RFC 2350

EVOLUTIO-CERT
TPL: WHITE - Public Distribution

1. About this document
	
	1.1. Date of last update: 
    	This is the version 4.0, published October 14, 2021
	
	1.2. Distribution Lists: 
		There is no specific distribution channel. Changes are announced on the 
		evolutio website ( https://www.evolutio.com/en/about-us/cert/  )
	
	1.3. Document Location: 
		The latest version of the document is published in 
		https://www.evolutio.com/wp-content/uploads/2021/07/RFC2350.pdf
	
	1.4. Authentication of the Document: 
		This document has been digitally signed by the evolutio-cert

2. Contact Information
	
	2.1. Team Name: 
		Evolutio CERT. CERT of the company Evolutio Cloud Enabler,S.A
	
	2.2. Address:
		Evolutio-CERT, Evolutio Cloud Enabler, S.A. 
		Isabel Colbrand, 8.
		28050 Madrid
		Spain

	2.3. Time Zone: 
		CET / CEST
	
	2.4. Phone Number: 
		Not publicly disclosed.

	2.5. Fax Number: 
		Not available.
	
	2.6. Other Communications: 
		Not available.

	2.7. Email Addresses:
		- Exchange of information related to incidents: evolutio.cert@evolutio.com
		- General inquiries: info.cert@evolutio.com

	2.8. Public Keys and Information Encryption: 
		https://www.evolutio.com/en/obout-us/cert/Public-keys/

	2.9. Team Members: 
		Not publicly disclosed

	2.10. More Information: 

	Information about the services provided by the Evolutio Cert and its CiSOC can 
	be found on the page of our internet portal:
		https://www.evolutio.com/en/about-us/cert/
		https://www.evolutio.com/en/about-us/soc/

	2.11. Hours of operation: 
	The Incident Response Team is available at the following times:
		- Service inquiries: office hours (9.00h-18.00h) CET
		- Incidents classified as having low or medium hazard: office hours 
		(9.00h18.00h)CET
		- Incidents classified with high or Critical danger: 24x7x365. 

	2.12. Community Contact Points: 
		The Community Contact Points are as described in section 2.7


3. Charter

	3.1. Mission Statement: 
	
	Regarding to the CiSOC of Evolutio Cloud Enabler,S.A, Evolutio CERT was 
	created with the mission of protecting the information systems of our 
	customers, monitoring their security control systems to detect unauthorized activities,
	intrusions, vulnerabilities and violations of security policies and procedures.
	In addition, we ensure to provide support to our customers  
	in case of a security incident, containing, eradicating and 
	restoring the information systems to their original situation.
	Our goal is to be recognized as a security leader in our sector
	positioning our services and customers in the application of 
	cybersecurity servicees and technologies. 
	To address all these challenges, and with the aim of ensuring an effective 
	response to possible security incidents, we will work with 
	different stakeholders in Spain and Europe. We also collaborate with 
	INCIBE-CERT and CCN-CERT developing trust, effective operations and 
	promoting the adoption and use of standards, best security practices
	and information classification schemes.

	3.2. Constituency: 

	Evolutio-cert  as part of Evolutio's CiSOC, provides specific services to  
	Evolutio's customers, and we are also the CERT and the SOC for our own 
	company. Additionally, informative tasks are carried out on threats and trends 
	of a public nature and open to business environment in Spain.
	
	3.3. Sponsorship / Affiliation: 

		Evolutio CERT is part of the company Evolutio Cloud Enabler,S.A.

	3.4. Authority: 

	Evolutio CERT operates under the authority of the management of Customer  
	Solutios  within the organizational structure of Evolutio Cloud  Enabler  S.A.

4. Policies

	4.1. Type of Incidents and Level of Support: 
	
	The typology of security incidents managed by Evolutio-cert are aligned with 
	those indicated by the National Security Scheme of Spain (ENS):
		- Abusive Content
		- Harmful Content
		- Obtaining information
		- Attempted Intrusion
		- Intrusion
		- Availability
		- Information commitment
		- Fraud
		- Vulnerability
		- APTs
		
	The level of support will vary depending on the severity of the incident and its 
	potential impact, limited to the detection, containment and remediation 
	systems managed and/or managed by Evolutio's CiSOC. In cases where 
	Evolutio's CiSOC does not manage the necessary control systems, we will 
	collaborate with the clients' IR teams.

	4.2. Cooperation, Interaction and Dissemination of Information:

	Evolutio-CERT considers that the coordination and exchange of information 
	between CERTs  and  SOCs is a matter of vital importance, since this 
	cooperation improves the effectiveness and efficiency in the resolution of 
	cybersecurity incidents. Evolutio-CERT operates within the legal framework of 
	Spain and the European Union in the treatment and confidentiality of the 
	information it manages and has policies and rules for the treatment of 
	classified information.

	4.3. Communication and Authentication:

	The means available for communication is mainly email encrypted with 
	dedicated public keys and published on our portal: 
	https://www.evolutio.com/en/about-us/cert/public-keys/
	Evolutio-CERT recognizes and follows the FIRTS TLP (Traffic  Light  Protocol) 
	version 1.0 in the exchange of information.


5. Services

	5.1. Consulting and Auditing

	The initial objective of this service is to be able to carry out an analysis that 
	shows us in a precise way the cybersecurity posture of our clients, the 
	preparation of a report that includes an action plan and a roadmap with 
	possible improvements and recommendations and to be able to be  compliant  
	with other reference frameworks and security standards.
	Another consulting service provided to clients focuses on the analysis of the 
	tactics, techniques and procedures used by cybercriminals and attackers that 
	affect an organization based on its characteristics (size, countries in which it 
	operates and sector of activity) to obtain an offensive matrix of threats. 
	Additionally, the established controls (defensive matrix) will be analyzed and 
	compared with the offensive matrix to be able to detect the gaps that must be 
	covered to reduce the risk of attack.

	5.2. Preventive

	Evolutio-CERT together with CiSOC provides services aimed at the prevention 
	of security incidents such as:
		* Detection and analysis of corporate network traffic anomalies (NTA: 
		Network Traffic analysis)
		* Detection and analysis of anomalies or possible endpoint threats
		* Detection and analysis of anomalies or possible threats of Public or 
		Private Cloud Infrastructure or SaaS(Casb)
		* Vulnerability assessment.
		* Newsletters on new vulnerabilities, campaigns and emerging threats
		* Dissemination of good practices in cybersecurity
		* Carrying out phishing awareness campaigns.
		* Proactive search and threat analysis in Clear Web, Deep Web and 
		Dark  Web


	5.3. Incident Response:

	Evolutio-CERT offers technical and operational support in the different stages 
	of the incident management process: preparation, detection, response and 
	post incident. Within these stages, the Evolutio CiSOC performs the  triage  of 
	the alerts of the detected threats, the classification and the analysis of  the 
	same. In those that are identified as incidents, we work within the discipline of 
	the CERT in containment, mitigation and monitoring until recovery. To do this, 
	we rely on the systems and controls managed by Evolutio's CiSOC.
	Finally the report of the incident and the lessons learned as part of the process 
	are made as part of established continuous improvement process.
	We maintain coordination with the incident response teams of our customers 
	during all phases of the incident management process.
	The scope of incident response will cover the following areas:
		- Endpoint, through actions executed based on solutions based on EDR 
		technologies (TrendMicro, Microsoft, PaloAlto and CrowdStrike)

		- Network, through actions executed based on solutions based on NDR 
		technologies and actions executed directly on perimeter network 
		infrastructure technologies such as Proxies, WAF, New Generation 
		Firewalls, etc.

	5.4. Monitoring: 

	Evolutio-CERT, relying on the threat monitoring capabilities of Evolutio's CiSOC, 
	performs the permanent monitoring of threat alerts based both on Evolutio's 
	SIEM infrastructure, deployed on Evolutio's centralized multi-client Public and 
	Virtual Infrastructure, and on the SIEMs that we manage for our clients, on 
	which we process all the information and events generated by the different 
	controls implemented. 
	We are constantly developing new use cases for improved threat detection. 
	This SIEM Service is enriched, with the configuration of use cases owned by 
	Evolutio and the Threat Intelligence Sources with which Evolutio's analysts 
	team works, as well as with the continuously evolving capabilities of SOAR.

	5.5. Digital Surveillance: 

	Through Evolutio's CiSOC, we loan Digital surveillance services on sensitive 
	assets of our clients, identifying external threats on them both in the clear, 
	deep and dark web.


6. Incident reporting forms:
	Incident reporting can be done by: 
		* Specific mailbox: evolutio.cert@evolutio.com
		* Contact numbers will be communicated during the incident.


7. Disclaimer
	The Evolutio-CERT Team is not responsible for the misuse that may occur of the 
	information contained herein