Our approach to cyber-intelligence is based on proactivity, identifying trends or patterns of suspicious activity, and applying knowledge and technology to achieve the required levels of protection by quickly detecting breaches or attacks on assets.

Vulnerabilities – RedTeam

We have internal teams (RedTeam) to detect vulnerabilities that may exist in technological assets, using monitoring tools that perform a continuous search of networks and systems.

We have a bug-bounty programme, managed by selected industry-leading companies, to provide input from cybersecurity experts (ethical hackers) worldwide.

Vulnerability detection includes products and services that are released to the market. In case a vulnerability is found after release, we do our best to fix it as soon as possible.

We ask the research community to give us the opportunity to fix vulnerabilities they find before we publish them, just as we commit to do so if we discover them in third-party products. This collaboration helps protect users’ interests in using up-to-date and secure products.

We are committed to responsible disclosure of vulnerabilities discovered in third party products or services by reporting them directly to the affected product vendors, to a national CERT or through any private service that will also report them privately to the vendor.

You can contact us to report vulnerabilities here.

Incidents – CSIRT

We have the technical and human capacities necessary to respond effectively and quickly to any breach or incident in order to minimise attacks and their consequences, through a network of Incident Response Centres (CSIRTs). The CSIRTs work in a coordinated manner, establishing relationships with other national and international CSIRTs/CERTs, both in the public and private sectors. Cyber exercises are held once a year to train the response teams (CSIRTs) of all countries in the management of potential incidents.

Based on the correct reporting of incidents, the aim is to minimise their impact and to restore availability as soon as possible. Analysing the causes allows us to learn from incidents and take appropriate measures to prevent recurrence.