Entelgy Innotec Security, as an Amazon Web Services partner, provides managed security services to customers such as Fintonic that have infrastructure in the AWS cloud. Since a year ago, this financial-sector company has relied on the cybersecurity company's cyber incident detection and response services. This has given Fintonic visibility into the events taking place in its architecture, enabling it to anticipate attacks and prevent their impact. This is thanks to Entelgy Innotec Security's SmartSOC, which, with its SIEM (Security Information and Event Management) as a service, monitors the AWS cloud through CloudTrail, Elastic Load Balancer and WAF services.
The challenge: lack of visibility in the face of risks and threats
Fintonic, with its infrastructure deployed on the AWS cloud, needed to increase its ability to detect and respond to security incidents. It also wanted visibility into the threats affecting its architecture, which, until Entelgy Innotec Security's services, was limited and relied primarily on internal resources.
Had the challenge not been addressed, the customer would have been much less agile in detecting and responding to risks to its infrastructure. This is because, when a company does not continuously assess its threats, its response capacity is not enough, as it only becomes aware of an incident when it is at a very advanced stage. Without anticipation, the negative effects are very high: economic losses, compromise of data and information, damage to customers, partners and the prestige of the company itself, among others.
Fintonic is a web-based tool that enables users to organise their banking, cards and investments on a single online platform.
In addition, it diagnoses expenses to help users improve their finances, as well as savings proposals.
This company is part of the Fintech industry, a financial sector that applies new technologies to its activity.
The customer has its entire infrastructure in the Amazon Web Services cloud.
The solution: a 24x7 incident monitoring and management service on the AWS cloud
Entelgy Innotec Security has addressed Fintonic's need for 24x7 incident monitoring and management through the company's SmartSOC service and SIEM as a service system. This service provides Fintonic with best practices in security, surveillance and security event triage.
In this way, security events or logs are collected directly from the AWS cloud, specifically from its solutions (CloudTrail, Elastic Load Balancer and WAF), in order to integrate them into Entelgy Innotec Security's SIEM, analyse them and detect possible incidents.
The SIEM is a software that facilitates the analysis of hundreds of security events per second. Correlations are made and use cases or queries are displayed with an intentionality. A specific pattern is sought, understanding when an event occurs and generating security alerts to help detect it in the future. In addition, Entelgy Innotec Security provides corrective recommendations based on the lessons learned during the process.
In the same way, the cybersecurity company applies its experience and knowledge acquired over more than 20 years in the service and in different clients. For example, after observing IMDS (Instance Metadata Service) attacks in other companies in the same sector, Entelgy Innotec Security has made an additional effort to proactively detect this type of attack. A specific threat in AWS environments that makes it possible to easily extract highly sensitive customer data.
In the face of such attacks, and from its SmartSOC, the company is able to identify through AWS logs successful IMDS access requests, differentiating between legitimate requests, scans from an automated application or actual intrusion attempts seeking access to sensitive data.
The result: critical incident reporting in 30 minutes
Fintonic now has constant monitoring of its platform based on AWS, allowing it to have a broader view and anticipate risks and threats, acting before an incident occurs or reducing its impact and scope once it has taken place. In addition, detection is made of possible attempts to exploit IMDS attacks, one of the most common threats in recent times.
Entelgy Innotec Security's ability to act is noteworthy, as it committed from the start of the work to notify critical security incidents within a maximum of 30 minutes, activating its Digital Forensics and Incident Response (DFIR) team available 24/7. This has helped to deal with incidents with agility, coordinating all the specialised SmartSOC teams with the customer.
About Entelgy Innotec Security
Leading cybersecurity services company in Spain and Latin America. It provides services to important IBEX 35 companies and organisations such as NATO, UN, OAS, CCN/CNI and INCIBE. It is a Select level partner in the Services Path of Amazon Web Services and is Public Sector authorised.