CANCOM Cyber Defense Services consist of a variety of services and modules, making them far more than the sum of their parts. The services are offered from the CANCOM Security Operations Center (SOC). There, corporate IT environments are monitored by security experts around the clock, 365 days a year. As soon as a security incident is detected, the threat is immediately analyzed and countermeasures are initiated. Potential security gaps are identified and eliminated to safeguard against future threats.
All service modules are obtained from CANCOM as a monthly service after an initial planning and setup phase. CANCOM security analysts work hand in hand with the IT departments of the companies.
CANCOM „SOC as a Service“
With automated analysis and detection of attacks, our CANCOM Security Analysts keep the security in your company at the highest level. In addition, our analysts can link customer-specific events to global threats and initiate countermeasures.
The CANCOM "SOC as a Service" module consists of three core elements.
A SIEM (Security Information & Event Management) solution based on IBM QRadar is used for the automated analysis and detection of attacks. This first takes in data from different, defined sources. This data is then normalized, analyzed and correlated. The sources include both classic security components as well as applications and, nowadays, especially cloud services. The result is intelligent alerts to CANCOM security analysts.
Threat intelligence and information about threats, such as malware or perpetrator groups, also allow our analysts to link customer-specific events with global threats.
The following specific services are included:
CANCOM “SOC as a Service” with Incident Response
In addition to the “SOC as a Service” services, attacks are defended against at any time on the basis of jointly defined procedures – regardless of operating hours, location or availability of the client’s employees. This means you are always on the safe side.
As an extension to SOC as a Service, CANCOM offers Incident Response.
This enables attacks to be defended against at any time on the basis of jointly defined procedures (runbooks) - regardless of operating hours or whether the customer's employees are currently available. The actions defined in the runbook allow attacks to be averted or damage to be minimized.
In addition to the SOC as a Service services, the Incident Response:
CANCOM Vulnerability Management
CANCOM’s Vulnerability Management checks target systems for known and potential vulnerabilities. This makes it possible to identify and document the current security status of the IT environment. This means that threats can be identified even more quickly.
For secure IT operations, it has become essential to identify potential vulnerabilities. Trends such as digitization and IoT often result in heterogeneous and highly complex IT landscapes that are no longer managed centrally.
The optional vulnerability management checks the target systems for known and possible vulnerabilities. With the help of this information, threats can be assessed in a targeted manner. This enables the current security status of the IT environment to be identified and documented. The information obtained can be automatically integrated into the SIEM system to identify threats even faster.
The following services are specifically included:
Learn all about the Cyber Kill Chain as an effective model for threat assessment, response and analysis as part of IT security incidents in our practically oriented whitepaper.
Mit den CANCOM Cyber Defense Services erhalten Sie vielfältige Leistungen, die die Cyber-Sicherheit in Ihrem Unternehmen auf das nächste Level heben.
CANCOM SOC AHP ermöglicht Ihnen auf Cyber-Angriffe schnell und nachhaltig zu reagieren. Erfahren Sie im Flyer, wie wir Sie bei der Erkennung von Angriffen auf Ihr Unternehmen unterstützen können.