The customer: Financial sector

Today, the current security situation in the financial sector requires a higher level of protection to prevent not only cyber-attacks, but also banking fraud, phishing and possible vulnerabilities that could jeopardize the systems and information managed by these companies.

Sofistic has 35 clients related to the financial sector at an international level, mainly in Latin America, with whom it has implemented various solutions for a broad protection of companies.

The challenges

As main challenges, the sector seeks to improve both internal and external controls, making visible and prioritizing all cybersecurity events that may occur in the company, in addition to having an extensive analysis of vulnerabilities of the different systems.

The sector has common cybersecurity objectives:

Device security management (endpoint), ensuring information confidentiality, data integrity and availability.

Deepen the securitization of the Microsoft 365 platform, which has a large number of security features that are often not properly exploited, which can pose serious dangers. To establish minimum cybersecurity measures, companies propose to improve the score offered by Microsoft in security configurations to a minimum score of 60 in this score.

Resilience – Rapid recovery from attacks: Ensure rapid and timely response to cyber-attacks, with support in resolving them.

Cloud security: Analysis of vulnerabilities in online applications and support in their resolution. The current situation has forced many entities to adopt cloud-based services quickly and without following the relevant security measures.

Visibility and protection of the entire connected infrastructure, including IoT devices.

Solutions and services

Atlantis SOC: monitoring of threats from the operations centers adapted for this purpose, with presence in two continents, so that greater efficiency is obtained by avoiding night shifts of low productivity and minimizes the risk of loss of service caused by possible catastrophes, massive attacks or meteorological situations by being distributed in two very distant locations.

Pentesting / Ethical hacking: Identification of vulnerabilities (pentesting) that, if exploited, may affect the continuity of operations or lead to fraud.

Protection of employees’ mobile devices: from these devices, employees access corporate resources, to protect them, we combine Microsoft Intune MDM to control device configurations with UareSAFE, to protect these devices against malware and others, providing visibility of their security status in a simple way, all this without violating the privacy of end users.

IBM Assurance I (AS400): We accompany entities to identify security risks and support the implementation of security best practices, user management and monitoring.

Integration between solutions: At SOFISTIC we also perform integrations between Darktrace, Crowdstrike, M365, the SIEMS and other external platforms to achieve having in a single panel all the unified alerts.

Future actions