The cyber defense architect reviews your requirements for the SIEM and checks whether and how they can be implemented. They also calculate the outlay required and coordinate the implementation in the areas of log policy development, connector development and use case development. Our cyber defense architects draw on many years of experience in the field of SIEM and can also help you with defining your requirements.
From taking on individual roles to operating the whole SIEM, we adapt with flexibility to your requirements. All the while, your data stays with you.
When it comes to analysis, you can rely on the highly specialized knowledge of our cyber defense analysts. Our cyber defense analysts have completed numerous training courses and acquired many certifications, but, above all, they have many years’ experience of working in various security operations centers as well as in our own Cyber Defense Center.
When initiating countermeasures, we adapt to your processes. If desired, we can help you optimize your incident response processes.
We can also take care of just the platform operation of your SIEM, the connection of new and maintenance of existing event sources, or the development and maintenance of use cases and SIEM connectors. This means you can dedicate all your resources to detecting, analyzing and defending yourself against cyber attacks.
However you want to operate your SIEM, speak to us. We will support you in the places where you need our expertise, and everything else stays with you in-house.
Our entire Co-Managed SIEM service portfolio has a modular structure, meaning it is very flexible and can be adapted for virtually any customer requirement. Depending on your needs, you can engage us to perform individual or multiple roles.
We are flexible and can adapt our Co-Managed SIEM service completely to your needs and processes. If desired, we can also help you optimize your incident response processes.
Our Co-Managed SIEM service portfolio is designed as a hybrid. Together, we decide which services should be performed on your premises and which should be performed remotely from our Cyber Defense Center in Germany.
Your event log data remains with you at all times and never leaves your company. Your event log data is accessed exclusively from Germany. You have complete control and a full overview of your data at all times.
SECUINFRA is an owner-operated company based in Germany. We are your local partner in matters of co-managed SIEM. We are subject to German jurisdiction and comply with German data protection laws.
Many years of experience
Our knowledge comes from practice and is based on many years of experience in operating our own Cyber Defense Center as well as setting up and operating numerous SOC, CERT and cyber defense centers of notable customers.
We do not leave you alone with your SIEM alerts. We support you with detailed analyses and assessments of recognized indicators of compromise (IOC) and make recommendations of countermeasures you can take. With network forensics and endpoint forensics, we help to get a clear picture of the whole incident.
In the area of security intelligence, we help you and your colleagues to acquire security-related information from your SIEM and enable you to get a better idea of the quality and efficiency of your cyber defense capacities.
Cyber Defense Center Quantity Metrics
Security Breaches by segment
Get an overview of where in your company security breaches have occurred over a particular period.
Security Breaches by type
Learn what type of security breaches have occurred in your company during a particular period.
Security breaches trend
See an overview of how many security breaches have occurred in your system over the past few days/weeks/months/years.
Cyber Defense Center Quality Metrics
Quality trend use cases und Cyber Defense Center
Through the quality metrics, you receive an overview of the quality of the use cases and our Co-Managed SIEM service.
Cyber Defense Center Efficiency Metrics
Processing times operator & analyst
With the efficiency metrics, you receive an overview of the effectiveness of our Co-Managed SIEM service through monitoring of processing times.
Cyber defense services
Overview of critical alerts
Regardless of which SIEM product you use, you will receive a large number of more or less legitimate alerts. These first have to be analyzed and assessed by cyber defense experts, so that the consequences for your company’s security can be determined and countermeasures can be initiated.
Security status overview
We have many years of experience in developing SIEM use cases and SIEM content packages to give a visual representation of complex situations. This makes it possible for our cyber defense experts to maintain a constant overview of the current threat situation and any attacks currently taking place.
Escalated security breach
If, following a precise analysis of an indicator of compromise (IOC), we come to the conclusion that we have a security breach on our hands, we escalate the situation to initiate countermeasures. This is, of course, accompanied by the results of the analysis, an assessment and clear recommendations for countermeasures.
Cyber Defense Development
If there is log data of suitable quality available in the SIEM, our use case developer brings “intelligence” into the SIEM. For this, they define and implement algorithms which should allow irregularities to be detected, drawing on our internal use case database. If we do not receive any differing strict specifications for the development methodology or naming conventions, we use our SIEM use case framework.
Our connector developer is responsible for connecting log sources to the SIEM. If log sources are not supported by default, we develop suitable connectors for you. The development of these connectors requires specialist knowledge and, above all, a lot of experience. As some of our SIEM experts are engaged in developing connectors nearly every day, they are in a position to deliver swift, efficient results.
In the area of log policy development, we support you in defining the right log policy for each log source type. These form the basis of every SIEM. Only if the necessary data can be created with the right content can irregularities be detected. Here, we draw on many years of experience from numerous projects.
SIEM platform operation
Detecting security-related incidents by means of an SIEM relies on the stable operation of all SIEM components. However, it is also important to ensure that security-related events are provided to the SIEM without losses and that these are interpreted correctly by the SIEM.
With our Co-Managed SIEM service, we monitor both the availability and utilization of all SIEM components, as well as the lossless transfer and quality of security-related events to the SIEM.
If, for example, we notice irregularities in the availability of SIEM components or inconsistencies in the quality of events, we will take proactive measures to solve any possible problems.
Furthermore, with our Co-Managed SIEM service, we ensure that all SIEM components and the underlying operating systems are kept up to date.
SECUINFRA Co-Managed SIEM
Monitoring and maintenance of SIEM components
Monitoring the availability of all SIEM components helps you to minimize downtime and prevent data loss.
By monitoring the utilization, we can analyze historical capacity developments, enabling us to react quickly to congestion.
Through SIEM maintenance of all components belonging to the SIEM, we ensure that these always remain up to date both on the operating system level and the application level.
After running a test phase in our Cyber Defense Lab, we implement current operating system patches and SIEM service packages or we upgrade operating systems and SIEM components to current versions.
This makes outdated SIEM systems a thing of the past.
SECUINFRA Co-Managed SIEM
Monitoring and maintenance of SIEM event sources
We monitor event availability in order to achieve a lossless transfer of security-related events from the event source through the connectors into the SIEM.
Quality of incomming
When monitoring the quality of incoming events, we focus on making sure that incoming security-related events can be processed correctly by the SIEM.
Maintenance of the
Through maintenance of the SIEM connectors, we regularly implement improvements of the SIEM product manufacturer when processing incoming events.
Before implementing new connector versions, we test these extensively in our Cyber Defense Lab to enable us to detect any possible impacts on your SIEM use cases. If we detect impacts on your SIEM use cases, we adjust these in consultation with you.
This prevents there being connector updates which impair the operability of your use cases.
Our entire Co-Managed SIEM service portfolio has a modular structure, meaning it is very flexible and can be adapted for your requirements. We have gathered together a few examples of this in practice to demonstrate how we work with our other customers.
We are happy to put you in touch with our reference customers on request.
With our first Co-Managed SIEM customer in the area of financial services, we have built up a relationship of trust over several years as their SIEM content provider. In 2014, for reasons of compliance, our customer was facing the decision of whether to set up an SOC themselves or to purchase managed SIEM externally. The idea was simple and brilliant: SECUINFRA provides these services. Our Cyber Defense Center was born.
One of our largest customers with over a billion security events per day comes from the area of IT services. In the context of their outsourcing projects, they are required to offer managed SIEM, but do not regard this as part of their core business. In SECUINFRA, they have found a reliable partner with expert knowledge who can provide their customers with professional support in the field of SIEM.
One of our customers from the area of insurance made a conscious decision from the outset to purchase SIEM platform operation from SECUINFRA. Furthermore, we help our customers to maintain an overview of their current threat situation. In this way, they free up their capacities and are able to concentrate on detailed analysis and defending themselves against cyber attacks. New SIEM content is developed collaboratively on a project basis.