With SECUINFRA’s MDR service, you won’t get lost in a flood of alerts. We undertake not only the DETECTION of cyber-attacks, but also their ANALYSIS and RESPONSE.
The detection of cyber attacks in our MDR service is technologically based on the three pillars of endpoint-based, log data-based and network-based attack detection.
At the endpoint, we deploy advanced Endpoint Detection & Response (EDR) systems. Unlike outdated signature-based detection mechanisms such as AntiVirus, modern EDR systems detect anomalies in the execution of programs. If cyber attacks are detected, they can already be response against automatically at the endpoint.
At the heart of our MDR service is Security Information & Event Management (SIEM). Here we process all relevant log data from your company and supplement it with contextual information and threat intelligence feeds. We rely on our globally unique use case library including cyber deception. Use-case-based attack detection is complemented by machine learning.
The analysis of network-based data is two-pronged in our MDR service. Both a classic intrusion detection system (IDS) and a modern, protocol-based network detection & response (NDR) system are used. If cyber attacks are detected, they can be defended against automatically at the network level using NDR.
When analyzing cyberattacks, it is important to have the right data available and to ask the right questions of that data. We have been dealing with the generation of the right data and the right questions since SECUINFRA was founded in 2010 – you will not find more experience in this field in Germany!
In the event of a cyber attack, in addition to detection and analysis, rapid and professional response is critical. That’s why, when it comes to defending against cyber attacks, we rely on a combination of automated response technologies such as Endpoint Detection & Response (EDR), Network Detection & Response (NDR) and Security Orchestration, Automation and Response (SOAR) on the one hand, and the expert know-how of our cyber defense analysts on the other, who are on duty for you 24/7. In the event of a major incident, our incident responders will support you.
Once an attacker has compromised a system, every minute counts. To stop the attack as early as possible, we rely on automated response technologies. These stop the attacker at the endpoint using EDR, on the network using NDR, and at any other location using SOAR. Which actions are automated is coordinated in advance.
In addition to automated response technologies, our cyber defense analysts are available 24/7. If necessary, they block compromised accounts, disconnect infected systems from the network or carry out other measures agreed in the Incident Response Plan.
Many competitors offer only the operation of cyber-attack detection technologies, relying on manufacturers’ standard rules. Ideally, the alarms generated in this way are evaluated before they are forwarded. The actual work, the in-depth analysis and response against cyber attacks, is left to you, the customer.
SECUINFRA offers you a holistic approach, from detection to analysis and response.
With our MDR service, you can achieve a level of security that is otherwise only reserved for large corporations.
David Bischoff, Principal Cyber Defense Consultant
David Bischoff, Principal Cyber Defense Consultant
Our cyber defense experts are available 24/7 and have in-depth training and experience in detecting, analyzing and defending against cyber attacks. Below is a selection of certifications held by our cyber defense analysts, incident responders, digital forensics experts and malware analysts.
Managed Detection and Response (MDR) is an outsourced service that helps organizations detect, respond to and mitigate complex threats. Unlike traditional security measures, which are primarily focused on preventing attacks, MDR focuses on detecting and responding to threats that have breached the first line of defense.
MDR uses advanced technologies such as machine learning and behavioral analysis to identify suspicious activity. As soon as a threat is detected, the MDR team reacts quickly to isolate the threat and minimize its impact. It is therefore a proactive and continuous approach to monitoring cyber security.
Conventional security measures such as firewalls and anti-virus software are important, but are often not enough to detect and respond to complex attacks. MDR provides a deeper and more comprehensive layer of security by combining continuous monitoring, advanced threat detection and rapid response to minimize the risk of security breaches and reduce the impact of a potential incident.
Managed Detection and Response (MDR) is an advanced cyber security service that combines the capabilities of security technologies, advanced analytics and human experts to protect organizations from cyber threats.
MDR service providers continuously monitor a company’s IT infrastructure to identify anomalies and suspicious activity. If a threat is detected, the MDR team responds quickly to investigate the incident, determine the extent of the threat and take appropriate action to mitigate and eliminate the risk.
Compared to in-house solutions, MDR services offer round-the-clock monitoring and response, which is often difficult to achieve with an in-house team. In addition, MDR service providers have expertise in a variety of security areas and stay up-to-date with the ever-evolving cyber threat landscape.
By outsourcing to an MDR service provider, an organization can benefit from the expertise of a dedicated security team without the costs and challenges associated with building and maintaining its own in-house security team. Overall, this can lead to a more efficient and cost-effective cybersecurity solution.
When selecting an MDR service provider, a number of criteria should be taken into account:
Remember that choosing an MDR service provider depends on many factors, including the size of your business, the industry you operate in and the specific risks you face. Take advantage of our support and let us advise you on the various criteria.
Since the detection mechanisms are selected from our use case database on a customer-specific basis, it is not possible to make a categorical statement in this regard.
However, during an initial consultation, we would be happy to show you the potential coverage provided by the MDR service using the MITRE ATT&CK matrix. Please contact our sales team for this.
At the beginning of the contractual relationship, a fixed price per asset is set for various asset categories. Asset categories are differentiated between workstations, servers, network devices and firewalls (up to 1GB/s).
With our fixed price model, your future costs are clearly calculable and you save yourself unpleasant surprises.
After the assignment, the onboarding phase begins, during which close coordination with you takes place. Since cyber-attack detection is highly dependent on the particular IT landscape, service parameters need to be adapted to your organization at this stage.
Since this coordination is crucial for success, we take between four and eight weeks for this, depending on the size of the organization and the number of contacts.
During the onboarding phase, technical implementation is also already underway. However, this is usually completed much more quickly than the substantive coordination between the contracting parties.
Finally, the service goes into trial operation, which usually lasts a month. The total time to go live from the specified start date is therefore 8 to 12 weeks.
At the beginning, a precise coordination between the technical contacts on the customer side and the cyber defense experts of SECUINFRA is necessary in order to outline the existing IT landscape and to select suitable detection mechanisms.
The primary and ongoing task for you as a customer is to provide SECUINFRA with all the necessary information about your IT landscape so that the detection mechanisms always function reliably.
The task of your IT is then to connect all systems to be monitored to our system by installing agents or configuring the forwarding of logs via syslog. However, we will support you in this as far as possible.
SECUINFRA sets very high standards when recruiting staff and introduces each new employee to all relevant specialist topics in a program lasting several months to ensure consistent competence.
Since SECUINFRA has been exclusively dedicated to the detection, analysis and defense of cyber attacks since its foundation in 2010, our analysts already have extensive experience.
As a customer, you have a fixed contact person in the MDR area who exchanges information with you on a cyclical basis and is available if required. This applies to all administrative matters.
Since our cyber defense analysts are on duty around the clock, there can be no fixed point of contact for operational service that is available at all times. However, we make every effort to provide you with the same contact persons for each shift and for as long as possible.
According to the Service Level Agreement (SLA), the contractually guaranteed response time is 30 minutes, but the response is usually provided in less than 15 minutes.
The Service Level Agreement (SLA) guarantees 99.5% availability of the central components of the MDR service.
The so-called retention time is 60 days. During this time, the data can be used to detect and defend against attacks.
Best SIEM consulting/service company in Europe
Market leader in Security Information Event Management (SIEM)
Leading provider of SIEM consulting services in Germany
TOP 10 SIEM consulting/service companies in Europe
Every IT landscape is different and none is completely static. To take this into account, our MDR service does not offer a fixed set of detection mechanisms, but always makes an individual selection and adaptation of all centralized detection mechanisms.
To achieve this goal, the onboarding of new customers into the SECUINFRA MDR service starts with a detailed exchange about the customer’s requirements and IT landscape. The goal is to develop a mutual understanding of the elementary processes, a mapping of the IT landscape to be monitored and a common detection target within the framework of a series of workshops.
The service workshops are followed by the deployment of the platform. For this purpose, log and network appliances are installed on site to ensure secure and reliable collection and transmission of security-relevant log and network data.
As soon as the first data has been transferred to one of our two data centers in Germany, the onboarding of the customer into SECUINFRA’s security monitoring begins. To enable environment-specific detection mechanisms, the provision of the necessary context data is coordinated.
To achieve the best possible response in the event of an emergency, key IT contacts are integrated into our runbooks.
As a rule, onboarding in SECUINFRA MDR is completed after four to eight weeks and the new customer moves on to SECUINFRA’s regular 24/7 monitoring.
Our MDR service has a modular structure and even the basic version includes a very wide range of functions and services that go far beyond basic coverage of most requirement profiles.
With these modules, our Managed Detection & Response service already meets all the requirements defined by Gartner for a full MDR service and a Managed SOC (MSOC). Most cyber defense compliance requirements are also met out of the box with our service.
Our MDR Basic Service already includes far more than comparable services from our competitors. It includes all technologies and services for comprehensive DETECTION, ANALYSIS and RESPONSE of cyber attacks based on event log data, threat intelligence feeds and cyber deception.
However, should a major security incident occur, SECUINFRA provides support with the following services, which are billed on a time and material basis:
Endpoint-based detection and response against cyber attacks is one of the most important pillars of modern cyber detection & response and is an optimal complement to log data-based attack detection.
Our MDR service BASIS+ therefore includes the following services:
The MDR Complete service adds the pillars of endpoint-based cyber attack detection and response and log data-based attack detection to the pillar of network-based cyber attack detection and response. This provides you with comprehensive detection, analysis and response against cyber attacks and puts you in an excellent position in this area.
Our MDR Premium Service complements our comprehensive MDR Complete Service for detecting, analyzing and defending against cyber attacks with Vulnerability Management, which is important for compliance reasons.
In addition to the comprehensive detection, analysis and response against cyber attacks from our MDR Complete service and vulnerability management, which is important for compliance reasons, we support you with our MDR Premium+ service in reducing the risk of successful phishing attacks on your company:
Supported by automation and SOAR systems, our specialists quickly categorize, prioritize and triage security incidents. Depending on the agreement with the customer, we escalate the tickets to your employees or take over further processing ourselves.
Escalation and tracking of incidents as well as reporting and automation are our strengths. In the event of a security incident, we contact your specialist departments so that security incidents can be processed quickly and efficiently and further damage can be avoided.
We support you with critical security incidents through incident management, forensics and malware analysis. In addition, we assess your current security situation through threat hunting and integrate threat intelligence where appropriate. Malware infections and major security incidents are routine for our cyber defense analysts.
In order to be able to offer a stable service, all components of the MDR service are monitored at hardware and software level. This also includes the appliances installed at the customer's premises.
Against the backdrop of a constantly changing threat situation, the continuous development of our Managed Detection & Response Services is an integral part of our service. The detection mechanisms and response options are therefore being continuously developed for all customers of our service.
As a customer, you will be informed about these further developments as part of our regular service reviews and can also use this progress to prove compliance with compliance requirements (e.g. VAIT, BAIT, TISAX, ISO27001) or legal requirements such as KRITIS.
Contact form at the bottom of the page
"*" indicates required fields
©2025 SECUINFRA GmbH. All rights reserved.