Photo by Yoel Lopera, Microsoft Security Expert, Softeng

What to do in the event of a cyberattack: 3 keys to managing a security crisis

I begin this article with an uncomfortable truth: assuming that a company can avoid any security incident is unrealistic. Attack surfaces are constantly growing, environments are becoming more complex and cyberattacks more difficult to detect.

Therefore, the challenge in cybersecurity is no longer just to prevent, but to be prepared to respond when it happens. Because in a cybersecurity crisis, the impact is not defined by the attack itself, but by how it is managed during the first hours. Let’s take a look.


Imagine that one Saturday morning, the SOC team detects suspicious activity on a server. Nothing particularly alarming at first, but within minutes there are signs of unauthorized access. It is not yet clear whether information has been stolen, but the risk is there.

As the investigation progresses, questions begin to arise that go beyond the IT team: Do we stop the affected server and assume the operational impact? Do we wait until we have more information with the risk of the attacker moving forward? Do policies, such as NIS2, require us to notify the appropriate authorities? What do we communicate, and when?

It is at this point that it ceases to be just a security incident and becomes a business decision.

Therefore, from our experience in Softeng managing incidents in medium and large companies, we have extracted three lessons that often make the difference between a controlled incident and one that generates a crisis with business impact.

1. The business context is key to making decisions in the event of a security breach.

Returning to the previous scenario, the SOC service has confirmed the unauthorized access, although the situation is now under control: it has been detected quickly and the corresponding response measures have been implemented.

But detecting unauthorized access is not enough to understand the impact it can have on the business.

In effective crisis management, the following more strategic questions must be answered:

  1. Which critical processes depend on the affected systems?
  2. Is there an obligation to notify the competent authorities if we are subject to GDPR, NIS2 or DORA regulations?
  3. What could be the reputational impact if the breach becomes public?

At this point, no further technical information is needed. Business context is missing.

And without that context, decision making becomes complicated: either you overreact and stop systems unnecessarily, or you underestimate the risk and give the attacker room for maneuver.

That’s why managing a security crisis well is not just about detection. It is being able to connect, almost in real time, what is happening at the technical level with its impact on the business.

When that connection exists, the organization can prioritize judiciously. And in a crisis, that’s what really limits the impact.

2. The speed is not set by the attacker, it is set by your decision-making capacity.

Continuing with the example, while the SOC team continues to investigate, the attack does not stop.

Today, with attackers using AI to be much faster and more effective, time is against them. We see it all the time: recognition of the entire internal network in minutes, persistence in hours, and theft of sensitive information before there is full visibility.

Meanwhile, within the organization, another type of complexity begins. IT, legal, communication and management teams have to be coordinated to make non-trivial decisions together:

Is a production environment isolated? Is a critical operation stopped? Are the relevant authorities notified? Are customers informed?

And therein lies the real problem: the time that elapses between detecting and deciding.

Many organizations detect the incident well, but take too long to act. And that delay is, in many cases, what amplifies the impact.

The organizations that respond best are not necessarily those that have the most technology, but those that have reduced that decision time. Because they have already defined who decides what, when and with what criteria.

3. Crisis plans that are not trained fail when they are most needed.

Here is an idea that summarizes very well what happens in these cases: “The more you sweat in training, the less you bleed in combat.”

Almost every organization has some kind of incident response plan, but every day we see that very few have tested whether it actually works under pressure.

The difference is quickly noticed when a real incident occurs. In untrained organizations, very clear situations arise:

  • Doubts about who has the authority to shut down systems.
  • Blockage in decision making due to lack of shared information.
  • Delays in notification due to doubts about legal issues.
  • Inconsistent messages to customers or employees.
  • Excessive dependence on suppliers without clear coordination.

In contrast, organizations that have previously worked through these scenarios operate very differently. For example, one way to do this is through TTX-type exercises, where a real crisis is simulated, such as a ransomware or data leak, and teams must make decisions in real time as if the incident were occurring, without executing technical actions.

This type of exercise makes it possible to detect failures that do not appear in a document: coordination problems, poorly defined roles or decisions that are blocked at the critical moment.

The most mature organizations have already gone through this process: they have tested their plans, involved management and aligned all teams, including suppliers.

That generates something that cannot be improvised on the day of a real incident: trust.


Going back to that Saturday morning, it all started with an early detection by the SOC team. That first alert was key to narrowing the scope of the incident from the outset.

But from then on, what happened next made all the difference.

If the organization was able to understand the real impact, make decisions quickly and act with coordination, that incident was probably contained. If not, that’s where it started to escalate.

Because in cybersecurity, as important as detecting is knowing how to respond. And this ability is not improvised, it is worked on beforehand.

causas de los ciberataques

5 causes that make your company more vulnerable to a cyberattack

Any company can be the victim of a cyberattack. However, there are five main causes that make companies even more vulnerable, leaving the door wide open to be attacked very easily. Do you identify any of them in your company?


According to Microsoft’s Data Security Index, 83% of organizations have suffered more than one data breach in their history. This makes it clear that cybercriminals are constantly looking for vulnerabilities in enterprise systems and launching attack attempts, usually successfully.

They just need a lucky day.

And companies, even knowing the risk they run, become easy targets because many do not invest enough in cybersecurity to protect their business assets and anticipate cybercriminals.

Many think it won’t happen to them or that it won’t be as serious and catastrophic as they usually tell… Or, worse, that, in case of an attack, they have it under control.

Until they are attacked.

It is at that precise moment that they remember cybersecurity.

In this article, we look at the top five causes that make companies easy targets for cybercriminals and how to address each of them to reduce risk.

Not keeping abreast of new cyber-attacks and their sophistication.

Technologies such as artificial intelligence have enabled attackers to design more sophisticated strategies, making threat detection more difficult. Methods such as ransomware attacks, which lock systems until a ransom is received, or Deepfakes, attacks that use AI to fake voices or videos, are becoming everyday problems for companies.

To address these threats, it is essential to have advanced systems in place to monitor and block attacks before they cause damage. Security technologies such as Microsoft’s, which analyze more than 78 trillion signals daily, enable companies to stay abreast of the latest attack trends.

Lack of awareness in the Management Committee.

A common misconception is that cybersecurity is solely the responsibility of the IT team. However, the strategic decisions made by business leaders directly influence the security posture of the enterprise.

When senior management does not prioritize cybersecurity, the investments needed to protect corporate assets are often put on the back burner.

To change this paradigm, leaders must understand that cybersecurity is a fundamental pillar of business continuity. Performing regular risk audits and actively participating in the definition of security policies are key steps to achieve a complete defense.

3. Poor employee training

A malicious email, a suspicious link or a weak password can be enough to compromise a company’s entire network. Employees, without proper training, are often the weakest link in the security chain. In fact, phishing attacks remain one of the main cyber-attacks.

That is why it is essential to invest in continuous employee training. Initiatives such as attack simulations and awareness campaigns help to create an organizational culture that is more resilient to cyber threats.

4. Not having a comprehensive cybersecurity strategy.

Many companies rely on ad hoc or disconnected solutions, leading to gaps in their protection. Without a comprehensive strategy, it is difficult to prevent, detect and respond to cyberattacks.

An effective solution involves implementing a strategy that combines advanced integrated tools and a strategic plan that includes processes, policies and continuous expert oversight.

For example, many companies choose a cybersecurity SOC for comprehensive protection, managing everything from early detection to automated incident response, combined with the support of a specialist who is up to date with all the latest developments and solutions.

Which brings us to the last point…

5. Not having the right specialists to manage cybersecurity.

Cybersecurity is not just a technology issue; it requires expertise and specialized skills. Without trained personnel, companies are at a disadvantage.

In these cases, outsourcing cybersecurity management to a specialized partner can make all the difference. Working with cybersecurity experts allows companies to benefit from proactive solutions, regular audits and constant monitoring, ensuring that they are always one step ahead of attackers.

How to reduce the chances of suffering a cyber attack

The companies most vulnerable to cyberattacks have one thing in common: they underestimate the importance of a sound cybersecurity strategy and delay taking action until it is too late.

If you are a business leader, prioritize training, strengthen your systems and seek support from cybersecurity experts to ensure your company is prepared to face increasingly dangerous cybersecurity challenges.

A cybersecurity strategy with cloud solutions, combined with advanced tools, is the only way to ensure cyber resilience.

In Softeng we have designed a service SOC / CSIRT, intelligent and proactive, combining Microsoft technology along with advanced security solutions themselves, to obtain and maximize a global defense against new threats.

Shall we talk?

Carlos Colell - CEO de Softeng

The good guy, the CEO and the bad guy in your company’s cybersecurity

Cyber resilience has become a critical business asset, dividing companies into two: those that are prepared and those that are sitting ducks (even if they don’t know it). In this article, I analyze the role of the three key players in this story, whose decisions can change the fate of (your) company forever.


In the meantime, artificial intelligence has burst into the business world, promising a revolution: task automation, machine learning, autonomous agents… Incredible, isn’t it?

But beware! AI is also in the hands of cybercriminals, who use it to launch more sophisticated attacks, especially against unsuspecting companies that believe they are well protected.

We are at a time when a single mistake, or lack of action, can open the door to irreversible disaster. That’s why prioritizing cybersecurity is no longer an option.

Who are the three key players in this story? What challenges do they face? And who will come out on top in this battle?

‘The Good’: The one who bets on cybersecurity

Whether it’s the CIO, CISO or Head of Cybersecurity – ‘The Good Guy’ has one of the most important roles in this story, and the most complex:

He knows the dangers he faces, which is why he is convinced that it is essential to invest in cybersecurity to ensure business continuity. His main task is to do everything in his power to boost cybersecurity at all levels of the organization. But he must also overcome challenges that prevent him from advancing at the pace he needs to…

Objectives:

  • Promote a culture in which cybersecurity is a priority, conveying to management the real risk of not investing in it and making employees aware of the dangers to which they are exposed on a daily basis so that they are not the weakest link.
  • Protect critical company assets, such as sensitive data, confidential customer information, intellectual property, and anything else whose compromise could lead to economic and reputational disaster.

Challenges:

  • Insufficient budgets that do not allow you to invest in the best security technologies and services you need to deal with the most complex cyber-attacks.
  • Shortage of specialized talent capable of monitoring, preventing, responding to and mitigating incidents before it is too late.
  • Stay abreast of the constant innovation and new cyber-attacks that have emerged since the rise of AI, increasingly imperceptible to users, and devastating to the enterprise.

Therefore, to meet these challenges and keep the business protected, ‘El Bueno’ is clear that he cannot do it alone.

The CEO: The one who must look after the company’s reputation.

This is where the CEO, the big decision-maker, comes into play. His or her leadership will make the difference between a company that moves forward and one that lags behind.

No one questions the need to invest in security cameras, access control or anti-theft locks in offices. So why not apply the same logic to digital security? Ambitious CEOs are clear: ignoring cybersecurity is a luxury no company can afford.

But it is not an easy task either…

Objectives:

  • Ensure business continuity and digital trust of stakeholders, because an incident that totally or partially paralyzes your activities could put at risk both your employees and the trust of customers, suppliers and other partners.
  • Ensure that the company complies with cybersecurity and data protection regulations, making sure that there is a clear strategy and the right people responsible for compliance. In fact, with the NIS2 directive, your role is also key, as you are legally responsible for any incidents that occur.

Challenges:

  • Allocate the necessary budget to invest in cybersecurity while maintaining a balance with other strategic objectives of the company.
  • Having an ally, a cybersecurity specialist who works side by side with the CIO in the tasks of monitoring, prevention, mitigation and incident response, giving them the peace of mind they need to take care of other important issues.

‘The Bad Guy’: The cybercriminal driven by greed

Cybercriminals are not just hackers in hoodies and sweatshirts. They are resourceful, organized groups motivated by one thing only: money. Driven by greed and pure malice, they aim to steal a company’s most valuable assets, such as personal data and confidential information, as well as shut down the business, and then extort large sums of money, jeopardizing the continuity of the company and the privacy of its employees and customers.

And in this story, the ‘bad guy’ has a big advantage: while the CIO and CEO must be constantly prepared, he just needs a lucky day. And by taking advantage of advances in technology to create ever more sophisticated and almost imperceptible cyberattacks, it is becoming much easier for them.

We are no longer talking about simple phishing to steal credentials, but about attacks because, in addition to causing great economic losses, they can also cause irreparable damage such as the loss of customer confidence and the company’s reputation.

 

As in all stories, it’s up to ‘the good guys’ to keep the bad guys from getting their way.

Are you ready to play your part in this story?

funciones de un SOC

The functions of a SOC you should prioritize to protect your business

Companies that understand cybersecurity as a business priority are convinced that a modern Security Operations Center (SOC) is no longer optional: it is an essential pillar to protect critical assets and ensure operational continuity.

However, not all SOCs are the same. To meet today’s demands, a SOC must be more than a security monitoring center: it must be an intelligent, proactive and agile entity.

When choosing an SOC, are you taking into account all the key features it should have to protect your business?

The 5 functions of a SOC that you should prioritize

Global threat prevention and detection

In cybersecurity, prevention will always be more efficient than reaction. A SOC must go beyond traditional solutions and combine advanced tools with expert knowledge to detect and block unknown threats at their source.

A good example is the ability to correlate seemingly isolated events to identify attack patterns and stop them before they can cause damage. In this context, reducing the attack surface, through secure configurations and robust policies, is as crucial as having state-of-the-art detection technologies.

2. Continuous risk assessment

Companies are living organisms, and what works today may not be sufficient tomorrow. A modern SOC must be constantly assessing risks, identifying vulnerabilities in real time and prioritizing their remediation according to potential impact.

This approach not only protects today’s systems, but allows organizations to stay one step ahead in an ever-evolving cyberattack environment.

3. Intelligence and active search for threats

Proactivity is a hallmark of a modern SOC. It is no longer enough to wait for alerts to be triggered. Technologies such as advanced analytics, artificial intelligence and machine learning make it possible to anticipate threats by actively searching for indicators of compromise.

In addition, user and entity behavioral analysis (UEBA) provides a level of accuracy that facilitates the detection of suspicious activity before it escalates. This, combined with threat intelligence, significantly improves responsiveness.

4. Surveillance beyond the company’s borders

Many of the threats affecting organizations today do not originate in their internal infrastructures. Phishing, sale of sensitive data on the Dark Web, fraudulent applications or credentials exposed on the Internet are just a few examples.

An advanced SOC should not only be aware of what is happening inside the company, but also of what is happening outside the company, identifying external risks that could indirectly impact employees, customers or partners.

5. Agile and effective response to incidents

The speed with which an organization responds to a security incident can be the difference between containing a minor problem or facing a major crisis. That’s why a modern SOC must have clear and efficient processes in place to handle any eventuality.

Automating responses through tools such as SOAR allows you to act with precision and significantly reduce mitigation time.

However, when automation is not enough, a well-trained team must take the reins to manage security incidents quickly and effectively.

That’s why…

Rapid incident response, the function that all companies are looking for

For business leaders, threat prevention is essential, but what really makes the difference is the ability to effectively respond to and manage incidents when they occur.

In Softeng, our cybersecurity service Max Global Defense covers both needs.

By integrating the capabilities of a modern SOC, focused on prevention and continuous detection, with the expertise of a CSIRT team, specialized in incident management and mitigation, we offer companies a complete defense that minimizes risks and reduces the impact of potential incidents.

Looking for a full-featured SOC to protect your business? Let’s talk about it.

Álex Imbernon, Cybersecurity Lead de Softeng.

What all CIOs seek, but few achieve

Last month I had the pleasure of participating as a speaker at several events related to cybersecurity. Between speeches, coffees and brief talks with CIOs and CISOs, we agreed that everyone is looking to ensure business continuity, but few succeed because they are missing an essential piece. I’ll tell you what it is in this article.


Those of us who work in this field never tire of repeating it: in many organizations, cybersecurity is still underestimated, and is only given attention when they have already suffered a cyberattack that threatens business continuity.

The problem is that, by then, it is often too late.

Therefore, it is essential to understand that cybersecurity is not an extra of the business, but a fundamental part of it, as are administration, sales, human resources, and the rest of the business areas.

No one questions their value or investment in these areas, right?

This is the only way we can protect all our business assets so that in the event of a security incident, our company will continue to operate. This is the fundamental basis of cyber resilience: having the ability to withstand and recover from a security breach. But how do we achieve this capability?

Many companies think that having backup and disaster recovery solutions is enough.

But the reality is quite the opposite. These solutions will allow us to recover, but they will not provide us with the capacity to withstand the impact of security breaches. This is not to say that these solutions are not necessary, but they are just pieces, like other solutions, that are useless if they are not accompanied by the fundamental piece of the puzzle: a modern SOC/CSIRT.

Let’s imagine it this way.

A family decides to install the best video surveillance cameras (security solutions) in their home, but they never keep an eye on them. Believing that these security measures are enough, they don’t pay much attention to lock the doors and windows properly (vulnerabilities and weak points) every time they go out. What do you think will happen? They will surely end up suffering a burglary (security breach). And yes, they will have the recording of the security cameras, but what was stolen is unrecoverable.

And the bad moment will never be forgotten.

Isn’t there something missing in this equation? Yes, we are missing someone to continuously monitor the security cameras and, most importantly, to respond quickly and effectively if “intruders” break in. This is precisely the essential role of a SOC/CSIRT, a team of security specialists who, on the one hand, keep a constant watch and respond in the event of a breach and, on the other hand, identify vulnerabilities and weak points to reduce the chances of attack. In short, only those companies that understand the importance of cybersecurity as a fundamental part of the business will obtain a complete defense that guarantees cyber resilience. So, are you willing to take the risk of not having the essential piece in the complex puzzle of cybersecurity? I hope you found this article interesting and… don’t run the risk of missing the next one!

How to comply with the new EU cybersecurity strategy: NIS2

The NIS2 directive is the European Union’s guide for companies and member states to safely navigate the digital world, facing increasingly dangerous and sophisticated cyber threats due to the use of artificial intelligence. Find out how you can meet it quickly and efficiently in this on-demand event on NIS2 in Spanish.


Digitalization has blurred borders and distances, making it possible for a local cyberattack to endanger the whole of Europe. As a result, cybersecurity awareness has reached the European Union, which has developed its own strategy to address it: the NIS2 directive. To this end, the EU has introduced new cybersecurity legislation called the Network and Information Security Directive 2 (NIS 2), which represents a significant improvement on the existing NIS directive. This law obliges EU member states to require companies to adopt and rigorously comply with stricter cybersecurity standards or, failing that, to impose appropriate sanctions, and may ultimately lead to partially or totally suspending the activity of a company or removing managers from their responsible functions.

More stringent measures affecting most companies, and penalties for noncompliance

Within this framework, and as of October 2024, this law will require most companies to have a series of robust risk management policies, protection measures and efficient responses to incidents, which will be mandatory. All this, in order to protect digital assets and operational continuity.

  • How do the new changes and responsibilities affect you?
  • What new measures does NIS2 require?
  • How to adopt NIS2 quickly and efficiently? What sanctions are foreseen in case of non-compliance?

Event on demand in Spanish | Our experts provide answers to the most important questions about NIS2, and explain how you can quickly and efficiently adopt the minimum requirements of the new law.

Artículo - evolución ciberamenazas

How major cyberattacks will evolve in 2024

We are in a world where every click can be a trap, and every email a gateway to a new attack. We have already discussed the most common cyber-attacks and how they can affect business assets. In this article we will go a step further to analyze how these AI-powered cyberattacks have evolved in 2024 and how you can deal with them.

1. Increasingly sophisticated social engineering attacks

In 2024, social engineering attacks will continue to take center stage. However, they will be harder to detect and more personalized than ever, with phishing and deepfakes leading the way. Cybercriminals are already implementing new techniques to achieve their goals. One of them is callback phishing, also known as callback phishing. In this new type of attack, cybercriminals send an email to victims simulating expensive subscriptions, in which they include a telephone number. The victims, upon seeing the high amount, call the phone number in the email in order to cancel the subscription. It is in that call that they will try to steal your data. Now then… How to avoid this and other types of social engineering attacks? With awareness and a robust Zero Trust security strategy. An example of this is Via Celere, which with the accompaniment of Softeng has achieved an advanced level of security, managing daily and centralized through Softeng Max Platform alerts Microsoft 365 and Azure. Here we tell you more about Vía Célere’s success story.

Ransomware and malware on new attack surfaces.

Malware will also continue to rise, exploiting new attack surfaces and new vulnerabilities. And yes, they will also be increasingly difficult to detect. New techniques such as dual ransomware or triple extortion attacks are already multiplying attacks and generating further financial, compliance and reputational consequences. The only way to avoid them is to have modern security solutions based on suspicious behavior detection, together with a policy of vulnerability analysis and management.

3. More potential entries for OT and IoT infrastructure attacks

With respect to OT, special attention will have to be given to critical infrastructures, public administrations and essential services, although private companies will also be targeted. As for IoT, more and more devices will appear that communicate with each other and access the Internet, creating more potential “gateways” for cyber attackers to exploit.

4. Identity theft and privilege escalation will continue to increase.

We are seeing more and more cases of using data such as names, Social Security numbers and bank details without consent. In 2024, these types of cyberattacks will continue to increase to produce lateral movements and compromise the maximum number of business assets. The reasons? Technological progress, characterized by greater interconnection and dependence on digital systems, which opens new doors for cybercriminals to exploit vulnerabilities.

5. Unsafe application design is gaining ground

This will be another susceptible attack surface and cybercriminals will focus on risks related to design flaws. On the one hand, we will need to obtain details of the assets published on the Internet for the detection of vulnerabilities. And, on the other hand, to establish with developers secure design principles and reference architectures based on reference frameworks.

Attacks are advancing, technology is advancing

In 2024 we will continue to battle cyber threats that are increasingly difficult to detect, and information and preparedness are our best weapons. As a leader in cybersecurity, it is our responsibility to always be one step ahead to help companies avoid attacks that can have serious consequences. Alex Imbernón, Cybersecurity Manager of Softeng, shares answers on this topic in his article: 3 key questions on cybersecurity that every CEO should know how to answer.

Álex Imbernon, Cybersecurity Lead de Softeng.

How do I know if my company is cyber-resilient?

Your company is cyber resilient if it is able to anticipate threats, mitigate their potential impact and respond quickly so that business can continue as usual despite a security breach.


The term resilience has become very popular in the cybersecurity field. In short, a resilient environment is one that has the ability to overcome a security incident and maintain business continuity.

But how can you identify if your company is cyber-resilient?

The formula for knowing this is simple: if your company were to fall victim to a cyber-attack, such as ransomware, and you believe it would not be able to continue operating, then your company is not cyber-resilient.

Here I share with you some essential factors to create a resilient environment:

  • Promote a culture of cybersecurity, raising awareness among both management and employees.
  • To have modern security solutions that allow 24×7 monitoring of security incidents and to respond to them quickly and effectively.
  • Establish an incident response plan and improve it based on lessons learned over time.
  • Define, validate and periodically test a business continuity plan.
  • Establish a risk and vulnerability management plan.

In short, it is important to design a comprehensive cybersecurity strategy aligned with business objectives to protect all digital assets wherever they are.

The power of collaboration to increase cyber resilience

The main cyber threats in 2024 will be increasingly effective. Therefore, the collaboration between companies and a partner specialized in cybersecurity is essential to have the necessary expertise and mastery of technology that allows simplifying all the complexity of cybersecurity to manage it efficiently.

Undoubtedly, this is a more than interesting topic for those business leaders with digital ambition. If you want to learn more, I invite you to visit Max Global Defense to find out how we can help you.

Download this comparison to learn the differences between a traditional SOC and a modern SOC.

The Keops pyramid of cybersecurity: Know the 5 levels to protect your business

The Keops pyramid of cybersecurity represents the 5 levels that every company must apply in ascending order to ensure the protection of its business assets and a complete defense on exposed surfaces susceptible to attack. Want to know how you can build your own? So let’s get to work.


In the middle of the Egyptian desert, a construction of more than 146 meters high and 5.7 billion tons stands out: The Pyramid of Giza, also known as the Pyramid of Cheops. Its perfect structure makes it seem indestructible. Therefore, it is used as a reference in cybersecurity to represent how companies should organize and build their threat protection levels.

In this article, we will detail what each of the levels of the Keops pyramid in cybersecurity consists of, which has measures from the most basic to advanced approaches that will allow you to have an extremely robust protection.

Level 1: Basic Cybersecurity Solutions

Like any construction, the Keops pyramid of cybersecurity must start at the base. This first level of the pyramid is the one that will later support the rest of the structure and, therefore, it should be given the same importance as the rest, no matter how basic it may seem.

To begin with, it is essential to have minimum protection measures in place, such as firewalls, EDR antivirus, back-ups, multi-factor protection (2FA) and hardware encryption, among other measures. In this way, you can be directly protected against attempted attacks on your company’s network.

However, none of these protective measures would be of any use if you do not train your users on the types of threats they may receive and the risks associated with them. Therefore, another fundamental point at this level is the awareness of users so that they can recognize attacks and avoid falling prey to them with just one click.

Level 2: Attack vector protection and data classification

Once we have a solid foundation, we can move on to the second level of the KEOPS cybersecurity pyramid. Here we will focus on solutions aimed at protecting various attack vectors such as mail, password vulnerabilities and remote access to applications and data.

It also focuses on classifying data to become aware of its location, content and permissions to move on from there to more advanced levels of cybersecurity.

Some of the measures to be implemented at this level are password managers, web security, data and permissions auditing, software patch and digital certificate management, mail protection and zero trust access.

Level 3: Data and identity protection

The third level incorporates more sophisticated and specific solutions to protect user data and identity. Here, technologies are applied to prevent information leakage, exfiltration, control of data once it has left the company, advanced identity management and enterprise security both on-premises and in the cloud.

In recent years, as hybrid work has taken center stage in most enterprises, maintaining control from anywhere over your users and devices has become a major challenge.

If you are already at this level of protection and want to learn more about it, we recommend this demo on how to simplify identity governance and business asset protection with Microsoft Entra.

Level 4: Active robustness check of the system

The fourth level introduces a dynamic and constantly evolving perspective, in which cybersecurity adapts to the changing conditions of the environment. This involves the adoption of risk analysis solutions, vulnerability scanning and intrusion drills to effectively and continuously assess the security of a company.

At this level, the solutions adopted must be regularly updated to ensure that they remain effective in protecting a company against cyber threats.

Level 5: Active monitoring and SOC

The fifth and final level of the Cheops pyramid represents the most advanced approach to cybersecurity, focusing on resilience and proactivity. Here we work on the identification and neutralization of threats before they have a significant impact on the company, the implementation of incident response policies, as well as quick and efficient recovery in the event of an attack.

Companies that reach this level of security are already enabled to implement a modern SOC, through which they will be able to monitor and protect their company 24×7 against all the cyber threats to which they are exposed.

Start building your own Keops pyramid of cybersecurity

Building the Keops pyramid of cybersecurity does not require 30,000 people or 20 years of work as the original version did. However, not all solutions are suitable for all companies, and their analysis and implementation must be carried out by cybersecurity experts who have a good understanding of the complexities involved and have mastered the technology.

Let’s move forward together to start building your own protection pyramid. This is one of our experts.

Microsoft Ignite 2023: Discover what’s new in cybersecurity with generative AI at the forefront

The annual Microsoft Ignite 2023 event has once again left the technology community intrigued and excited by the more than 100 innovations presented in the Microsoft cloud; news related to Microsoft Copilot, Data and AI, infrastructure and, of course, cybersecurity.

Our experts in cybersecurity Softeng have followed the event in detail to identify the most important developments and unpack their keys to know how to maximize their potential, with the aim of improving and strengthening cybersecurity in enterprises.

1. Microsoft Defender XDR: New unified user experience with Sentinel, Threat Intelligence and Defender for Cloud Console (SIEM+XDR) capabilities.

Microsoft Defender Extended Detection and Response (XDR), is a security solution that provides integrated and automated protection across an organization’s entire IT infrastructure.

For the first time, Microsoft Defender XDR capabilities integrates all cybersecurity services on a single platform: Threat Intelligence, Microsoft 365 Defender, Microsoft Sentinel and Microsoft Defender for Cloud.

This allows access to all security operations tools in a single interface, making them easier to use and improving efficiency. In addition, with this integration we can take full advantage of automation and artificial intelligence technologies to improve cybersecurity.

From our SOC team, we are investigating the new capabilities offered by Microsoft Defender XDR to incorporate the new unified user experience to our modern CyberSOC service for security incident management and response(Softeng-CSIRT).

Defender XDR - Microsoft Ignite 2023 Cybersecurity News

Microsoft Security Copilot has added Entra, Defender for Cloud and Purview to extend the use cases to identity, infrastructure and data protection.

Microsoft has also shared news on new AI capabilities in cybersecurity, particularly in incident investigation and response.

Microsoft Security Copilot is a generative AI-powered security product that helps cybersecurity teams increase their productivity. Therefore, with the addition of Entra, Defender for Cloud and Purview, Microsoft Security Copilot can extend its use cases to include identity, infrastructure and data protection.

For example, you can help determine why a login requires two-factor authentication, or summarize risks and define remediation steps for users, groups, logins or permissions.

Copilot in Microsoft Entra - News Microsoft Ignite 2023

3. Microsoft Defender CSPM: Proactive attack path analysis

Finally, Microsoft Defender for Cloud has enhanced the attack analysis engine with recommendations based on more complex risks, such as inter-cloud attack paths.

In addition, the new code-to-cloud mapping will also allow cybersecurity teams to reduce time and optimize effort to address critical security flaws directly in the code itself.

This way, our modern SOC team will have more visibility into attack exposure from Azure, AWS or GCP clouds.

Microsoft Defender CSPM (Attack Path Analysis) - News Microsoft Ignite 2023

4. Automatic Conditional Access Policies in Microsoft Entra: Optimizing Identity Protection

In order to better control how users access corporate resources, Microsoft has announced the automatic deployment of Microsoft Entra universal conditional access policies.

This new functionality uses real-time signals and machine learning to determine when to allow, block or limit access to application and sensitive data, ensuring that only healthy and trusted devices can access corporate resources. This maximizes safety without compromising productivity.

Automatic Conditional Access - Ignite 2023 News

5. Microsoft Enters Private Access: Multifactor authentication is added for all local applications.

In addition to automatic conditional access controls, Microsoft Entra Private Access adds multi-factor authentication for on-premise computing resources, i.e. those that are physically located on an organization’s premises, increasing the security of applications and data.

In Softeng, our team of cybersecurity experts is already working on a digital event in which we will show the capabilities of Microsoft Entra, and, among them, Microsoft Entra Private Access. We will announce it soon on our LinkedIn account! Follow us at >

MFA on premise - News Microsoft Ignite 2023

6. Microsoft Entra ID: Compatibility of passkeys with Microsoft Authenticator

By early 2024, Microsoft has promised that Entra ID users will be able to sign in with passkeys managed by the Microsoft Authenticator app.

The interesting thing about this new feature is that it will reinforce the two-factor methods, a mechanism that is resistant to phishing, leaks and allows us to log in more securely.

Passkeys in Authenticator - News Microsoft Ignite 2023


Related article: How can the 6 most common cyberattacks affect business assets?


7. AI Hub on Microsoft Purview: Sensitive Data Leak Detection in Generative AI SaaS Applications

Microsoft has announced the release of a trial version of its AI Hub on Microsoft Purview, an integrated solution that enables organizations to govern, secure and manage the use of generative AI applications across the enterprise.

With this solution, organizations can gain a complete view of the use of generative artificial intelligence applications, such as ChatGPT, Bard and others, and the associated data security and compliance risks.

The IA Hub solution in Microsoft Purview is an invaluable tool for organizations looking to better protect their sensitive data and comply with privacy and security regulations.

8. Microsoft Purview DLP: Preventing and blocking sensitive data leakage in generative AI SaaS applications.

Data Loss Prevention (DPL) in Microsoft Purview allows organizations to create policies to prevent their users from pasting sensitive information on specific websites, personal email, applications and social networks, among others.

Microsoft has announced this new functionality that extends the capabilities of Microsoft Purview DLP to block sensitive data leakage in non-corporate generative AI applications.

Purview DLP - News Microsoft Ignite 2023

From Softeng, we move forward with confidence to embrace digital innovation

In Softeng we are one of Top Partner Cloud Microsoft most qualified in Europe, allowing us to accompany our customers by maximizing the power of the Microsoft cloud to drive digital innovation with security and intelligence.

The new developments announced at Microsoft Ignite 2023 motivate us to continue to embrace and simplify innovation, in order to accompany ambitious companies to move faster in their digitization in a secure way.

If you want your company to be well protected in order to move forward without fear, we invite you to learn more about what we can do together.