CANCOM Cyber Defense Services

IT departments are being pushed to their limits

The security and compliance requirements that IT departments have to meet these days are constantly rising. They have to constantly monitor the latest security threats around the world and be ready to act at a moment’s notice in the event of an emergency – to ensure the cyber security is guaranteed at any time. Now they have to face new EU data protection and IT security rules, too. Just the basic requirements alone for modern IT security make it almost impossible for companies – especially SMEs – to conquer the challenges they face using their own internal resources.

CANCOM Cyber Defense Services are therefore primarily aimed at customers that do not themselves have the resources to set up 24/7 attack monitoring and protection or do not wish to handle these tasks themselves due to the high internal workload.

The CANCOM Security Operations Center (SOC) helps your company achieve comprehensive cyber protection – so your operations are always run with maximum security. To achieve this goal, we rely on qualified, dedicated employees, leading tools and technologies on the market, and optimized processes.


Just call us for free consultation without obligation on the best solution for you.

CANCOM Security Operations Center


By downloading the video you accept the privacy policy of YouTube.
Show more

Load Video

An Overview of CANCOM Cyber Defense Services

CANCOM Cyber Defense Services comprise a number of services and modules and are therefore far more than just the sum of their parts. The services are offered from the CANCOM SOC.

All service modules are purchased from CANCOM on a monthly basis after an initial planning and setup phase. CANCOM security analysts work hand-in-hand with the customer’s IT department in the process.

The following service modules are available for selection

CANCOM „SOC as a Service“

With automated analysis and detection of attacks, our CANCOM security analysts maintain the highest level of security in your company. In addition, our analysts can link custom events to global threats and take countermeasures.


The CANCOM “SOC as a Service” module consists of three core elements.

  • Automated analysis and detection of attacks
  • CANCOM Cyber Defense analysts and architects
  • Cyber defense and incident response processes

An SIEM (Security Information and Event Management) solution based on IBM QRadar is used for the automated analysis and detection of attacks. This solution first collects data from different defined sources. This data is then normalized, analyzed, and correlated. The sources include classic security components as well as applications and these days, cloud services above all. The result is intelligent alerts which are sent to the CANCOM security analysts.

Using threat intelligence and information on threats like malware or hacker groups, our analysts can link customer-specific events with global threats.

The following specific services are included:

  • Integration of defined IT systems
  • Automated correlation and analysis of data
  • Automatic classification of risk using an agreed set of rules
  • 1st level analysis and assessment of correlated events
  • Subsequent 2nd level analysis including threat intelligence
  • Alerts and support for the customer if they are at risk
  • Archiving of events and security incidents
  • Ongoing adaptation and optimization of the SIEM system
  • Tool-based reporting using event and incident history and trends
  • Creation of reports to meet compliance requirements (ISO 27001, etc.)

CANCOM “SOC as a Service” with Incident Response

In addition to „SOC as a Service”, attacks are prevented at any time on the basis of jointly defined procedures – regardless of operating hours, location or availability of the client’s employees. You’ll always be on the safe side.


CANCOM offers Incident Response as an add-on to SOC as a Service.

This provides 24/7 protection against attacks based on a jointly defined procedure (runbooks) – no matter what time it is or whether the customer’s employees are available at that moment. Actions set out in the runbook can protect against attacks or minimize damage.


In addition to the services provided by SOC as a Service, Incident Response offers:

  • Activation of the CANCOM Incident Security Response (ISR) if a customer is at risk
  • Implementation of the agreed procedures (runbook) to protect against risk
  • Advanced security response reporting

CANCOM Vulnerability Management

CANCOM’s vulnerability management checks the target systems for known and potential vulnerabilities. This makes it possible to recognize and report the current security status of the IT environment. This makes it even easier to identify threats.


It is crucial to identify potential vulnerabilities in order to ensure secure IT operations. Trends such as digitization and the IoT often produce heterogeneous, highly complex IT landscapes that are no longer centrally managed.

The Vulnerability Management option tests the target systems for known and possible vulnerabilities. This information can be used for targeted evaluation of threats. It allows the current security status of the IT environment to be identified and documented. The acquired information can be automatically integrated in the SIEM system to detect threats even more quickly.

The following services are included:

  • Identification of IT vulnerabilities with associated documentation
  • Vulnerability scan of target systems to check available services and their versions
  • Recommendation and information concerning necessary measures (e.g., patching, reconfiguration, etc.)
  • Alert when new systems with relevant vulnerabilities are detected
  • Optional: integration in the SIEM system

Your benefits when using the CANCOM SOC

The aim is to ensure the highest level of security and to create end-to-end transparency. Security thus becomes both a qualifiable and a quantifiable term.

  • 24/7 real-time monitoring of security events
    We take over the monitoring of worldwide security events around the clock
  • Improvement of response capabilities against cyber threats
    Effective countermeasures can be taken at any time through rapid identification of current threat situations
  • Automated analysis of information
    With the automated evaluation of information under consideration of the current threat situation, your systems are always up to date
  • Active protection against security threats
    In the event of an attack, Incident Response immediately initiates effective measures to counter security threats
  • Threat alarms and alerts
    Deploy new threat alerts and messages to keep you in control, even in the event of a threat situation
  • Coordination and management of responses
    Rapid coordination and efficient management of accurate responses to cyber threats and incidents
  • Regular provision of service and security reports
    Regular performance and safety reports give you an overview of the current situation at any time
  • Continuous improvement of information security
    Continuous analysis and efficient vulnerability management enables constant optimization of dynamic IT landscapes
  • Always close to you
    Extra reliability through the CANCOM SOC team at various German locations / SOC data centers in Hamburg, ensuring that your data always remains protected within national borders

Our Partners

Contact us for free consultation without obligation

I can revoke the declaration of consent I have given to CANCOM at any time with future effect via I can furthermore use the aforementioned contact address to request information about my data saved at CANCOM as well as to request the correction, deletion or blocking of my personal information. Further details on the processing of my personal data by CANCOM can be found in the data protection information.

Cyber Defense Services
Cyber Defense Services Team