Norbert Nitsche, Managing Cyber Defense Consultant
SIEM operation of your choice –
according to your requirements!
- Modular: Takeover of individual roles up to complete SIEM operation.
- Flexible: We adapt flexibly to your
needs and processes.
- Hybrid: Provision of services from our
Cyber Defense Center or at your site.
Our Co-Managed SIEM approach flexibly
adapts to your needs!
With the SECUINFRA Co-Managed SIEM approach, all SIEM components and data always remain with you. Even the detection mechanisms (SIEM use cases) are your intellectual property and belong to you. This enables trouble-free adjustments to SIEM operations at any time. Depending on the task taken on, our cyber defense experts sit directly with you or access your SIEM via a secure connection.
Our Co-Managed SIEM approach helps you avoid dependencies and hidden costs!
Norbert Nitsche, Managing Cyber Defense Consultant
Our awards in the field of Co-Managed SIEM
Best SIEM Consulting/Service company in Europe
Market Leader Award in Security Information and Event Management (SIEM)
Leading provider of SIEM consulting services in Germany
TOP 10 SIEM Consulting/Service company in Europe
The 3 most important FAQ about Co-Managed SIEM
A Co-Managed SIEM service portfolio is ideally modular and can be flexibly adapted to almost any customer requirement. At SECUINFRA, you as the customer decide which competencies you want to build up in-house and which services you want to have managed externally. For companies that do not want to outsource all SIEM services, but only selected ones, a co-managed SIEM approach is perfectly suited.
A partially – or fully – externally managed SIEM offers numerous benefits, including:
- Support from experienced cyber defense analysts in monitoring and assessing alerts and responding appropriately to actual threats.
- Continuous network monitoring by cyber defense experts, 24/7 if desired.
- Flexible use of IT security budget through an externally managed SIEM.
Read more about the benefits of Co-Managed SIEM here!
From taking over individual roles to the complete operation of a SIEM, SECUINFRA’s Co-Managed SIEM approach can be specifically adapted to the needs and processes of your company:
- The hybrid offering allows services to be provided either on-site or remotely from one of SECUINFRA’s Cyber Defense Centers in Germany.
- Data protection is guaranteed at all times. The data does not leave your company and access to it is exclusively from Germany.
- Through a large number of successful project completions in the area of SIEM consulting and services, SECUINFRA experts bring extensive expertise to the services offered.
Overview of our Co-Managed SIEM Services
SIEM operations require different roles with different skills. With our hybrid, modular and flexible Co-Managed SIEM approach, you decide which skills to build in-house and which services to buy from us. Together, we ensure a first-class SIEM operation. From taking over individual roles to complete SIEM operations, we flexibly adapt to your needs. However you want to operate your SIEM, talk to us. We provide flexible support in the areas where you need our expertise; everything else remains in-house.
- Log data analysis based on internal or external incidents.
- Log data analysis based on newly discovered IOCs and detected attacks at other SECUINFRA customers
- Clear recommendations for action for the incident response team in case of security incidents.
Level 1 Analysis
- Initial analysis of SIEM alarms.
- Elimination of false positives and duplicate alerts.
- Escalation of relevant incidents to Level 2 analysis.
Level 2 Analysis
- Detailed analysis and evaluation of relevant incidents.
- Consultation with affected users and responsible parties for clear assessment of relevant incidents.
- Clear recommendations for action for the incident response team in the event of security incidents.
Incident Response Support
- Conducting compromise assessments to identify compromised IT systems.
- Conducting forensic analyses to clarify the course of events and to preserve evidence.
- Support in the area of incident response to restore IT operations as quickly as possible.
SIEM Content Development
- Development, maintenance and continuous optimization of “end-to-end SIEM use cases.
- Development, maintenance and continuous optimization of additional SIEM content.
- Development, maintenance and continuous optimization of connections to external systems.
SIEM Platform Operation
- Ensuring smooth SIEM operation.
- Constant monitoring of availability and utilization of all SIEM components.
- Continuous updating of all SIEM components.
Log sources monitoring
- Ensuring the quality and availability of connected log data.
- Continuous monitoring of availability and quality of connected log data.
- Carrying out necessary updates in case of changes to log sources.
Co-Managed SIEM – Level 1- and Level 2-Analysis
Within the scope of security monitoring, SECUINFRA Cyber Defense experts not only take over the sustained analysis of IT security incidents, but also carry out a precise qualification of the incidents and provide suggestions for countermeasures.
A SIEM product only sounds the alarm
No matter which SIEM product you use, you will receive lots of more or less qualified SIEM alerts. These still need to be analyzed and evaluated by cyber defense experts in order to assess the impact on your corporate security and initiate countermeasures.
SECUINFRA Co-Managed SIEM can do more!
Our cyber defense experts always keep track of the current threat situation and continuously analyze anomalies (SIEM alerts). They escalate security breaches to the incident response team, including an assessment and clear recommendations for countermeasures.
Co-Managed SIEM – SIEM Content-Development
In the area of SIEM content development, SECUINFRA has continuously invested and developed unprecedented concepts, methods and techniques since 2010.
Starting with our “Status Based SIEM” approach, which has enabled SECUINFRA customers to keep track of active cyberattacks and compliance violations, to an “Application Security Cockpit” for monitoring critical applications, to our ever-growing “End-to-End SIEM Use-Case Library”, SECUINFRA has created globally unique SIEM content.
In addition to their own experience, our SIEM content developers draw on the concepts, methods and techniques developed by SECUINFRA on a daily basis and continue to develop them further.
The SIEM use case designer takes your requirements for the SIEM and checks whether and how your requirements can be implemented. Furthermore, he calculates the effort and coordinates the implementation in the areas of log policy development, connector development and use case development. Our SIEM use case designers draw on years of experience in the field of SIEM and can also support you in defining your requirements.
Once the log data is available in the SIEM in the appropriate quality, our SIEM expert brings “intelligence” into the SIEM. To do this, he defines and implements the algorithms that are to be used to detect irregularities. In doing so, he draws on our internal end-to-end use case database. If we do not receive any deviating strict specifications for the development methodology or naming convention, we use our SIEM use case framework.
Our Connector Developer is responsible for connecting log sources to the SIEM. If log sources are not supported by default, we develop appropriate connectors for you. The development of these connectors requires specialized knowledge and, above all, a lot of experience. Since some of our SIEM experts deal with connector development on an almost daily basis, they are able to deliver results quickly and efficiently.
In the Log Policy Development area, we support you in defining the right log policy per log source type. These form the basis of every SIEM. Only if the necessary data is generated with the right content, irregularities can be detected. We draw on several years of experience from numerous projects.
Co-Managed SIEM – SIEM platform operation
The stable operation of all SIEM components is the basis for detecting security incidents.
Monitoring the availability of SIEM components
Monitoring the availability of all SIEM components helps minimize downtime and prevent data loss.
Monitoring the utilization of SIEM components
By monitoring capacity utilization, we analyze historical capacity developments in order to be able to react to bottlenecks in good time.
Maintenance of all SIEM components
By maintaining all SIEM components, we ensure that they always remain up-to-date.
Co-Managed SIEM – Log source monitoring
Only with high-quality data can security incidents be detected.
Monitoring the availability of incoming events
We monitor event availability to ensure lossless transmission of security-relevant events from the event source to the SIEM.
Monitoring the quality of incoming events
When monitoring the quality of incoming events, we focus on ensuring that incoming security-related events can be properly processed by the SIEM.
Maintenance of the data connections
That´s why SECUINFRA!
More informative blog posts and technical articles on Co-Managed SIEM!
References in the field of Co-Managed SIEM
SECUINFRA does not name clients or references publicly! The desire of our clients for confidentiality is always above the marketing interests of SECUINFRA.
- SUCCESS THROUGH RECOMMENDATION
Since 2010 we have been focusing on SIEM Consulting and have gained more SIEM Consulting experience than any other company in Europe in more than 150 customer projects on 28,000 SIEM Consulting days. Nearly all customers became aware of SECUINFRA through recommendation and have in turn recommended us to others.
- REFERENCE ON REQUEST
In case of legitimate interest, we will put you in contact with suitable reference customers.