SOC as a Service
IT departments are reaching their limits
The demands that IT departments have to meet today in the areas of IT security and compliance are constantly increasing. They are required to constantly monitor the latest threat situations worldwide and to be able to respond at any time in emergency situations โ so that cyber security is fully guaranteed around the clock. Added to this are new EU data protection and IT security rules. The basic requirements for up-to-date IT security alone are hardly affordable internally, especially for small and medium-sized enterprises.
CANCOM Cyber Defense Services are therefore aimed particularly at customers who are unable to set up 24/7 attack monitoring and defence themselves, or who do not want to do so because of the high internal outlay involved. The CANCOM Security Operations Center (SOC) supports your company in comprehensive cyber defense โ to keep security in your operations at the highest level at all times.
To achieve this goal, we rely on trained and motivated experts, market-leading tools and technologies, and optimized processes. With CANCOM SOC as a Service, thanks to monthly billing following the XaaS model you make your IT costs more flexible: Opex instead of Capex!
What is a Security Operations Center?
CANCOM Cyber Defense Services consist of a variety of services and modules, making them far more than the sum of their parts. The services are offered from the CANCOM Security Operations Center (SOC). There, corporate IT environments are monitored by security experts around the clock, 365 days a year. As soon as a security incident is detected, the threat is immediately analyzed and countermeasures are initiated. Potential security gaps are identified and eliminated to safeguard against future threats.
All service modules are obtained from CANCOM as a monthly service after an initial planning and setup phase. CANCOM security analysts work hand in hand with the IT departments of the companies.
The CANCOM SOC service modules
CANCOM โSOC as a Serviceโ
With automated analysis and detection of attacks, our CANCOM Security Analysts keep the security in your company at the highest level. In addition, our analysts can link customer-specific events to global threats and initiate countermeasures.
CANCOM โSOC as a Serviceโ consists of three core elements.
Automated analysis and detection of attacks
CANCOM Cyber Defense Analysts & Architects
Cyber Defense and Incident Response Processes
A SIEM (Security Information & Event Management) solution based on IBM QRadar is used for the automated analysis and detection of attacks. This first takes in data from different, defined sources. This data is then normalized, analyzed and correlated. The sources include both classic security components as well as applications and, nowadays, especially cloud services. The result is intelligent alerts to CANCOM security analysts.
Threat intelligence and information about threats, such as malware or perpetrator groups, also allow our analysts to link customer-specific events with global threats.
You are also welcome to use โSOC light aaSโ. This variant has a particularly good price/performance ratio and starts at a minimum of 500 EPS (Events per Second). The nine most important use cases for the detection of security incidents are taken into account. Enterprise users benefit from fast onboarding and highly standardized operation.
The following specific services are included in SOC aaS:
Integration of defined IT systems
Automated correlation and analysis of data
Automated classification of threats by means of a coordinated set of rules
1st level analysis and evaluation of correlated events
Advanced 2nd level analysis with integration of threat intelligence
Alerting and support of the customer in case of danger
Archiving of events and security incidents
Ongoing adaptation and optimization of the SIEM system
Tool-based reporting on history and trends of events and incidents
Creation of reports for compliance requirements (ISO 27001, etc.)
CANCOM โSOC as a Serviceโ with Incident Response
In addition to the โSOC as a Serviceโ services, attacks are defended against at any time on the basis of jointly defined procedures โ regardless of operating hours, location or availability of the clientโs employees. This means you are always on the safe side.
As an extension to SOC as a Service, CANCOM offers Incident Response.
This enables attacks to be defended against at any time on the basis of jointly defined procedures (runbooks) โ regardless of operating hours or whether the customerโs employees are currently available. The actions defined in the runbook allow attacks to be averted or damage to be minimized.
In addition to the SOC as a Service services, the Incident Response:
Execution of the coordinated procedures for averting danger (runbook)
Extended Security Response Reporting
CANCOM Vulnerability Management
CANCOMโs Vulnerability Management checks target systems for known and potential vulnerabilities. This makes it possible to identify and document the current security status of the IT environment. This means that threats can be identified even more quickly.
For secure IT operations, it has become essential to identify potential vulnerabilities. Trends such as digitization and IoT often result in heterogeneous and highly complex IT landscapes that are no longer managed centrally.
The optional vulnerability management checks the target systems for known and possible vulnerabilities. With the help of this information, threats can be assessed in a targeted manner. This enables the current security status of the IT environment to be identified and documented. The information obtained can be automatically integrated into the SIEM system to identify threats even faster.
The following services are specifically included:
Detection of IT vulnerabilities with subsequent documentation.
Vulnerability scan of target systems checks accessible services and their versions for vulnerabilities
Recommendation and information about necessary measures (e.g. patching, reconfiguration, etc.)
Alerting on detection of new systems with corresponding vulnerabilities
Optional: Integration into the SIEM system
Whitepaper
Stay one step ahead of cybercriminals with our CYBER KILL CHAINยฎ
Learn all about the Cyber Kill Chain as an effective model for threat assessment, response and analysis as part of IT security incidents in our practically oriented whitepaper.
Your added value at a glance
Benefits of using the CANCOM SOC
The goal is to ensure security at the highest level and to create end-to-end transparency. This makes security both a qualifiable and quantifiable concept.
24/7 real-time monitoring
We provide round-the-clock monitoring of worldwide security eventsImproved responsiveness
By quickly identifying current threat situations, effective countermeasures can be taken at any timeAutomated analysis
With the automated analysis of information taking into account the current threat situation, you are always up to dateActive defensive measures
In the event of an attack, effective measures to defend against security threats are initiated immediately as part of the incident response processRapid alerting system
By providing new threat alerts and notifications, you are always in control even in the event of a threat situationSecure crisis management
In the event of cyber threats and incidents, there is rapid coordination and efficient management of precise responsesPerformance and security reports
With regular reports on performance and security, you always have an overview of the current situationContinuous improvement of information security
Ongoing analysis and efficient vulnerability management enables continuous optimization of dynamic IT landscapesAlways close at hand
Additional security provided by the CANCOM SOC team at our German locations / SOC data centers in Hamburg, ensuring that your data always remains protected within the country’s borders