The security and compliance requirements that IT departments have to meet these days are constantly rising. They have to constantly monitor the latest security threats around the world and be ready to act at a moment’s notice in the event of an emergency – to ensure the cyber security is guaranteed at any time. Now they have to face new EU data protection and IT security rules, too. Just the basic requirements alone for modern IT security make it almost impossible for companies – especially SMEs – to conquer the challenges they face using their own internal resources.
CANCOM Cyber Defense Services are therefore primarily aimed at customers that do not themselves have the resources to set up 24/7 attack monitoring and protection or do not wish to handle these tasks themselves due to the high internal workload.
The CANCOM Security Operations Center (SOC) helps your company achieve comprehensive cyber protection – so your operations are always run with maximum security. To achieve this goal, we rely on qualified, dedicated employees, leading tools and technologies on the market, and optimized processes.
Just call us for free consultation without obligation on the best solution for you.
Zum Schutz Ihrer persönlichen Daten ist die Verbindung zu YouTube blockiert worden.
Klicken Sie auf Video laden, um die Blockierung zu YouTube aufzuheben.
Durch das Laden des Videos akzeptieren Sie die Datenschutzbestimmungen von YouTube.
Mehr Informationen zum Datenschutz von YouTube finden Sie hier Google - Datenschutzerklärung & Nutzungsbedingungen.
CANCOM Cyber Defense Services comprise a number of services and modules and are therefore far more than just the sum of their parts. The services are offered from the CANCOM SOC.
All service modules are purchased from CANCOM on a monthly basis after an initial planning and setup phase. CANCOM security analysts work hand-in-hand with the customer’s IT department in the process.
CANCOM „SOC as a Service“
With automated analysis and detection of attacks, our CANCOM security analysts maintain the highest level of security in your company. In addition, our analysts can link custom events to global threats and take countermeasures.
The CANCOM “SOC as a Service” module consists of three core elements.
An SIEM (Security Information and Event Management) solution based on IBM QRadar is used for the automated analysis and detection of attacks. This solution first collects data from different defined sources. This data is then normalized, analyzed, and correlated. The sources include classic security components as well as applications and these days, cloud services above all. The result is intelligent alerts which are sent to the CANCOM security analysts.
Using threat intelligence and information on threats like malware or hacker groups, our analysts can link customer-specific events with global threats.
The following specific services are included:
CANCOM “SOC as a Service” with Incident Response
In addition to „SOC as a Service”, attacks are prevented at any time on the basis of jointly defined procedures – regardless of operating hours, location or availability of the client’s employees. You’ll always be on the safe side.
CANCOM offers Incident Response as an add-on to SOC as a Service.
This provides 24/7 protection against attacks based on a jointly defined procedure (runbooks) – no matter what time it is or whether the customer’s employees are available at that moment. Actions set out in the runbook can protect against attacks or minimize damage.
In addition to the services provided by SOC as a Service, Incident Response offers:
CANCOM Vulnerability Management
CANCOM’s vulnerability management checks the target systems for known and potential vulnerabilities. This makes it possible to recognize and report the current security status of the IT environment. This makes it even easier to identify threats.
It is crucial to identify potential vulnerabilities in order to ensure secure IT operations. Trends such as digitization and the IoT often produce heterogeneous, highly complex IT landscapes that are no longer centrally managed.
The Vulnerability Management option tests the target systems for known and possible vulnerabilities. This information can be used for targeted evaluation of threats. It allows the current security status of the IT environment to be identified and documented. The acquired information can be automatically integrated in the SIEM system to detect threats even more quickly.
The following services are included:
The aim is to ensure the highest level of security and to create end-to-end transparency. Security thus becomes both a qualifiable and a quantifiable term.