Always on for you
Round-the-clock cyber operations team. We will provide you with a dedicated team of analysts with cyber security expertise.
Highly qualified and certified technical team at the ready 24/7.
Local support
Direct contact with Local Analyst with tailored-made deliverables based on your needs. Covering extensive risk coverage, analysts specialized in digital risks cover technological or known risks, operational and competitive risks as well as emerging or unknown risks.
Global agreements & alliances
Celcom is partnering with Telefónica Tech who is member of several alliances like the Cyber Threat Alliance (CTA) or the Anti-Phishing Working Group (APWG).
Tailored-made solution for you
Our solutions are designed to support your business needs and deliverables.
1. What is Digital Risk Protection?
Digital Risk Protection (DRP) is a holistic approach to monitoring and identifying threats against your digital assets. It is the act of using technology, tools, and expertise to monitor data sources for threats to your or your organisation’s digital footprint.
We aim to help you understand your digital risks, providing you with a strategic advantage and situational awareness for better identification and anticipation against threats targeting your digital assets.
Because not every situation is one that can be protected or monitored against, DRP comprises multiple strategies and tools. DRP experts first need to understand:
DRP is about developing a strategy to protect what is most important to you. It is also about how that threat is handled in the event that it requires remediation or litigation.
2. Why do you need Digital Risk Protection?
Increased interconnection comes with countless benefits. It also comes with an increased risk of your online presence being used against you and your organisation.
As our lives become digitised, more professionals recognise the risks caused by online threats. Demand for DRP services has grown with the need for better visibility and help with remediation against threats targeting enterprises’ digital assets.
Digital Risk Protection is one of the fastest-growing trends relating to cyber security. It will become more pervasive as more of our activities are tied to the Internet. Such digitisation of our lives opens new doors for threats, attacks, and risk.
In many ways, DRP is no different than a car alarm, home security system, or identify theft technology. It protects what is most important to you.
3. Getting started with Digital Risk Protection and finding a DRP service that is right for you
Starting out with a DRP service can be very straightforward, depending on your situation and immediate (and long-term) goals. Involving DRP experts maximises both the efficiency of the process and the potential for protection.
The Internet is a large place, and Digital Risk Protection services vary widely. When choosing the right DRP solution for you, your first priority should be ensuring that it will protect what you are trying to protect. Next, focus on learning what happens after a threat is identified.
Digital Risk Protection is about more than having world-class technology with which to monitor threats. It requires a sound strategy that focuses on key data sources that can be filtered and scanned. Ultimately, the best way to find out whether DRP is right for you is to schedule a demonstration and to speak to Celcom DRP specialist.
Your digital profile is monitored and protected based on 3 pillars: Technology, People and Processes.
4. What digital risks can be prevented?
We aim to monitor your digital assets and brand against any external threat that may harm your organisation. With DRP, you can be sure the following is being monitored closely:
5. What are the modules available in Digital Risk Protection?
Depending on your organisation’s requirements and needs, we offer a range of modular threat intelligence capabilities as below:
6. What are the main use cases for Digital Risk Protection?
Identifying which DRP use cases to focus on depends on industry and size, and prioritisation can be complicated due to many threats overlapping one another. The most common use cases are as follow:
7. What is the difference between Digital Risk Protection and Vulnerability Risk Management?
DRP and VRM have different targets. As we know, DRP monitors and protects your company´s brand, reputation and, more in general, your company’s digital footprint against targeted threats addressed to your organisation.
In a complementary way, VRM helps to deal with risks associated with the high number of vulnerabilities that overloads security teams nowadays. Thanks to a persistent monitoring approach, customers benefit from continuous visibility and a higher rate of vulnerability identification and remediation. Early detection and support in the prioritisation of high-risk vulnerabilities are capabilities that will save time and costs for you.
An aspect that both DRP and VRM share is that Celcom’s analysts are always supporting the service and making sure the results delivered to the customer provide relevant insights. Unlike other solutions in the market consisting of a platform, both VRM and DRP have the added value of our analysts.
8. How can DRP improve your cyber security posture?
Digital Risk Protection service defends your business, brand and reputation against the risks arising from digital transformation. It features a holistic approach that covers the open web as well as the deep and dark web, providing actionable threat intelligence to reduce successful attacks by reducing the attack surface and helping to detect potential security breaches and accelerate recovery.
9. What is the difference between Celcom’s DRP service and other solutions in the market?
Unlike many solutions in the market that are platforms, Celcom’s offering is a service. This means you can implement the solution and let it run and manage itself. Celcom’s top-level operations, together with Telefónica Tech's security team, will provide you with threat intelligence relevant to your business, eliminating false positives.
1. What is Celcom Vulnerability Risk Management (VRM)?
Celcom VRM is a service that helps your organisation deal with risks associated with the high number of vulnerabilities that overload the security team. It keeps your organisation ahead of cyber attacks improving their cyber security and resilience capabilities. Celcom VRM is combined with auto and manual vulnerability risk assessment of your organisation’s IT Assets to prepare your organisation’s cyber security defenses, address the cyber security compliance requirements and to be ahead of the continuous evolution of the attacks.
2. What are the key product features of Celcom Vulnerability Risk Management (VRM) services?
Celcom VRM goes beyond just scanning and fixing, as it can automate the discovery of assets across the internet cloud, deep and dark web, virtual and application development environments, as well as automate the prioritisation and remediation of these vulnerabilities as much as possible, through the following 4 steps.
3. What is Penetration Testing?
Penetration testing or pen-testing is an approach for your organisation to emulate attacks and identify uncovered security loopholes. It aims to identify IT asset vulnerabilities and risks which may impact the confidentiality, integrity and availability of the data.
4. Why perform Penetration Testing?
A pen test is an ethical attack performed by internal or external resources to find security loopholes and fix them before attackers do. Most organisations appoint an external expert to perform regular pen-testing as a good security practice to ensure cyber controls are working properly.
Regular pen-testing can help your organisation:
5. Do I need to install the VRM or Pen-Testing software in my office network?
It all depends on where the IT assets are situated. For IT Assets located in an Intranet, a persistent VRM Agent is required on customer premises. IT Assets located in a DMZ or on the Internet do not require a persistent VRM Agent.
6. What are the benefits of Vulnerability Risk Management or Pen-Testing?
Vulnerability Risk Management provides the following benefits:
7. Does Celcom VRM provide fixes for the found vulnerabilities?
VRM services define the remediation plan of the vulnerabilities to mitigate the threats. Customers need to take action to fix the vulnerabilities. Customers may contact Celcom to discuss solutions needed to fix the vulnerabilities.
8. Do customers need to subscribe to all VRM modules?
Customers can choose to start any service such as Persistent VRM for Vulnerability Alerts, or Vulnerability Analysis, or Web Application Scanning, or Manual Pen-Testing.
9. What are the pen-testing methods offered by Celcom VRM?
Celcom VRM offer both automated and Manual Pen-Test. Both manual and automated or persistent vulnerability scans are useful tools for managing vulnerabilities and complementary to each other, and both should be performed.
Persistent Vulnerability Risk Management provides a holistic solution that integrates different products and security tools, standing out against traditional security services by offering end-to-end vulnerability management through an Online Portal that allows monitoring of a vulnerability from detection until resolution.
Persistent Pen-testing automatically and continuously (24/7) implement the phases that attackers use to compromise the security of a company’s information systems together with a qualified security team that validates the results obtained by the platform, the vulnerabilities detected and the recommendations given.
The Manual Pen-testing services provide clear and concise guidance on how to protect the End Customer’s information systems and information against real-world attacks. A key factor in the success of Pen-testing is the methodology based on the behaviour of real attackers with a systematic and scientific approach to successfully document a test and create reports on different levels of an organisation’s management. The approach of this Manual Pen-testing module is based on the implementation of techniques and phases to simulate actions and methodologies used by real attackers.
10. Is Pen-testing disruptive to our environment?
Pen-testing should be planned properly and comprehensively between the service provider and customers to identify potential risks for disruption and adjust the approach accordingly. The pen-testing planning should be scheduled in advance in order to ensure adequate time for communication with relevant stakeholders and monitoring throughout the pen-testing schedule.
11. How often should pen tests be conducted?
Pen-testing varies depending on environment size and applications. In most cases, the company performs pen tests quarterly or annually, depending on the budget and how often changes in the infrastructure are made. Celcom VRM offers both manual or automated scheduled vulnerability risk management. Depending on the customer’s schedule, Celcom VRM can be performed as frequently as daily or weekly.
12. Should the customers conduct their own pen-testing?
It depends on your organisations structure and resources. If you are thinking of performing your own in-house pen-testing, you should consider following criteria:
13. How much time is needed for VRM testing?
VRM is an automated vulnerability test. Once the service is set up, the vulnerability assessment will be planned and scheduled as agreed with the customer. It will take approximately 3 weeks for initial configuration and provisioning of VRM. The customer can expect a visualisation of the results from the firsts scans in the portal.
14. Should your organisation fix all the vulnerabilities that are reported?
Celcom VRM will prioritise the threats for the organisation to take immediate action for the fixes based on the risks. Together with the vulnerability detected, Celcom will provide recommendations on remediation. However, the customer is responsible for deciding what actions to take in order to solve it. Celcom VRM will continue monitoring the vulnerabilities until it is fixed.
15. What is the difference between Celcom’s VRM service and other solutions in the market?
Unlike many solutions in the market that are platforms, Celcom’s offering is a service. This means you can implement the solution and let it run and manage itself. Celcom’s top-level operations will analyse the results from the tests and present to the customer only what really is a vulnerability, eliminating false positives.
16. How is the service provided to the customer?
The Service Portal is an integral part of our value proposition, being a communication interface between the Customer and the Service itself. All discovered assets and vulnerabilities detected (occurrences) by the automatic analysis tools in the security tests are registered in the Service Portal for their homogeneous management and subsequent follow-up.