Is a fundamental pillar in the technological development of this century

We cannot understand the phenomenon of digitalization and digital transformation without linking it to the evolution of cybersecurity in all its breadth. In addition, governments have made this issue one of the areas of greatest legislative development.

In a context of risks and the growth of cyber-incidents, in terms of volume and impact, managed cybersecurity services are a basic element in the sustainable management of enterprises. These services can be provided from specialized centers CERT (Computer Emergency Response Team), CSIRT (Computer Security Incident Response Team) or in its more generic name SOC (Security Operation Center).

We have S2 Grupo CERT, S2 Grupo's Cyber Security Operations Center. Created in 2007, it is one of the most modern SOCs and has not stopped evolving in its service catalogue, the technology it uses, the work methodologies and the training of a team that supports its operational processes 24x7, 365 days a year.


S2 Grupo CERT is an operations center which provides service in both the IT and OT fields, and we attend to clients of all types anywhere in the world. We have 4 operational centers in Valencia, Madrid, Bogotá and Mexico City from which we provide, in a syndicated manner, continuous protection, detection and response services in cyber security.

The main Operations Center

Located in Valencia, it has a physical infrastructure of more than 2,000 m2 with restricted access spaces for handling sensitive information, IT and OT cyber security laboratories, its own Data Processing Centre, crisis room, training center specialized in cyber security with a capacity for 50 people, 24x7 operations service room, restricted access area (ZAR) for handling classified information, machine room with Generator Set that guarantees the continuity of the electricity supply, physical access control measures and a long etcetera. The Madrid Operations Center functions as the main backup for the Valencia center.

We have more than 300 people working in the CERT, specialists in different areas of IT and OT cyber security with multiple technical and management certifications. The Operations Center team maintains its technological vitality by participating in the management of complex incidents, joining prestigious international events as speakers and attendees and working on cutting-edge R&D+I projects.

In addition to the personnel distributed in the 4 centers of the S2 Grupo CERT, we also add Distributed Operational Groups (DOG) who go to the homes of the clients who need them. These DOGs work directly on the client's infrastructure and use the entire CERT technological platform as support.

The services of the S2 Grupo CERT

The S2 Grupo Cybersecurity Operations Center has a complete catalogue of services with which we cover all the needs of an organization in terms of cybersecurity:

Cybersecurity awareness

Governance, Risk and Compliance

Software Security

Security audit

Management of cybersecurity services.

Industrial cybersecurity

Digital operations

Cybersecurity incident management


Advanced cyberintelligence

Our catalogue of services is based on the Enterprise Mitigations of MITRE ATT&CK and on the services derived from the application of the National Security Scheme and the STIC Guidelines of the CCN-CERT. We classify incidents according to the STIC 817 Guide for the management of cyber-incidents.

At S2 Grupo CERT we use both our own technology which we have developed and that of third parties when the service requires it. Having our own technology allows us to make flexible, fast and competitive proposals in the deployment of managed security services, also with very fast tactical field deployments for temporary operations (elections, incidents and all types of events).

The operation of the S2 Grupo CERT

S2 Grupo CERT maintains relations with a multitude of national and international cybersecurity centers through FIRST, GÉANT and, in which it is a very active member. The relationship with the State Security Forces and Corps and with the National Intelligence Center (CNI) is also very close.

We have a complete Unified Management Model and certified with standards such as ISO 27001, ISO 20000, ENS HIGH category, ISO 9000, ISO 14001 and the UNE 166002 standard specialized in Research, Development and Innovation. The deployment of the processes defined in the Management System in the syndicated center guarantees compliance with quality and security standards in the operation of the Service Center.

Level 0: Technological

Where all the autonomous action capabilities of the Service center are concentrated through thousands of “bots” capable of acting automatically in risk situations.

Level 1: Procedural

Able to make an initial suit of the events that jump on the platform scaled by level 0 and thus attend to them quickly. Level 1 of the service center operates in 24x7 every day of the year and also performs the online support function of the Service Center.

Level 2: Specialist

Specialist level that acts for the resolution of security incidents scaled by Level 1 and in the development of intelligence and new “bots” for the Service Center.

Level 3

Made up of the Rapid Intervention Teams (RITs) of the S2 Grupo CERT. These teams act in the resolution of critical danger incidents for the clients of the center.

Prevention, detection, support and assistance against ransomware

Ransomware attacks are one of the most damaging incidents for organizations: they exploit software vulnerability, infect the operating system, and can take charge. To prevent this, we offer ransomware attack prevention, simulation, detection, response, containment, support and assistance services, which allows us to minimize their impact and be better prepared.

Response and containment services

This includes customer notification, a remote preliminary diagnosis, the isolation of infected infrastructures, the management of communication to third parties and advice on the next steps.

Prevention services

We evaluate and advise our clients to establish an action plan that increases the organization's robustness against attacks. We identify sensitive corporate information, develop a plan for prevention measures, an information recovery plan, study the legal implications of attacks and, if necessary, educate employees on cybersecurity.

Detection services

From our CERT we monitor the generation of behavior patterns in the organization's network and infrastructures that can show that a ransomware-type attack is being prepared. Examples: file deletion, configuration changes, deletion and cancellation of backup copies.

Simulation services

We simulate a ransomware-type attack without harming the organization. In this way we evaluate the measures and behavior of the employees, discover what information is most sensitive to an attack and prepare an action plan with corrections to be applied, according to the deficiencies we detect.

Support and assistance services

We provide on-site assistance to contain the attack, advise on the acquisition and preservation of evidence, evaluate the impact and the possibilities of recovery, help in executing the information recovery plan and also in reversing the effects of the attack, as far as possible.


Request more information about this service

Contact us

Other related servieces