CANCOM Cyber Defense Services

CANCOM "SOC as a Service" consists of three core elements.

• Automated analysis and detection of attacks
• CANCOM Cyber Defense Analysts & Architects
• Cyber Defense and Incident Response Processes

A SIEM (Security Information & Event Management) solution based on IBM QRadar is used for the automated analysis and detection of attacks. This first takes in data from different, defined sources. This data is then normalized, analyzed and correlated. The sources include both classic security components as well as applications and, nowadays, especially cloud services. The result is intelligent alerts to CANCOM security analysts.

Threat intelligence and information about threats, such as malware or perpetrator groups, also allow our analysts to link customer-specific events with global threats.

You are also welcome to use "SOC light aaS". This variant has a particularly good price/performance ratio and starts at a minimum of 500 EPS (Events per Second). The nine most important use cases for the detection of security incidents are taken into account. Enterprise users benefit from fast onboarding and highly standardized operation.

The following specific services are included in SOC aaS:

• Integration of defined IT systems
• Automated correlation and analysis of data
• Automated classification of threats by means of a coordinated set of rules
• 1st level analysis and evaluation of correlated events
• Advanced 2nd level analysis with integration of threat intelligence
• Alerting and support of the customer in case of danger
• Archiving of events and security incidents
• Ongoing adaptation and optimization of the SIEM system
• Tool-based reporting on history and trends of events and incidents
• Creation of reports for compliance requirements (ISO 27001, etc.)

As an extension to SOC as a Service, CANCOM offers Incident Response.

This enables attacks to be defended against at any time on the basis of jointly defined procedures (runbooks) - regardless of operating hours or whether the customer's employees are currently available. The actions defined in the runbook allow attacks to be averted or damage to be minimized.

In addition to the SOC as a Service services, the Incident Response:

• Activation of the CANCOM Incident Security Response (ISR) in the event of a threat
• Execution of the coordinated procedures for averting danger (runbook)
• Extended Security Response Reporting

For secure IT operations, it has become essential to identify potential vulnerabilities. Trends such as digitization and IoT often result in heterogeneous and highly complex IT landscapes that are no longer managed centrally.

The optional vulnerability management checks the target systems for known and possible vulnerabilities. With the help of this information, threats can be assessed in a targeted manner. This enables the current security status of the IT environment to be identified and documented. The information obtained can be automatically integrated into the SIEM system to identify threats even faster.

The following services are specifically included:

• Detection of IT vulnerabilities with subsequent documentation.
• Vulnerability scan of target systems checks accessible services and their versions for vulnerabilities
• Recommendation and information about necessary measures (e.g. patching, reconfiguration, etc.)
• Alerting on detection of new systems with corresponding vulnerabilities
• Optional: Integration into the SIEM system