SOC as a Service

IT departments are reaching their limits

The demands that IT departments have to meet today in the areas of IT security and compliance are constantly increasing. They are required to constantly monitor the latest threat situations worldwide and to be able to respond at any time in emergency situations – so that cyber security is fully guaranteed around the clock. Added to this are new EU data protection and IT security rules. The basic requirements for up-to-date IT security alone are hardly affordable internally, especially for small and medium-sized enterprises.

CANCOM Cyber Defense Services are therefore aimed particularly at customers who are unable to set up 24/7 attack monitoring and defence themselves, or who do not want to do so because of the high internal outlay involved. The CANCOM Security Operations Center (SOC) supports your company in comprehensive cyber defense – to keep security in your operations at the highest level at all times.

To achieve this goal, we rely on trained and motivated experts, market-leading tools and technologies, and optimized processes. With CANCOM SOC as a Service, thanks to monthly billing following the XaaS model you make your IT costs more flexible: Opex instead of Capex!

What is a Security Operations Center?

CANCOM Cyber Defense Services consist of a variety of services and modules, making them far more than the sum of their parts. The services are offered from the CANCOM Security Operations Center (SOC). There, corporate IT environments are monitored by security experts around the clock, 365 days a year. As soon as a security incident is detected, the threat is immediately analyzed and countermeasures are initiated. Potential security gaps are identified and eliminated to safeguard against future threats.

All service modules are obtained from CANCOM as a monthly service after an initial planning and setup phase. CANCOM security analysts work hand in hand with the IT departments of the companies.

The CANCOM SOC service modules

CANCOM „SOC as a Service“
With automated analysis and detection of attacks, our CANCOM Security Analysts keep the security in your company at the highest level. In addition, our analysts can link customer-specific events to global threats and initiate countermeasures.

CANCOM “SOC as a Service” consists of three core elements.

  • Automated analysis and detection of attacks
  • CANCOM Cyber Defense Analysts & Architects
  • Cyber Defense and Incident Response Processes

A SIEM (Security Information & Event Management) solution based on IBM QRadar is used for the automated analysis and detection of attacks. This first takes in data from different, defined sources. This data is then normalized, analyzed and correlated. The sources include both classic security components as well as applications and, nowadays, especially cloud services. The result is intelligent alerts to CANCOM security analysts.

Threat intelligence and information about threats, such as malware or perpetrator groups, also allow our analysts to link customer-specific events with global threats.

You are also welcome to use “SOC light aaS”. This variant has a particularly good price/performance ratio and starts at a minimum of 500 EPS (Events per Second). The nine most important use cases for the detection of security incidents are taken into account. Enterprise users benefit from fast onboarding and highly standardized operation.

The following specific services are included in SOC aaS:

  • Integration of defined IT systems
  • Automated correlation and analysis of data
  • Automated classification of threats by means of a coordinated set of rules
  • 1st level analysis and evaluation of correlated events
  • Advanced 2nd level analysis with integration of threat intelligence
  • Alerting and support of the customer in case of danger
  • Archiving of events and security incidents
  • Ongoing adaptation and optimization of the SIEM system
  • Tool-based reporting on history and trends of events and incidents
  • Creation of reports for compliance requirements (ISO 27001, etc.)

CANCOM “SOC as a Service” with Incident Response
In addition to the “SOC as a Service” services, attacks are defended against at any time on the basis of jointly defined procedures – regardless of operating hours, location or availability of the client’s employees. This means you are always on the safe side.

As an extension to SOC as a Service, CANCOM offers Incident Response.

This enables attacks to be defended against at any time on the basis of jointly defined procedures (runbooks) – regardless of operating hours or whether the customer’s employees are currently available. The actions defined in the runbook allow attacks to be averted or damage to be minimized.

In addition to the SOC as a Service services, the Incident Response:

  • Activation of the CANCOM Incident Security Response (ISR) in the event of a threat
  • Execution of the coordinated procedures for averting danger (runbook)
  • Extended Security Response Reporting

CANCOM Vulnerability Management

CANCOM’s Vulnerability Management checks target systems for known and potential vulnerabilities. This makes it possible to identify and document the current security status of the IT environment. This means that threats can be identified even more quickly.

For secure IT operations, it has become essential to identify potential vulnerabilities. Trends such as digitization and IoT often result in heterogeneous and highly complex IT landscapes that are no longer managed centrally.

The optional vulnerability management checks the target systems for known and possible vulnerabilities. With the help of this information, threats can be assessed in a targeted manner. This enables the current security status of the IT environment to be identified and documented. The information obtained can be automatically integrated into the SIEM system to identify threats even faster.

The following services are specifically included:

  • Detection of IT vulnerabilities with subsequent documentation.
  • Vulnerability scan of target systems checks accessible services and their versions for vulnerabilities
  • Recommendation and information about necessary measures (e.g. patching, reconfiguration, etc.)
  • Alerting on detection of new systems with corresponding vulnerabilities
  • Optional: Integration into the SIEM system
kill-chain-101

Stay one step ahead of cybercriminals with our CYBER KILL CHAIN®

Learn all about the Cyber Kill Chain as an effective model for threat assessment, response and analysis as part of IT security incidents in our practically oriented whitepaper.

Your added value at a glance

Benefits of using the CANCOM SOC: The goal is to ensure security at the highest level and to create end-to-end transparency. This makes security both a qualifiable and quantifiable concept.
  • 24/7 real-time monitoring
    We provide round-the-clock monitoring of worldwide security events


  • Improved responsiveness
    DBy quickly identifying current threat situations, effective countermeasures can be taken at any time


  • Automated analysis
    With the automated analysis of information taking into account the current threat situation, you are always up to date


  • Active defensive measures
    In the event of an attack, effective measures to defend against security threats are initiated immediately as part of the incident response process


  • Rapid alerting system
    By providing new threat alerts and notifications, you are always in control even in the event of a threat situation


  • Secure crisis management
    In the event of cyber threats and incidents, there is rapid coordination and efficient management of precise responses


  • Performance and security reports
    With regular reports on performance and security, you always have an overview of the current situation


  • Continuous improvement of information security
    Ongoing analysis and efficient vulnerability management enables continuous optimization of dynamic IT landscapes


  • Always close at hand
    Additional security provided by the CANCOM SOC team at our German locations / SOC data centers in Hamburg, ensuring that your data always remains protected within the country's borders


      Our partners in the area of Cyber Defense Services

      logo ibm
      i kontakt

      Contact

      Talk to us about your project!

      Contact us! Our experts will contact you quickly and will assist you.