Ayesa strengthens cybersecurity at Elecnor with the latest EDR and Zero Trust technology

The company has implemented solutions by Crowdstrike and Netskope to protect the company’s networks from the most advanced threats.

Ayesa, a global provider of technology and engineering services, has added a new layer of cybersecurity at Elecnor to keep it safe from the very latest advanced threats. To do this, it has used EDR (Endpoint Detection and Response) solutions from Crowdstrike as well as ZTNA (Zero Trust Network Access) technology from Netskope.

Techniques used by cybercriminals are becoming more and more targeted and sophisticated, and it is no longer enough to simply protect connected devices and the network perimeter. EDR solutions have taken traditional antivirus programs one step further through constant endpoint and network monitoring and analysis in order to identify, detect and prevent advanced persistent threats (APTs) more easily.

The solution designed by Ayesa for Elecnor is able to detect unknown malware more effectively than an antivirus. It does this by using techniques such as machine learning and advanced analytics, warnings generated by external systems, classifying incidents to allow the most urgent issues to be dealt with first, and tracking the origin of malware and monitoring changes to it in order to prevent future attacks. It also makes use of remediation tools to delete infected files, quarantine them and return compromised systems to their previous state.

Álvaro Fraile, Head of Cybersecurity at Ayesa, explains more about the new EDR solution: ‘the focus is on advanced threats designed to get through the first line of defence and penetrate the network. As such, it allows us to stop attackers in their tracks before they can move laterally’. He adds: ‘ultimately, we’ve ensured the company is protected on all fronts, whether from a traditional threat, a vulnerable app or an unknown danger’.

The new solution also monitors and evaluates all network activity (user events, files, processes, registries, memory, etc.), detects attacks in real time, and allows immediate action to be taken where necessary. ‘Full visibility across all endpoints is a key part of allowing attacks to be identified early on and stopped before it is too late. This has ultimately resulted in a more proactive and agile approach to security, enabling administrators to effectively respond to and even pre-empt threats’.

Zero Trust technology

‘Zero Trust’ technology centres around the idea that nobody inside or outside a network should be trusted. As such, before any individual, system or device is granted access to a company’s resources, checks must be carried out to ensure they are who they say they are.

The Zero Trust Network Access solution created for Elecnor measures network connections, checking who or what is connected, how, why and when they are connected, and where they are connected from. Based on this, it then restricts access, thereby minimising data loss. With ZTNA, network access and application access are two completely separate things, meaning users only have access to specific applications instead of the full network. This distinction reduces risks, such as those posed by compromised devices, from reaching the network.

Also, by only making outbound connections, it makes networks and applications invisible to unauthorised users. As a result, IP addresses are never exposed to the internet, and the network is less likely to suffer from a security breach.

Koldo Valle García, Security and Operations Officer at the Elecnor Group, explains that ‘once users have been authorised, access to each application is granted separately’. As such, access to multicloud and/or hybrid applications or resources is granted as and when needed. ‘The aim is to adopt an approach based on granting access for devices, then users, then specific applications, as opposed to a network-centric one. This shifts the emphasis from the network to the internet, making the internet the new corporate network and leveraging end-to-end encrypted micro-tunnels rather than MPLS.’ he adds.

‘Having a cybersecurity partner that specialises in these kinds of projects is essential to ensuring their success’, concludes the Security and Operations Officer.