Martin Ullrich, Head of Cyber Defense Consulting
We get more out of your
SIEM - the best!
- Smooth SIEM implementation through a custom-fit SIEM concept.
- Efficient SIEM operations through the use of effective use cases.
- ISO 27001 certified 24/7 Security Monitoring from Germany.
Save time and costs – trust SECUINFRA, the market leader in SIEM Consulting/Services, right from the start!
With our expertise, we get the best out of your SIEM!
Successful implementation of a SIEM (Security Information and Event Management) requires more than simply installing a SIEM product and connecting event sources. Our team of more than 30 SIEM experts not only ensures a smooth SIEM implementation, but also ensures that you gain relevant added value from your SIEM after only a short time. Elementary for us is the individual planning of your SIEM – according to your business requirements and the associated expectations. Typical errors in the implementation phase as well as in the ongoing SIEM operation are thus avoided and cost explosions prevented.
Through our hybrid, modular and flexible co-managed SIEM approach, you decide which competencies you want to build in your company and which services you use from us.
Our cyber defense experts are available to you 24/7. All our services are of course ISO 27001 certified.
Together, we’ll make sure your SIEM is running at peak performance!
SIEM has been SECUINFRA’s core competence since 2010. Through our years of experience, we get the most out of your SIEM.
Martin Ullrich, Head of Cyber Defense Consulting
Our awards in the area of SIEM Consulting
Best SIEM Consulting/Service company in Europe
Market Leader Award in Security Information and Event Management (SIEM)
Leading provider of SIEM consulting services in Germany
TOP 10 SIEM Consulting/Service company in Europe
The most important FAQ from the field of SIEM Consulting
The digitization of all branches of business is progressing inexorably. However, the range of IT security threats is increasing at the same rate. A SIEM (Security Information and Event Management) provides crucial added value for your company’s information security: It enables you to comprehensively collect security-relevant data, consolidate it in a centralized repository and automatically detect anomalies and rule violations based on previously defined use cases. Thus, by using a SIEM system, your IT security team will be able to respond faster to cyber threats of all kinds. This is because the time required to identify an acute threat, the Meantime to Detect, can be significantly reduced in this way. Especially in the case of critical attacks on your IT infrastructure, this represents a decisive advantage. In addition, you ensure the ability to analyze and preserve evidence with a SIEM, thereby ensuring compliance requirements and legal requirements are met, among other things.
Important: Before deciding on a SIEM solution, it is essential to define which functions are really needed in the company.
We have experience with all leading SIEM vendors and have worked closely with many of them for years.
Our selection of SIEM solutions includes:
- Microsoft Sentinel
- IBM QRadar
- MicroFocus Arcsight
More and more companies want to increase their security with a SIEM – but this is difficult or even impossible, especially with small budgets or a lack of in-house IT security experts. SECUINFRA’s flexible, hybrid co-managed SIEM approach gives you the opportunity to implement your individual SIEM according to a modular principle. The modular structure makes it possible to decide individually on your own services and external support. If you lack resources, expertise or specialists for certain areas, these gaps can be filled with the help of our co-managed SIEM approach.
SIEM use cases must be selected and adapted to the respective company in such a way that they can cover as many threat scenarios as possible with as little effort as possible. As a leading IT security service provider, we have our own use case library with more than 200 use cases – and more are added every month. Developed by our cyber defense experts, this ensures maximum effectiveness of use cases with high efficiency for our customers. We implement use cases based on the
MITRE ATT&CK Framework
and tested many times, instead of just activating use cases from SIEM vendors. As another unique selling point, we also develop the necessary specifications for log policies, test routines and runbooks. The use of monetary and time resources is thus kept to a minimum.
With SECUINFRA’s flexible co-managed SIEM approach, any SIEM system and the required components can be installed and operated within the customer’s network. As the customer, you provide the operating system platform on which our team of experts installs, configures and operates the SIEM system via remote access. Alternatively, it is also possible that you operate the platform independently and are only supported by individual modules of SECUINFRA. With this hybrid offering, data protection is guaranteed at all times. Your data does not leave your company and access to it is exclusively from Germany.
In order for a SIEM to efficiently and effectively counter current and future cyber threats, different roles with different skills must be filled within the SIEM system. From log source monitoring to SIEM content development to incident response and threat hunting, the technology only works when all roles are perfectly filled. This is exactly where we come in with our hybrid, modular and flexible co-managed SIEM approach. approach: You decide individually which competencies you want to build up in-house and which services you want to purchase from us. In close cooperation, a first-class SIEM system is created – without hidden costs and dependencies. We ensure that all SIEM components and data remain with you at all times. We provide all our services 24/7 with German-speaking experts. In our company, not only the co-managed SIEM service is ISO 27001 certified, but the entire SECUINFRA company.
Individual SIEM planning
We plan your optimal SIEM together with you – according to your individual requirements and expectations.
There are many points to consider when implementing a SIEM. Based on our experience since 2010 in implementing and operating SIEM, we offer a workshop. During the workshop, all points regarding your SIEM will be discussed in detail. After the workshop, you will have a clear picture of what to consider when implementing and operating your custom SIEM.
SIEM is much more than a product. The implementation should be very well planned to avoid false expectations and later cost explosions. Our experience of more than 28,000 SIEM consulting days in over 150 projects enables us to provide you with optimal advice in this area. In doing so, we address your requirements and expectations and support you in developing a concept that forms the basis for the introduction and operation of a SIEM.
Before implementation, all points regarding SIEM should be clarified and recorded in a concept. Together with you we create this concept. Here, you bring your expectations for your SIEM and we complement them with our years of experience in SIEM consulting and operations support. The concept serves as a basis for the introduction and subsequent operation of your SIEM and can also be used perfectly for a SIEM tender.
Comprehensive SIEM implementation
We work with you to holistically prepare the introduction of your SIEM to ensure smooth and efficient SIEM operations for your company right from the start.
Before you buy a SIEM product, you should at least consider the following: Goals and framework of your SIEM, SIEM use cases, event sources, audit log policies, EPS, GB/tag, retention, SIEM roles, SIEM operating models, SIEM processes, and works council involvement.
SECUINFRA supports you in all these and further points concerning SIEM.
You bring your expectations and goals for your SIEM and we complement them with our years of experience in SIEM consulting and SIEM operations support.
Before introducing a SIEM, we clarify all points regarding SIEM together with you and record them in a SIEM concept.
The SIEM concept serves as the basis for the introduction and subsequent operation of the SIEM and can also be used perfectly as the basis for a SIEM tender.
SIEM product selection
Over the past few years, we have learned the advantages and disadvantages of all leading SIEM products. We are happy to put this knowledge at your disposal.
Set SIEM solution design
Based on the SIEM concept created in the planning phase, we create the ideal SIEM solution design for you.
Implement SIEM solution
Once the product is selected and the design is determined, we implement the SIEM solution into your infrastructure.
Introduce additional tools for detection
Standard event sources cannot capture all relevant events, the use of additional tools is recommended. We support you in the selection and implementation of these tools.
Connect event sources
A SIEM without events is like a sailboat without wind. We connect all necessary event sources to your SIEM. If these are not supported by default, we develop appropriate connectors.
Audit Log Policies
Only detected and logged events can be evaluated by a SIEM! We support you in defining the optimal audit log policies.
SIEM Use Cases
SIEM use cases are used to identify relevant incidents in the data masses of your SIEM. When creating SIEM use cases, we draw on years of experience and an extensive SIEM use case database.
Create SIEM Content Packages
SIEM use cases are used to identify relevant incidents. Using our SIEM content packages, these findings are clearly presented and prepared for further processing.
Interfaces to other tools
A SIEM should be at the center of your cyber defense strategy, with numerous interfaces to other tools such as ITSM, asset database or vulnerability scanner. We support you in integrating the SIEM into your IT management infrastructure.
Implement SIEM processes
A clear operating concept with coordinated processes is necessary for the operation of a SIEM. We support you in implementing the processes defined in the SIEM concept.
Introduce SIEM operational concept
We support you in implementing the defined SIEM operational concept. If you wish, we can also perform individual operational roles for you.
SIEM training and know-how transfer
The SIEM implementation by SECUINFRA is rounded off by a comprehensive offer for know-how transfer. In addition to product training, we primarily provide know-how on how to use your SIEM for your tasks.
Modular and flexible SIEM operation
We support you with our co-managed SIEM approach exactly where you need additional competencies from our experts.
Different roles with different skills are required for SIEM operation. Through our hybrid, modular and flexible co-managed SIEM approach, you decide which competencies you want to build in your company and which services you buy in from us. Together, we ensure world-class SIEM operations.
Our co-managed SIEM approach flexibly adapts to your needs.
- Log data analysis based on internal or external incidents.
- Log data analysis, based on newly disclosed IOCs.
- Log data analysis, based on detected attacks at other customers.
Level 1 Analysis
- Initial analysis of SIEM alarms.
- Eliminate false positives and duplicate reports.
- Escalation of relevant incidents to Level 2 analysis.
Level 2 Analysis
- Detailed analysis and evaluation of relevant incidents.
- Consultation with affected users and responsible parties to clearly assess relevant incidents.
- Clear recommendations for action by the incident response team in the event of security incidents.
Incident Response Support
- Conduct Compromise Assessments to identify compromised IT systems.
- Carrying out forensic analyses to clarify the course of events and to preserve evidence.
- Provide incident response support to restore IT operations as quickly as possible.
SIEM Content Development
- Develop, maintain and continuously optimize “end-to-end SIEM use cases”.
- Development, maintenance and continuous optimization of further SIEM content.
- Development, maintenance and continuous optimization of connections to external systems.
SIEM platform operation
- Ensure smooth SIEM operations.
- Constant monitoring of availability and utilization of all SIEM components.
- Continuous updating of all SIEM components.
Log sources monitoring
- Ensuring the quality and availability of connected log data.
- Continuous monitoring of the availability and quality of connected log data.
- Performing necessary update in case of changes in log sources.
With the SECUINFRA Co-Managed SIEM approach, all SIEM components and data always remain with you. The detection mechanisms (SIEM use cases) are also your intellectual property and belong to you. This enables trouble-free adjustments to SIEM operation at any time.
With SECUINFRA as your partner, you avoid dependencies and hidden costs!
That's why SECUINFRA!
More informative blog posts and professional articles on the subject of
References in the area of SIEM Consulting
SECUINFRA does not name clients or references publicly! Our customers’ desire for confidentiality always takes precedence over SECUINFRA’s marketing interests.
- SUCCESS THROUGH RECOMMENDATION
We have been focused on SIEM Consulting since 2010 and have gained more SIEM Consulting experience than any other company in Europe in more than 150 customer projects over 28,000 SIEM Consulting days. Almost all customers have become aware of SECUINFRA through recommendation and have in turn recommended us to others.
- REFERENCE ON REQUEST
In case of legitimate interest, we will put you in touch with suitable reference customers.