CANCOM Cyber Defense Services
The security and compliance requirements that IT departments have to meet these days are constantly rising. They have to constantly monitor the latest security threats around the world and be ready to act at a moment’s notice in the event of an emergency. Now they have to face new EU data protection and IT security rules, too. Just the basic requirements alone for modern IT security make it almost impossible for companies – especially SMEs – to conquer the challenges they face using their own internal resources.
CANCOM Cyber Defense Services are therefore primarily aimed at customers that do not themselves have the resources to set up 24/7 attack monitoring and protection or do not wish to handle these tasks themselves due to the high internal workload.
The CANCOM Security Operations Center (SOC) helps your company achieve comprehensive cyber protection – so your operations are always run with maximum security. To achieve this goal, we rely on qualified, dedicated employees, leading tools on the market, and optimized processes.
CANCOM Cyber Defense Services comprise a number of services and modules and are therefore far more than just the sum of their parts. The services are offered from the CANCOM SOC.
All service modules are purchased from CANCOM on a monthly basis after an initial planning and setup phase. CANCOM security analysts work hand-in-hand with the customer’s IT department in the process.
The CANCOM “SOC as a Service” module consists of three core elements.
An SIEM (Security Information and Event Management) solution based on IBM QRadar is used for the automated analysis and detection of attacks. This solution first collects data from different defined sources. This data is then normalized, analyzed, and correlated. The sources include classic security components as well as applications and these days, cloud services above all. The result is intelligent alerts which are sent to the CANCOM security analysts.
Using threat intelligence and information on threats like malware or hacker groups, our analysts can link customer-specific events with global threats.
The following specific services are included:
Creation of reports to meet compliance requirements (ISO 27001, etc.)
CANCOM offers Incident Response as an add-on to SOC as a Service.
This provides 24/7 protection against attacks based on a jointly defined procedure (runbooks) – no matter what time it is or whether the customer’s employees are available at that moment. Actions set out in the runbook can protect against attacks or minimize damage.
In addition to the services provided by SOC as a Service, Incident Response offers:
Advanced security response reporting
It is crucial to identify potential vulnerabilities in order to ensure secure IT operations. Trends such as digitization and the IoT often produce heterogeneous, highly complex IT landscapes that are no longer centrally managed.
The Vulnerability Management option tests the target systems for known and possible vulnerabilities. This information can be used for targeted evaluation of threats. It allows the current security status of the IT environment to be identified and documented. The acquired information can be automatically integrated in the SIEM system to detect threats even more quickly.
The following services are included:
Optional: integration in the SIEM system
The objective is to ensure maximum security and create consistent transparency, making security both a qualifiable and quantifiable term.