Since 2007, the CCN-CERT has hosted the annual STIC CCN-CERT Conference on CIS Security, which has become a meeting place for cybersecurity experts from Public Administrations and companies of strategic interest.

CARMEN, Centre of Log Analysis and Mining of Events, is a tool developed by the National Cryptologic Centre and the company S2Grupo to identify compromises by advanced persistent threats (APTs), and is the first tool based on Spanish technology and know-how.

CARMEN is a tool that collects, processes and analyzes information to generate intelligence mainly from the network traffic. It is made up of agents that compile traffic flows (collection elements), a database engine where information is inserted and a web application that allows representing and checking the collected information so that analysts can work on it and make decisions based on the results provided by the tool.

CARMEN

The data sources which CARMEN is able to work with are listed below:

· Proxy logs

· Passive HTTP

· Passive DNS

· Passive SMTP

· Monitoring and storage of IPC data

CARMEN allows applying predefined rules to every data source to detect undue use and, particularly, to detect significant anomalies (statistics, text chains, temporary series and based on knowledge) that may indicate that the organization has been compromised, and to define and integrate know-how in the tool, ranging from IOC to conditions of the anomaly.

CARMEN intends to identify external movement (C&C servers and ex filtration servers) and lateral movements of an advanced persistent threat. The collection and analysis capabilities of the tool cover the main external communication channels of these threats (web navigation, DNS consultation and email), and different mechanisms of internal communication of the compromised network.

In addition to the persistence stage, CARMEN provides capabilities to detect the threat at the intrusion stage, mainly anomaly conditions to detect common mechanisms of entry, such as watering hole or exploit kits, and deployment and integration of sandboxing capabilities to detect spear phishing.

La operación con garantías de CARMEN requiere disponer de una certificación de empresa en aquellos organismos públicos en los que CARMEN se distribuye libre de costes de licencias, como soluciones desarrolladas por el CCN-CERT para el sector Público. Para obtener la certificación de partner de CARMEN, una empresa debe tener un número de profesionales certificados en cada una de las áreas de especialización en función del número de clientes.

El programa da acceso a los servicios de soporte de nivel 1 y nivel 2 son proporcionados por el fabricante (S2 Grupo)

Las empresas con certificación de empresa o en vías de certificación para operar CARMEN en el sector Público libre de costes de licencias, como soluciones desarrolladas por el CCN-CERT:

Nombre Razón social Web Estado de certificación
CSA Centro Regional de Servicios Avanzados, S.A. www.csa.es

CERTIFICADA
(15/06/2019)
Govertis GOVERTIS ADVISORY SERVICES S.L. www.govertis.com

CERTIFICADA
(08/05/2023)
Grupo ICA ICA SISTEMAS Y SEGURIDAD S.L. grupoica.com

CERTIFICADA
(08/05/2023)
Innotec Security, a Part of Accenture InnoTec System, S.L.U. Innotec.security

CERTIFICADA
(15/11/2019)
S2 Grupo S2 Grupo de Innovación en Procesos Organizativos, S.L s2grupo.es

CERTIFICADA
(01/01/2019)

More information

Contact:

PGP Key Download

FINGERPRINT CCFE 30F5 2D0D 60BB 6C8C F1E4 CC65 C901 8DE2 B669

UE

  • Warnings

    Información IMPORTANTE sobre vulnerabilidades, con alto nivel de riesgo, que deben ser atendidas con especial prontitud por parte de las organizaciones potencialmente afectadas. También se incluyen dentro de esta categoría información sobre la actividad del CCN considerada de especial interés.

    Ejemplos de avisos:

    • Vulnerabilidades críticas (o con scoring muy alto) con actualización de seguridad disponible, que afectan a tecnologías de amplio uso o sensibles y para las que, aunque no se conoce explotación activa ni exploit o prueba de concepto (POC), su explotación remota podría ser factible de forma sencilla con un impacto potencial alto.
    • Información sobre cursos STIC o sesiones de VANESA.
    • Nuevas publicaciones del CCN.
    • Nuevas actualizaciones y/o funcionalidades de las distintas soluciones del CCN-CERT

     

  • Alerts

    Información sobre situaciones que requieren atención INMEDIATA por parte de las organizaciones potencialmente afectadas.

    Ejemplos de alertas:

    • Campañas de ciberataques activas, agresivas y con alta afectación o impacto.
    • Vulnerabilidades críticas (o con scoring muy alto) públicas, sin actualización de seguridad disponible, que afectan a tecnologías de amplio uso o sensibles, cuya explotación remota es factible y con impacto potencial muy alto.
    • Vulnerabilidades críticas (o con scoring muy alto), con actualización de seguridad disponible, que afectan a tecnologías de amplio uso o sensibles, pero que están siendo explotadas activamente o para las que existe exploit o prueba de concepto (POC) público y con impacto potencial muy alto.

In the transitional provision of the Royal Decree 3/2010 comprises a mechanism for the alignment of phased as foreseen in the national security Scheme so that the systems of administrations must be adequate for this scheme in time in any case not exceeding 48 months after the entry into force. The deadline has expired on 30 january 2014.

Royal Decree 951/2015 of 23 October, modifying the previous RD states that systems must conform to the provisions within twenty-four months (November 5, 2017).

The adequacy orderly national security Scheme requires the treatment of the following issues:

The CCN website has set itself the objective of complying with the W3C accessibility standards, which aim to improve accessibility for all users, facilitating their access with any physical condition or environment, including clear and well-structured contents, which improve navigation and user experience.

Certification

In order to meet the aforementioned objective, the CCN website has been submitted to the Web Accessibility Test in its double A level (priorities 1 and 2), having obtained the AA mark. All the requirements of Priority 1 and Priority 2, which can be automatically evaluated, have been satisfactorily assessed.

Measures adopted

This website uses Cascading Style Sheets for visual and information presentation.

The font size is compatible with the font size specified by users in the "text size" option in visual browsers

The images used contain the ALT attribute that includes their description.

W3C standards have been followed for the development of the web.

The pages in this website maintain a semantic markup structure. The H1 tags have been used for the main titles, and the P tag for the structuring of the content development.

Suggestions

If you find any problem or want to make any suggestion related to accessibility please contact us through the following email: info

More Articles …

Page 7 of 7

Ministerio de Defensa
CNI
CCN
CCN-CERT