CANCOM Cyber Defense Services

IT Departments Are Being Pushed to Their Limits

The security and compliance requirements that IT departments have to meet these days are constantly rising. They have to constantly monitor the latest security threats around the world and be ready to act at a moment’s notice in the event of an emergency. Now they have to face new EU data protection and IT security rules, too. Just the basic requirements alone for modern IT security make it almost impossible for companies – especially SMEs – to conquer the challenges they face using their own internal resources.

CANCOM Cyber Defense Services are therefore primarily aimed at customers that do not themselves have the resources to set up 24/7 attack monitoring and protection or do not wish to handle these tasks themselves due to the high internal workload.

The CANCOM Security Operations Center (SOC) helps your company achieve comprehensive cyber protection – so your operations are always run with maximum security. To achieve this goal, we rely on qualified, dedicated employees, leading tools on the market, and optimized processes.


Just call us for free consultation without obligation on the best solution for you.

An Overview of CANCOM Cyber Defense Services

CANCOM Cyber Defense Services comprise a number of services and modules and are therefore far more than just the sum of their parts. The services are offered from the CANCOM SOC.

All service modules are purchased from CANCOM on a monthly basis after an initial planning and setup phase. CANCOM security analysts work hand-in-hand with the customer’s IT department in the process.

The following service modules are available for selection:

SOC as a Service

The CANCOM “SOC as a Service” module consists of three core elements.

  • Automated analysis and detection of attacks
  • CANCOM Cyber Defense analysts and architects
  • Cyber defense and incident response processes


An SIEM (Security Information and Event Management) solution based on IBM QRadar is used for the automated analysis and detection of attacks. This solution first collects data from different defined sources. This data is then normalized, analyzed, and correlated. The sources include classic security components as well as applications and these days, cloud services above all. The result is intelligent alerts which are sent to the CANCOM security analysts.

Using threat intelligence and information on threats like malware or hacker groups, our analysts can link customer-specific events with global threats.


The following specific services are included:

  • Integration of defined IT systems
  • Automated correlation and analysis of data
  • Automatic classification of risk using an agreed set of rules
  • 1st level analysis and assessment of correlated events
  • Subsequent 2nd level analysis including threat intelligence
  • Alerts and support for the customer if they are at risk
  • Archiving of events and security incidents
  • Ongoing adaptation and optimization of the SIEM system
  • Tool-based reporting using event and incident history and trends

Creation of reports to meet compliance requirements (ISO 27001, etc.)

SOC as a Service with Incident Response

CANCOM offers Incident Response as an add-on to SOC as a Service.

This provides 24/7 protection against attacks based on a jointly defined procedure (runbooks) – no matter what time it is or whether the customer’s employees are available at that moment. Actions set out in the runbook can protect against attacks or minimize damage.

In addition to the services provided by SOC as a Service, Incident Response offers:

  • Activation of the CANCOM Incident Security Response (ISR) if a customer is at risk
  • Implementation of the agreed procedures (runbook) to protect against risk

Advanced security response reporting

Vulnerability Management

It is crucial to identify potential vulnerabilities in order to ensure secure IT operations. Trends such as digitization and the IoT often produce heterogeneous, highly complex IT landscapes that are no longer centrally managed.

The Vulnerability Management option tests the target systems for known and possible vulnerabilities. This information can be used for targeted evaluation of threats. It allows the current security status of the IT environment to be identified and documented. The acquired information can be automatically integrated in the SIEM system to detect threats even more quickly.

The following services are included:

  • Identification of IT vulnerabilities with associated documentation
  • Vulnerability scan of target systems to check available services and their versions
  • Recommendation and information concerning necessary measures (e.g., patching, reconfiguration, etc.)
  • Alert when new systems with relevant vulnerabilities are detected

Optional: integration in the SIEM system

Your Benefits when Using the CANCOM SOC Include:

  1. 24/7 real-time monitoring of security events
  2. Improvement of visibility and response capabilities against cyber threats
  3. Analysis of information, taking current threats into account
  4. Active protection against security threats as part of Incident Response
  5. Provision of new threat alarms and alerts
  6. Coordination and management of responses to cyber threats and incidents
  7. Regular provision of service and security reports
  8. Continuous improvement of information security
  9. SOC team at German locations / SOC data centers in Hamburg

The objective is to ensure maximum security and create consistent transparency, making security both a qualifiable and quantifiable term.