success stories

Implementation and maintenance of a Cybersecurity system, adequate to the reality of AMC Drinks, guaranteeing a continuous improvement process.

Customer

AMC Natural Drinks S.L

Sector

Industry

Capabilities used

On the regulatory side, we have worked jointly on the implementation of ISO 27001 and 22301. Cybersecurity services consisted of the deployment of tools to monitor network events and review them, management of equipment vulnerabilities, as well as continuous monitoring of the security solutions implemented on the client's e-mail. All this is complemented by a technical and regulatory advisory service for any issue, as well as technical audits to measure the level of security and a digital surveillance service to identify risks and threats in the network that affect the customer.

Situation

AMC Natural Drinks S.L. is part of the AMC Group, one of the largest Spanish companies in international sales, with factories in Spain and Holland.
At the beginning of the service, we learned first-hand the degree of maturity of the client in terms of cybersecurity, identifying the improvements to be implemented in the solutions already in place, as well as the deployment of new tools that allowed us to monitor events within the client's network or identify the vulnerabilities present.

Tasks

The service provided can be divided into four parts.

  • Regulatory compliance, where an advisory service is provided, working hand in hand with the client in the implementation of ISO 27001 and 22301.
  • Digital Surveillance Service, which aims to identify potential risks such as leaked emails or passwords, reputational analysis or the analysis of metadata exposed on the Internet.
  • Managed security, where we integrate the information sources within the SIEM, monitoring and analyzing from the SOC 24x7x365 any identified security event. We work to limit the client's attack surface by identifying vulnerabilities in the client's machines and monitoring suspicious access to corporate email.
  • Technical audits, where we test the security systems implemented by the client in order to detect vulnerabilities so that they can be solved.

 

Action

Within each service that makes up the set of Cybersecurity service that we provide within AMC Natural Drinks S.L., we have had to adapt it to the needs or situations that we have found in the client.

In the regulatory part, where, depending on the documentation and availability of the client, we have been adapting the preparation of documentation to be completed by the client. Within the monitoring service, we have integrated the different sources of information, filtering and parsing them to be subsequently correlated by the SIEM. The monitoring of corporate mail security tools, after a first analysis, we saw that we had to change the initial approach proposed by the client.

In this way, we have been rethinking each line that makes up the Cybersecurity service, to adjust it to the needs that we have been finding in AMC Natural Drinks S.L.

Result

The technical audits carried out have allowed us to identify a series of failures in the configurations that affect the client's security, solving unknown vulnerabilities. In other cases, after analyzing the initial proposal of the service, we have seen that it was necessary to reformulate it, the management of corporate mail control tools for the monitoring of phishing and malware events. After an initial review of the tools, it was identified that the scope of the service should focus on access to users' mail. This allowed us to identify security flaws that subsequently prevented unwanted access to users' email accounts.