focusing on the specific needs of this sector.
By completing this form, you agree to Nordstern's terms and conditions and privacy notice .
ISO 27001 Gap Analysis
SCOPE
Basic Gap Analysis ISO 27001.
General questionnaire.
Understanding current processes and controls.
Understanding the maturity of the current Information Security and Cybersecurity strategy.
Business Continuity Risk Analysis (IT perspective).
DELIVERABLES
Executive report:
Gap Analysis.
Risk Analysis.
Risk heat map.
SCHEME
An annual exercise.
REQUIREMENTS
Answer questionnaires.
Asset inventories.
Understanding sessions with business operations and IT operations personnel
EXCLUSIONS
Does not include gap analysis with other regulations (PCI, ISO 27032, etc.).
Vulnerability management
SCOPE
Periodic analysis of information assets (Windows or Linux Servers).
Scanning for malware with known signatures or known indicators.
Analysis model: White Box.
Quarterly analysis.
First analysis: Baseline.
3 quarterly reports
DELIVERABLES
Quarterly technical and executive reports.
SCHEME
Service in 5 x 8 scheme.
REQUIREMENTS
Internet connection.
Establishing a site-to-site VPN.
Implementation of analysis probe.
The probe must be located within the segment of the equipment to be scanned.
AD Account – Administrator.
EXCLUSIONS
It does not include any remediation process (accompaniment or execution).
No analysis of communications or security infrastructure is contemplated.
Event Correlation (Basic SIEM)
SCOPE
Sources: Servers, FW and AV.
Security Alerts (Standard):
Login Alerts - Server.
Account Change Alerts - Server.
Privilege Change Alerts - Server.
Application Installation Alerts - Server.
Crash Alerts - FW.
Infected Device Alerts - AV.
Correlation use cases. (Standard)
Log storage for 60 days.
DELIVERABLES
Incident reports (unlimited).
Monthly technical/executive service report.
SCHEME
Service in 7 x 24 scheme (alert).
Alerting channels: KlugIT Software, instant messaging, email and telephone.
REQUIREMENTS
Business Objectives Analysis Session.
Information about sources to add.
IPs
Operating system version.
Syslog protocol support.
Internet connection.
Site-to-site VPN setup.
Implementation of log collection probe.
EXCLUSIONS
It does not include reports or regulatory use cases (PCI, ISO 27001, etc.)
Does not include on-demand reports.
Incident Response (Basic)
SCOPE
Incident Response Hours Pool.
Full Incident Response Cycle:
Triage.Analysis of incident evidence.
Diagnosis.
Accompaniment in Containment of
Incidents (malware, email, ransomware1.)
Recommendations for preventing subsequent incidents
DELIVERABLES
Technical/executive service report, per event.
SCHEME
Service in 7 x 24 scheme.
1 Given the unique characteristics of ransomware, the Incident Response service for this type of ransomware is based on a best-effort approach and does not compromise the recovery of encrypted information.
REQUIREMENTS
Sessions with IT and business staff.
Inventory of assets and services.
Definition of evidence delivery mechanisms.
Monitoring incident reporting protocols.
EXCLUSIONS
Forensic analysis activities are not included.
Recovery of encrypted information in the event of a ransomware attack is not guaranteed.
Additional hours beyond the contracted amount can be purchased at a preferential price.
Penetration Test
SCOPE
An annual penetration test.
White Box Model (Basic, for companies with 500 users or less).
Gray and Black Box Model (Advanced, for companies with 501 to 1000 users)
AIM
An external (published service) or internal (server or service) asset (fewer than 500 users).
Up to 4 internal or external assets (501-1000 users).
DELIVERABLE
Technical / service executive report.
SCHEME
Service in 5 x 8 scheme
REQUIREMENTS
Information about the asset to be analyzed, for example:
IP addressing.
Existing applications on assets, operating systems, services, functions, credentials, etc.
Access via VPN site to site.
Express authorization for the execution of the test.
EXCLUSIONS
In the Basic model (500 or fewer users) gray box or black box exercises are not contemplated.
Limited to one goal per exercise (for fewer than 500 users).
Code analysis or web application analysis are not contemplated.
Phishing Test
SCOPE
Simulated Phishing Tests.
Sending hooks (deceptive emails) to all or a defined sample of end users.
Training in best practices for phishing prevention.
DELIVERABLES
Executive report
Percentage of successful phishing on the test sent.
Recommendations for preventing phishing.
SCHEME
A half-yearly exercise.
REQUIREMENTS
Updated database of emails of personnel to be evaluated.
Express authorization for the execution of the test.
Inclusion of the domain used for the test in whitelists.
EXCLUSIONS
Does not include analysis of test results by user.
The generation or delivery of specific and/or customized campaigns for each organization is not contemplated.
Awareness
SCOPE
Pre-lesson assessments to certify the necessary level of knowledge and skills.
Interactive lessons. The program is divided into short lessons (2 to 10 minutes).
Reinforcement. Sending reminders to encourage participation.
REQUIREMENTS
Updated list of staff emails.
EXCLUSIONS
The generation or delivery of specific and/or personalized content for each organization is not contemplated.
Cybersecurity Bulletins (CERT)
SCOPE
Monthly bulletin on the main threats recorded in the environment.
Threat description.
Preventive recommendations.
DELIVERABLES
Monthly delivery in digital format.
REQUIREMENTS
Updated list of email addresses for the organization's IT and Security staff.
EXCLUSIONS
The generation or delivery of specific and/or personalized content for each organization is not contemplated.
Add-on modules
Nordstern offers these Cybersecurity modules, both independently and additionally, for companies that need to scale their technology or infrastructure to complement the services in the Cybersecurity as a Service package.
Management, Monitoring and Support
Nordstern can complement the CaaS package with Managed Security (SOC Level 1) services for the management, monitoring, and technical support of the organization's infrastructure.
Specialized management of security infrastructure (Firewall, UTM, Antivirus, EDR) in a continuous (7x24) and completely remote scheme, under international operating standards.
Continuous monitoring, which allows us to know the health, operational, and availability status of the security infrastructure, increasing our response speed.
Specialized Technical Support. We resolve issues with expert assistance, in Spanish, and with a thorough understanding of each client's operational needs and priorities.
Firewall, Antivirus and EDR as a Service
If your company requires a technology upgrade or a first-time implementation, Nordstern can provide any of these solutions from market-leading brands on a sales or as-a-service basis.
