Sana Analysis, Notification, and Alert Service

Analysis, Notification, and Alert Service (SANA) is the oldest and best considered service in Hispasec's history

SANA provides a complete alert system about software vulnerabilities, updates and patches regarding security, allowing our customer to know the vulnerabilities that could affect theirs products used on a daily basis.

Each customer recieves in a fast and personalized way as many alerts as flaws detected for monitoried products. For more complex systems, we have developed a complete API system that enables to customize and adapt this service to your needs.

Each alert is provided with all information needed and patches (if any) and countermeasures, all within our 24/7 active service.

Historical report for every customer, where vulnerabilities affecting your system may be checked, allowing queries based on any alert characteristic .

The web interface, allows the administrator of your company to catalog vulnerabilities ,so that they can be informed about patched flaws, pending actions, etc.

It is all built-in in our CSIRT services panel , where executive statistics are available.

sana hispasec sana hispasec sana hispasec
Real-time information about vulnerabilities that really affect your systems and how to solve them
Antifraud Online fraude incident response

Antifraud joins Antiphishing, Antitrojan and Forensic analysis services. Antifraud is run by a 24/7 technical team that will handle your incidents as soon as they occur.

Antifraud service enables to handle incidents in an easy way by means of the real-time monitoring. By handling incidents, we mean neutralizing threats (e.g. phishing, trojans, etc.).

This service is oriented to banks and online transaction companies . Hispasec has developed sensors dedicated to detect and analyze fraudulent copies of this websites.

Antiphishing serivice alerts you any time a fraudulent infraestructure is detected and starts taking down process with our 24/7 team. The target is to take down fraudulent websites .

Success is guaranteed. Besides, a deep analysis of the attacker profile is conducted, in order to alert legal forces are alerted who can shutdown the fraudulent copies of websites..

Every incident is documented in our CSIRT and is correlated in executive graphs.

This service is oriented to banks and online transaction companies . Entity is monitored in our systems. If our automatic detection system alerts us about a potential malware affecting your entity, it is deeply studied by our analysis team that reverse-engineer the sample.

Once a trojan affects the entity has been detected, we first alert the customer and then we take down the infrastructure used by the trojan (e.g. dropsites).

Studying the sample enables to know eventual countermeasures that might be implemented in your bank portal in order to prevent some trojan families attacks.

By studying your clients infected systems, we can have a better understanding of the attack vector it is based on. It enables us to know the injection, perpetuation, ciphering, hiding methods, etc. All those characteristics allows us to get the malware profile affecting your company , and improves the detection of another possible families. Aside, it may be possible to implement some countermeasures so that the threats may be mitigated . It also allows us to alert your clients about how to detect suspect behavior when using your banking systems.

Udyat is a service designed to provide the information related to your company by indexing the main data providers such as Google, Blogger, Twitter, Facebook, etc. Udyat integrates a lexical classifier capable of distinguishing the contents that may affect the reputation of your entity.

The automated semantical classification may have false positives or incorrect classifications. This process will provide a concise list, structured by fixed categories which can be further extended by the client.

The service LSI provides an automated analisis 24/7 of the network traffic between the client and your company. It aims to early detect suspicious activities which can shed the light on possible attacks targeting your company.

This service offers you:

  • An early detection of phishing attacks, including the possibility to detect the attack before the spam campaign occurs.
  • The detection of direct web attacks, or attacks showing suspicious activity.
  • The possibility to detect the behavior of trojans which inject code into the victims' browser. If we detect a certain pattern, it is possible to identify which users are infected with trojans such as Zeus, SpyEye, etc. and be proactive.
  • The possibility to study the trojans in order to modify your entity's webpage and therefore mitigate the attack.

Knowing, preventing, and neutralizing the threats (phishing, trojan, etc.) affecting your entity

Hispasec auditing services covers the study of the systems to handle possible vulnerabilities.

Once spotted, they are documented, results are comunicated to the one responsible for them, and proactive reinforcement measures are adopted. Always following a sequential process that allows to improve the system security by learning from the previous attacks.

Auditing your systems allows you to know what is the exact situation of your information assets, regarding proteccion, control and security measures. Auditing your systems is like a complete radiography of your systems security situation.

Auditing services meet 7 phases:

  • Enumerating network, topology and protocols.
  • Identifiying systems and devices.
  • Analysing services and applications.
  • Detecting, and evaluating vulnerabilities.
  • Specific correction measures.
  • Perimetral control in real time with our own technology Sensor Scan Network .
  • Recommendations about implanting and proactive measures.

Auditing services may be:

  • Internal auditing. In this kind of auditing, security of the internal and local networks is evaluated.
  • Perimetral audits. Local or Internet perimetral network is audited.
  • Penetration testing. Penetration testing is designed to access audited systems without any previous knowledge. It is an interesting complement of the perimetral audit.
  • Forensics. Forensics is a set of metodologies to study security incidents that tries to answer this question: ¡How could anyone get into my systems and what where the damages?.
  • Web application audits. It examines external web applications, seeking for vulnerabilities (SQL injection, Cross Site Scripting, etc.)
  • Source code audits. Our team reviews source code of your application, seeking for potential vulnerabilities.

Be aware of the vulnerabilities in your systems and get a technical report with a solution to your problems
Udyat URL Diction Yielding and Analysis Telescope

Udyat is a powerful content crawler developed by Hispasec that registers every mention of your brand on the Internet.

It can index in real time most important services online: (Google, Twitter, Facebook, Blogger...) enabling to generate personal alerts.

You will be able to handle your corporate image and foresee propagation of any mention online.

UDYAT is a powerful lexic classifier able to detect contents that may affect your company's image .

Since automatic detectection may lead to false positives or incorrect classifcations, the suspect content is revised by our analysts that validates and checks its categorization.

This treatment results in a structured lists ordered by categories that may be completed by your own choices.

Besides notifications, a graphical report is provided which includes charts that can be reused further in a presentation for instance.

It includes graphs and tables about:

  • Monthly alerts depending on their categorization
  • Monthly alerts depending on their publication method : press, Facebook, Twitter, etc.
  • Graphics with most used categories and publicatoin.
  • Most offensive alerts for each category.

Alerts may be checked in real time with our HTTP based API. This allows to replicate notification data base so it is integrated within other products, services or security aggregation portals .

Because of the HTTP based interface, it may be integrated with any program language.

udyat hispasec
Monitor your brand in real-time on the Internet, classifiying every mention and accesing graphical statistics


Hispasec was founded at the end of 1988 with the launching of "una-al-día" ("One-Per-Day") which is considered to be the first daily service of technical information about IT security in Spanish language. It was created by a group of specialists with the aim of divulgation of the necessity of IT security for users of new information technologies.

The success obtained by "One-Per-Day" and the rest of public actions implemented by Hispasec (i.e. analysis, comparatives, new developments, etc.) originated in a practically spontaneous way a demand of service by professionals and companies.

Our lab, Hispasec Sistemas, was created in year 2000 in order to attend this demand. Hispasec Sistemas is an organization of a strong technical character, is based on 100% own capital with no participation of other companies and is managed by the very founders and owners of Hispasec.

Keeping track of the original path, the new direction adopted by Hispasec Sistemas makes possible to maintain and reinforce the public and free services given to the community but also to attend the increasing demand of professionals and companies.


Security, our reason for being

Hispasec was born due to and for Information Technology Security. From its very start it has specialized itself in the different areas of IT security.The company concentrates its investments for a dynamic growth according to criteria of purely technical nature and considering its team and their knowledge as its main strength.

Different points of view but one single aim

A multidisciplinary team of specialists in the main technological platforms and security areas allows to approach our projects with different complementary perspectives in order to find the best suitable solution according to the profile and requirements of our clients.

Laboratory acting with independence of third-party companies and/or products

Hispasec does not distribute third-party product nor has economic interests related to them, thus, our independent status has been crucial in guaranteeing the necessary objectivity and rigor in undertaking the study, analysis, and assessment of the security solutions to be adopted by our clients.

Professional consulting and know-how transfer

Hispasec is proud to work in closest contact with its clients proposing them customized services and dedicating a special attention to offering critical (in)formation. Permanent contact tools are at disposal of our clients enabling regular updates and the active participation of the clients in the constant process of security maintenance.

Jorge Carballo -Hispasec Sistemas

Jorge Carballo

CEO Executive Director

Executive director, responsible for the management, administration and business continuity Hispasec.

David García -Hispasec Sistemas

David García

Auditing responsible

He handles the auditing team. Hispasec relies on a multidisciplinar team specialized in every area of the auditing process. They also analyze the latest published vulnerabilities.

Fernando Denis Ramírez -Hispasec Sistemas

Fernando Denis Ramírez

Antifraud responsible

Coordinator for Antifraud team. Responsible for SANA, Antifraud and Udyat services.

Javier Rascón -Hispasec Sistemas
icon twitter

Javier Rascón

Malware responsible

Responsible for the antitrojans team in Hispasec. He manages the team that daily analyze malware smaples affecting our clients, and is behind the software we use for detection.

Contact us


Hispasec Sistemas S.L.
C/ Trinidad Grund 12, 1A-1B
29001 Málaga


Telf: (+34) 952 020 494

E-mails of interests

General information:
Technical information:
Human Resources:
Mensaje enviado correctamente.
Captcha incorrecto.