The CANCOM “SOC as a Service” module consists of three core elements.
- Automated analysis and detection of attacks
- CANCOM Cyber Defense analysts and architects
- Cyber defense and incident response processes
An SIEM (Security Information and Event Management) solution based on IBM QRadar is used for the automated analysis and detection of attacks. This solution first collects data from different defined sources. This data is then normalized, analyzed, and correlated. The sources include classic security components as well as applications and these days, cloud services above all. The result is intelligent alerts which are sent to the CANCOM security analysts.
Using threat intelligence and information on threats like malware or hacker groups, our analysts can link customer-specific events with global threats.
The following specific services are included:
- Integration of defined IT systems
- Automated correlation and analysis of data
- Automatic classification of risk using an agreed set of rules
- 1st level analysis and assessment of correlated events
- Subsequent 2nd level analysis including threat intelligence
- Alerts and support for the customer if they are at risk
- Archiving of events and security incidents
- Ongoing adaptation and optimization of the SIEM system
- Tool-based reporting using event and incident history and trends
- Creation of reports to meet compliance requirements (ISO 27001, etc.)