Martin Ullrich, Head of Cyber Defense Consulting
SIEM Consulting
We get more out of your SIEM -
the best!
- Smooth SIEM implementation through a custom-fit SIEM concept.
- Efficient SIEM operation through the deployment of effective use cases.
- ISO 27001 certified 24/7 security monitoring from Germany.
30+
SIEM experts
28.000+
SIEM consulting days
150+
SIEM consulting projects
Save time and money – trust SECUINFRA, the market leader in SIEM consulting/services, right from the start!
With our expertise, we get the best out of your SIEM!
A successful SIEM (Security Information and Event Management) implementation requires more than just installing a SIEM product and connecting event sources. Our team of more than 30 SIEM experts not only ensures a smooth SIEM implementation, but also ensures that you gain relevant added value from your SIEM after only a short time. Elementary for us is the individual planning of your SIEM – according to your business requirements and associated expectations. Typical mistakes in the implementation phase as well as in the ongoing SIEM operation are thus avoided and cost explosions prevented.
With our hybrid, modular and flexible co-managed SIEM approach, you decide which competencies you want to build up in your company and which services you use from us. Our cyber defense experts are available to you 24/7. All our services are of course ISO 27001 certified.
Together we ensure a first-class operation of your SIEM!
“SIEM has been SECUINFRA’s core competence since 2010. Through our years of experience, we get the best out of your SIEM.”
Martin Ullrich, Head of Cyber Defense Consulting
Our awards in the field of SIEM consulting
Best SIEM Consulting/Service company in Europe
Market Leader Award in Security Information and Event Management (SIEM)
Leading provider of SIEM consulting services in Germany
TOP 10 SIEM Consulting/Service company in Europe
The most important FAQ from the field of SIEM consulting
The digitization of all branches of business is advancing inexorably. However, the range of IT security threats is increasing at the same rate. A SIEM (Security Information and Event Management) provides crucial added value for your company’s information security: It enables you to comprehensively collect security-relevant data, consolidate it in a centralized repository and automatically detect anomalies and rule violations based on previously defined use cases. By using a SIEM system, your IT security team will be able to respond more quickly to cyber threats of all kinds. This is because the time required to identify an acute threat, the Meantime to Detect, can be significantly reduced. This is a decisive advantage, especially in the case of critical attacks on your IT infrastructure. In addition, with a SIEM you ensure the ability to analyze and preserve evidence, thereby ensuring compliance and legal requirements are met, among other things.
Important: Before deciding on a SIEM solution, it is essential to define which functions are really needed in the company.
We have experience with all the leading SIEM vendors and have worked closely with many of them for years.
Our selection of SIEM solutions includes:
- Microsoft Sentinel
- Elastic
- Splunk
- IBM QRadar
- MicroFocus Arcsight
- Exabeam
- LogRythm
- LogPoint
More and more companies want to increase their security with a SIEM – but this becomes difficult or impossible, especially with small budgets or a lack of in-house IT security experts. SECUINFRA’s flexible, hybrid co-managed SIEM approach gives you the opportunity to implement your individual SIEM according to a modular principle. The modular structure allows you to decide individually about your own services and external support. If you lack resources, expertise or specialists for certain areas, these gaps can be filled with the help of our co-managed SIEM approach.
SIEM use cases have to be selected and adapted to the respective company in such a way that they can cover many threat scenarios with as little effort as possible. As a leading IT security service provider, we have our own use case library with more than 200 use cases – with more being added every month. Developed by our cyber defense experts, this ensures maximum effectiveness of use cases with high efficiency for our customers. We implement use cases that we have developed and tested many times based on the MITRE ATT&CK framework, instead of just activating use cases from SIEM vendors. As another unique selling point, we also develop the necessary specifications for log policies, test routines and runbooks. This keeps the use of monetary and time resources to a minimum.
With SECUINFRA’s flexible co-managed SIEM approach, any SIEM system as well as the required components can be installed and operated within the customer’s network. You as the customer provide the operating system platform on which our team of experts installs, configures and operates the SIEM system via remote access. Alternatively, it is also possible that you operate the platform independently and are only supported by individual components of SECUINFRA. With this hybrid offering, data protection is guaranteed at all times. Your data does not leave your company and access to it is exclusively from Germany.
In order for a SIEM to efficiently and effectively counter current and future cyber threats, different roles with different skills must be filled within the SIEM system. From monitoring log sources to developing SIEM content to incident response and threat hunting, the technology only works if all roles are perfectly staffed. This is exactly where we come in with our hybrid, modular and flexible co-managed SIEM approach: You decide individually which competencies you want to build up in-house and which services you want to purchase from us. In close cooperation, a first-class SIEM system is created – without hidden costs and dependencies. We guarantee that all SIEM components and data remain with you at all times. We provide all our services 24/7 with German-speaking experts. Not only our Co-Managed SIEM Service is ISO 27001 certified, but the entire SECUINFRA company.
Individual SIEM planning
We plan your optimal SIEM together with you – according to your individual requirements and expectations.
SIEM workshop
There are many points to consider when introducing a SIEM. Based on our experience since 2010 in the implementation and operation of SIEM, we offer a workshop. During the workshop all points regarding your SIEM will be discussed in detail. After the workshop you will have a clear picture of what to consider when implementing and operating your individual SIEM.
SIEM consulting
SIEM is much more than a product. The introduction should be very well planned to avoid false expectations and later cost explosions. Our experience of more than 28,000 SIEM consulting days in over 150 projects enables us to provide you with optimal advice in this area. In doing so, we address your requirements and expectations and support you in developing a concept that forms the basis for the introduction and operation of a SIEM.
SIEM concept
Before introduction, all points regarding SIEM should be clarified and recorded in a concept. Together with you, we create this concept. Here you bring your expectations of your SIEM and we complement these with our years of experience in the areas of SIEM consulting and operational support. The concept serves as a basis for the introduction and later operation of your SIEM and can also be used perfectly for a SIEM tender.
Comprehensive SIEM implementation
We work with you to holistically prepare the introduction of your SIEM to ensure smooth and efficient SIEM operations for your company right from the start.
Before buying an SIEM product, you should at least consider the following points: your SIEM objectives and overall conditions, SIEM use cases, event sources, audit log policies, EPS, GB/day, retention, SIEM roles, SIEM operating models, SIEM processes and works council involvement.
SECUINFRA is here to support you with all of these and other SIEM topics.
You bring with you your SIEM-related expectations and goals, to which we add our many years of experience in the fields of SIEM consulting and operational support.
Before introducing an SIEM solution, we clarify with you all points related to SIEM and set them out in an SIEM concept.
The SIEM concept is the basis for introducing and subsequently operating your SIEM solution. It’s also the perfect framework for an SIEM request for proposal.
Choose a SIEM product
In recent years, we’ve become familiar with the pros and cons of all of the leading SIEM products. We’ll gladly pass along what we’ve learned to you.
Determine the SIEM solution’s design
Based on the SIEM concept laid out during the planning phase, we design the ideal SIEM solution for you.
Implement a SIEM solution
Once the product has been selected and the design is complete, we implement the SIEM solution in your infrastructure.
Introduce additional detection tools
Standard event sources aren’t adequate for identifying all relevant events, which is why we recommend using additional tools. We help you choose and implement them.
Connect event sources
An SIEM without events is like a sailboat without wind. We integrate all the necessary event sources into your SIEM solution. If they aren’t supported as standard, we develop the necessary connectors.
Audit log policies
Only recognized, logged events can be evaluated by an SIEM solution. We help you define the ideal audit log policies.
SIEM use cases
SIEM use cases enable you to identify relevant incidents within the volumes of data in your SIEM solution. When creating SIEM use cases, we draw on many years of experience and an extensive database of SIEM use cases.
Create SIEM content packages
SIEM use cases enable detection of relevant incidents. Our SIEM content packages provide a manageable overview of them and prepare them for further processing.
Interfaces to other tools
An SIEM solution should be at the core of your cyber defense strategy and offer numerous interfaces to other tools, such as ITSM, asset databases and vulnerability scanners. We help you integrate the SIEM solution into your IT management infrastructure.
Introduce SIEM processes
Operating an SIEM solution requires a clear operating concept with coordinated processes. We help you implement the processes defined in the SIEM concept.
Introduce an SIEM operating concept
We help you implement the defined SIEM operating concept. On request, we can also manage individual operating roles for you.
SIEM training and knowledge transfer
SECUINFRA also supplements the implementation of your SIEM solution with extensive services that facilitate knowledge transfer. In addition to product training, our primary objective is to teach you how to use your SIEM solution for your specific tasks.
Modular and flexible SIEM operation
We support you with our co-managed SIEM approach exactly where you need additional competencies from our experts.
SIEM operations require different roles with different skills. With our hybrid, modular and flexible co-managed SIEM approach, you decide which skills you want to build in your organization and which services you buy from us. Together, we ensure a world-class SIEM operation.
Our co-managed SIEM approach flexibly adapts to your needs.
Threat hunting
• Log data analysis based on internal or external incidents
• Log data analysis based on newly discovered IOCs and detected attacks on other SECUINFRA clients
• Clear recommendations for the incident response team if and when security incidents occur
Level 1 analysis
• Initial analysis of SIEM alerts
• Elimination of false positives and duplicate notifications
• Escalation of relevant incidents to Level 2 analysis
Level 2 analysis
• Detailed analysis and assessment of relevant incidents
• Consultation with the users and staff affected to clearly assess relevant incidents
• Clear recommendations for the incident response team if and when security incidents occur
Incident response support
• Performance of compromise assessments for identifying compromised IT systems
• Performance of forensic analysis to clarify the course of events and secure evidence
• Incident response support for the fastest possible recovery of IT operations
SIEM content development
• Development, maintenance and continuous optimization of end-to-end SIEM use cases
• Development, maintenance and continuous optimization of other SIEM content
• Development, maintenance and continuous optimization of connections to external systems
SIEM platform operation
• Ensuring a smooth SIEM operation
• Permanent monitoring of the availability and utilization of all SIEM components
• Continuous updating of all SIEM components
Log source monitoring
• Ensuring the quality and availability of connected log data
• Permanent monitoring of the availability and quality of connected log data
• Implementation of the necessary updates if and when changes are made to log sources
With the SECUINFRA Co-Managed SIEM approach, all SIEM components and data always remain with you. Even the detection mechanisms (SIEM use cases) are your intellectual property and belong to you. This enables trouble-free adjustments in SIEM operation at any time.
With SECUINFRA as your partner, you avoid dependencies and hidden costs!
Therefore SECUINFRA!
SIEM Consulting references
- DISCRETION
At SECUINFRA, we don’t publish a client list or references.
Our clients’ right to privacy always trumps our marketing interests. - SUCCESS THROUGH REFERRALS
Since 2010, we’ve focused on SIEM consulting and have managed to gain more SIEM consulting experience than any other company in Europe on 150+ client projects over some 28,000 days of consulting. Almost all clients were made aware of SECUINFRA through a referral and have went on to recommend us to others in turn. - REFERENCES ON REQUEST
If you’re interested in our services, we’ll happily put you in touch with suitable reference clients.