Norbert Nitsche, Managing Cyber Defense Consultant


Our Co-Managed SIEM approach flexibly
adapts to your needs!
With the SECUINFRA Co-Managed SIEM approach, all SIEM components and data always remain with you. Even the detection mechanisms (SIEM use cases) are your intellectual property and belong to you. This enables trouble-free adjustments to SIEM operations at any time. Depending on the task taken on, our cyber defense experts sit directly with you or access your SIEM via a secure connection.
Our Co-Managed SIEM approach helps you avoid dependencies and hidden costs!
Norbert Nitsche, Managing Cyber Defense Consultant
Norbert Nitsche, Managing Cyber Defense Consultant
Best SIEM Consulting/Service company in Europe
Market Leader Award in Security Information and Event Management (SIEM)
Leading provider of SIEM consulting services in Germany
TOP 10 SIEM Consulting/Service company in Europe
A Co-Managed SIEM service portfolio is ideally modular and can be flexibly adapted to almost any customer requirement. At SECUINFRA, you as the customer decide which competencies you want to build up in-house and which services you want to have managed externally. For companies that do not want to outsource all SIEM services, but only selected ones, a co-managed SIEM approach is perfectly suited.
A partially – or fully – externally managed SIEM offers numerous benefits, including:
Read more about the benefits of Co-Managed SIEM here!
From taking over individual roles to the complete operation of a SIEM, SECUINFRA’s Co-Managed SIEM approach can be specifically adapted to the needs and processes of your company:
SIEM operations require different roles with different skills. With our hybrid, modular and flexible Co-Managed SIEM approach, you decide which skills to build in-house and which services to buy from us. Together, we ensure a first-class SIEM operation. From taking over individual roles to complete SIEM operations, we flexibly adapt to your needs. However you want to operate your SIEM, talk to us. We provide flexible support in the areas where you need our expertise; everything else remains in-house.
Threat Hunting
Level 1 Analysis
Level 2 Analysis
Incident Response Support
SIEM Content Development
SIEM Platform Operation
Log sources monitoring
Within the scope of security monitoring, SECUINFRA Cyber Defense experts not only take over the sustained analysis of IT security incidents, but also carry out a precise qualification of the incidents and provide suggestions for countermeasures.
No matter which SIEM product you use, you will receive lots of more or less qualified SIEM alerts. These still need to be analyzed and evaluated by cyber defense experts in order to assess the impact on your corporate security and initiate countermeasures.
Our cyber defense experts always keep track of the current threat situation and continuously analyze anomalies (SIEM alerts). They escalate security breaches to the incident response team, including an assessment and clear recommendations for countermeasures.
In the area of SIEM content development, SECUINFRA has continuously invested and developed unprecedented concepts, methods and techniques since 2010.
Starting with our “Status Based SIEM” approach, which has enabled SECUINFRA customers to keep track of active cyberattacks and compliance violations, to an “Application Security Cockpit” for monitoring critical applications, to our ever-growing “End-to-End SIEM Use-Case Library”, SECUINFRA has created globally unique SIEM content.
In addition to their own experience, our SIEM content developers draw on the concepts, methods and techniques developed by SECUINFRA on a daily basis and continue to develop them further.
The SIEM use case designer takes your requirements for the SIEM and checks whether and how your requirements can be implemented. Furthermore, he calculates the effort and coordinates the implementation in the areas of log policy development, connector development and use case development. Our SIEM use case designers draw on years of experience in the field of SIEM and can also support you in defining your requirements.
Once the log data is available in the SIEM in the appropriate quality, our SIEM expert brings “intelligence” into the SIEM. To do this, he defines and implements the algorithms that are to be used to detect irregularities. In doing so, he draws on our internal end-to-end use case database. If we do not receive any deviating strict specifications for the development methodology or naming convention, we use our SIEM use case framework.
Our Connector Developer is responsible for connecting log sources to the SIEM. If log sources are not supported by default, we develop appropriate connectors for you. The development of these connectors requires specialized knowledge and, above all, a lot of experience. Since some of our SIEM experts deal with connector development on an almost daily basis, they are able to deliver results quickly and efficiently.
In the Log Policy Development area, we support you in defining the right log policy per log source type. These form the basis of every SIEM. Only if the necessary data is generated with the right content, irregularities can be detected. We draw on several years of experience from numerous projects.
The stable operation of all SIEM components is the basis for detecting security incidents.
Monitoring the availability of all SIEM components helps minimize downtime and prevent data loss.
By monitoring capacity utilization, we analyze historical capacity developments in order to be able to react to bottlenecks in good time.
By maintaining all SIEM components, we ensure that they always remain up-to-date.
Only with high-quality data can security incidents be detected.
We monitor event availability to ensure lossless transmission of security-relevant events from the event source to the SIEM.
When monitoring the quality of incoming events, we focus on ensuring that incoming security-related events can be properly processed by the SIEM.
Our Co-Managed SIEM portfolio is made up of individual modules. Depending on your needs, you can have us perform specific roles or manage the complete operation of your SIEM for you.
We are flexible and can adjust our Co-Managed SIEM service fully to your needs and processes.Together, we decide which co-managed SIEM services to provide on your premises and which can be provided remotely from our Cyber Defense Center in Germany.
Together, we decide which co-managed SIEM services to provide on your premises and which can be provided remotely from our Cyber Defense Center in Germany.
Your data always stays in your possession and never leaves your company. Your data is accessed exclusively from Germany. You have complete control and a full overview of your data at all times.
Our knowledge and expertise are the product of years of hands-on experience in the field operating our own Cyber Defense Center as well as setting up and running numerous SIEM, SOC, CERT and cyber defense centers for notable customers.