A holistic view on security-relevant events offers many advantages for IT security officers, for instance to identify patterns and avert damage from the IT infrastructure.
However, companies often lack this holistic view, and attacks, irregularities or securities holes are rather identified separately.
With the Security Information and Event Management (SIEM) companies can take a holistic view on their IT security.
We collect all technical protocols (log files) of security-relevant systems in the most different formats, transfer them into a uniform and readable form (normalization) and index them. That way they are available to you and to our security experts in a consolidated form for search queries, pattern recognition and correlation analysis.
The Security Operation Center (SOC) is the heart of our SIEM service. Here we collect all security-relevant data, perform in-depth analysis, evaluate the data, plan preventive measures and implement them.
The basis for this are customized use cases which are stored in the SIEM system. This helps us to ensure an efficient response to security incidents.
Our SOC employees regularly inform you about the status of your IT security and advise you about preventive measures. We provide you with ready-made instruction manuals, so-called “playbooks”, for typical security scenarios. This guarantees a quick and efficient response if a problem occurs.
As a follow-up, the SOC also provides you with the forensic analysis of the event so you can evaluate the extent of the damage and can better protect yourself from future attacks.