Cybersecurity must be a strategic axis for any organization.

David Julián, CEO of Alpine Security, speaks in the following interview about the importance of adopting a proactive role in cybersecurity threat management. Julián also highlights the relevance of early detection of suspicious activities for preventing incidents from escalating into crises.

Alpine Security provides proactive cybersecurity services. How is our work proactive?

The traditional approach of organizations is to be reactive to the alerts generated by security systems. In our case, we do not wait for any element of the environment (SIEM, EDR, IDS, IPS, etc.) to generate an alert indicating that something bad is happening.

‍
What we do is search for indications of suspicious activities within the telemetry of the client's environments before they trigger an alert or go unnoticed by existing systems.

‍
From there, we conduct an investigation to confirm such activity and determine its criticality. We assume that the client's environments can always be compromised and look for clues that allow us to detect this hypothetical compromise.
‍

Who are our services targeted towards? Large companies, SMEs, micro-businesses...

Our services are primarily aimed at companies that have a certain level of maturity in managing their security or seek a specialized service for advanced threat detection. This environment is naturally found in large or medium-sized companies.
‍

Often, security crises begin with small indications, is that so? What is the ideal time to hire a service like ours?

Many times we are asked if security incidents are detected. We always say yes, they are always detected. However, sometimes it is too late, and the damage within the company is of such dimensions that managing it is not a simple incident but a crisis.

‍
Our approach focuses on detecting these suspicious activities in their early stages to prevent these incidents from reaching crisis magnitude.

‍
Our services are very flexible and include support for improving the maturity of an organization's detection and response capabilities, security audits, advanced attack simulation exercises, as well as advanced detection services. For these services, what we need is the right environment to extract the necessary data. Thanks to this telemetry (usually from the EDR), we can detect these suspicious activities.

Some companies make significant investments in sophisticated threat protection products. Is this sufficient to guarantee a proper cybersecurity policy?

A good racing car does not win races if you do not have a good driver. The same goes for security tools. If they are not applied sensibly or exploited by a specialized team, you do not get the full value of the investment made.

Often, there is a reliance on tools to generate alerts, but this is a reactive approach. The true value of tools lies in their configuration and in exploiting all the data/telemetry collected from environments.

In Alpine, we argue that we do not focus on preventing incidents but on preventing them from escalating into crises. Does this require prior diagnostic work?

Depending on the maturity level of the client. Some have a certain level of maturity, and in these cases, the value we bring is an added specialized service.

In other cases, they require support in improving their maturity. We need to have certain minimum visibility capabilities in the environment. Incidents always happen; our goal is to detect them in their earliest stages. Using the analogy of fires, our goal is to detect fires when there is smoke, not when there are flames.

Network traffic, operating systems, applications... where do security threats primarily manifest?

There is no single place to detect threats; ultimately, it is a set of data where our effort focuses on detecting deviations or anomalies in that data. Nevertheless, within the current threat landscape, one of the points where the first signs of compromise can be detected is in end-user devices and/or servers.

From your experience, which sector or sectors are particularly threatened?

Nowadays, there is no single sector affected or standing out above others. Campaigns are global, and while some may be more contextualized than others, malicious actors target everything. The satisfactory outcome of such campaigns tends to be more media-worthy when affected companies suffer theft of personal information, customer databases, accounting, or other data that are publicly exposed.

When we talk about targeted attacks, this depends on the goals pursued by the attacker, which usually involve stealing information or disrupting services.

Is it an exaggeration to say that cybersecurity is a strategic axis for the future of companies?

La ciberseguridad debe ser un eje estratégico para el futuro y el presente de las organizaciones. Cualquier organización que no se tome en serio los riesgos cibernéticos y no gestione sus capacidades para detectar y responder a los incidentes está jugando a un juego de azar en el que cualquier día puede enfrentarse a una crisis que suponga unas pérdidas (económicas o reputacionales) que podrían derivar incluso en su cierre.

¿Qué es lo que diferencia a Alpine de otras empresas del sector?

Cybersecurity must be a strategic axis for both the present and future of organizations.

Any organization that does not take cyber risks seriously and does not manage its capabilities to detect and respond to incidents is playing a game of chance where any day they could face a crisis resulting in losses (economic or reputational) that could even lead to closure.

What sets Alpine apart from other companies in the sector?

We are a specialized company. Our core is Threat Hunting services: a proactive approach to threat detection. We are a highly specialized team of professionals with thousands of hours of experience in offensive services or incident response.

To determine if something is potentially malicious, you have to be familiar with the modus operandi of malicious actors, what tools, techniques, or strategies they use to compromise organizations. We invest many hours in training and staying updated with the latest tactics and techniques used by actors to compare them with our detection capabilities in our labs.