Entelgy Innotec Security, as an Amazon Web Services partner, provides managed security services to customers such as Fintonic that have infrastructure in the AWS cloud. Since a year ago, this financial-sector company has relied on the cybersecurity company's cyber incident detection and response services. This has given Fintonic visibility into the events taking place in its architecture, enabling it to anticipate attacks and prevent their impact. This is thanks to Entelgy Innotec Security's SmartSOC, which, with its SIEM (Security Information and Event Management) as a service, monitors the AWS cloud through CloudTrail, Elastic Load Balancer and WAF services.

The challenge: lack of visibility in the face of risks and threats

Fintonic, with its infrastructure deployed on the AWS cloud, needed to increase its ability to detect and respond to security incidents. It also wanted visibility into the threats affecting its architecture, which, until Entelgy Innotec Security's services, was limited and relied primarily on internal resources.

Had the challenge not been addressed, the customer would have been much less agile in detecting and responding to risks to its infrastructure. This is because, when a company does not continuously assess its threats, its response capacity is not enough, as it only becomes aware of an incident when it is at a very advanced stage. Without anticipation, the negative effects are very high: economic losses, compromise of data and information, damage to customers, partners and the prestige of the company itself, among others.

The SIEM is a software that facilitates the analysis of hundreds of security events per second. Correlations are made and use cases or queries are displayed with an intentionality. A specific pattern is sought, understanding when an event occurs and generating security alerts to help detect it in the future. In addition, Entelgy Innotec Security provides corrective recommendations based on the lessons learned during the process.

In the same way, the cybersecurity company applies its experience and knowledge acquired over more than 20 years in the service and in different clients. For example, after observing IMDS (Instance Metadata Service) attacks in other companies in the same sector, Entelgy Innotec Security has made an additional effort to proactively detect this type of attack. A specific threat in AWS environments that makes it possible to easily extract highly sensitive customer data.

In the face of such attacks, and from its SmartSOC, the company is able to identify through AWS logs successful IMDS access requests, differentiating between legitimate requests, scans from an automated application or actual intrusion attempts seeking access to sensitive data.

The result: critical incident reporting in 30 minutes

Fintonic now has constant monitoring of its platform based on AWS, allowing it to have a broader view and anticipate risks and threats, acting before an incident occurs or reducing its impact and scope once it has taken place. In addition, detection is made of possible attempts to exploit IMDS attacks, one of the most common threats in recent times.

Entelgy Innotec Security's ability to act is noteworthy, as it committed from the start of the work to notify critical security incidents within a maximum of 30 minutes, activating its Digital Forensics and Incident Response (DFIR) team available 24/7. This has helped to deal with incidents with agility, coordinating all the specialised SmartSOC teams with the customer.