CYBER-SURVEILLANCE
Its main objectives are:
Cyber-surveillance services are designed to protect our customers proactively, detecting future risk situations that are being forged in open sources.
1. Detect any impersonation attempt on behalf of the client.
The service will be configured with different brands available to the organization which they wish to protect (including keywords, patterns or images), so that when occurrences arise in unauthorized or allegedly unauthorized sites, an alarm will be launched treated by the S2Grupo-CERT.
2. Abusive registration of domain names.
Similarly, domains will be monitored and rules will be created to ” trigger” alarms in case domains that are similar to the legitimate ones are registered.
3. Detection of information published by third parties.
The tool will search preset sources for any customer-related information, then the intelligence service provided by the tool and the analysts will be responsible for assessing if that information is legitimate and whether it poses a risk to the organization. Likewise, a semantic analysis of the occurrences will be performed to be able to evaluate if the information found is positive or negative.
4. Non-consensual utilization of intellectual property rights.
In the event that the unlawful of use customer property rights is detected, the alert would be generated, besides, evidence would be sought so that, if necessary, it could be treated as expert evidence.
5. Fraud
One of the major concerns of organizations is fraud, early detection of parallel channels of illegal marketing of their products or counterfeiting thereof, is vital in order to tackle it.
Proactivity of this service is oriented in this line and any detection of this type will be treated as a priority.
Searches are conducted in open sources, but as usual, these movements occur in both restricted and hidden forums, S2 Grupo will infiltrate users to search them and get successful results.
6. Acts that interfere with the normal client activity
The service will also be helpful for the “Physical” Security Directorate of the organization, so that thanks to the early detection of calls for concentrations or even sabotage the necessary measures may be taken so they do not interfere with the development of the daily activity of the organization.
SERP is an Intelligence System based on semantic correlation of events, which is integrated into the management platform of S2GRUPO-CERT as a key piece for digital surveillance both their own and of SOC customers.
From search sessions, with specific information of an entity from multiple sources of information and various types of format (tweets, news, web content, TOR, etc.), the correlation package collects such information and processes it. This mechanism is fully asynchronous, so that a packet can communicate with the other at the time when the sensitive information detection occurs (event).
After inserting each of the events in the memory of the correlation engine, these are evaluated by correlation rules. The role of these rules is to detect sensitive content (reputational or those who may pose a security risk) in the information contained therein. To detect such content a representation system (ontology) is available having semantic information about a large number of words that can affect the polarization of a given text; this ontology is a semantic representation of a dictionary of words where each contains a score reference to its polarization component, both positive and negative. Finally the result of the correlation performed is sent to the presentation layer.