CANCOM "SOC as a Service" consists of three core elements.
- Automated analysis and detection of attacks
- CANCOM Cyber Defense Analysts & Architects
- Cyber Defense and Incident Response Processes
A SIEM (Security Information & Event Management) solution based on IBM QRadar is used for the automated analysis and detection of attacks. This first takes in data from different, defined sources. This data is then normalized, analyzed and correlated. The sources include both classic security components as well as applications and, nowadays, especially cloud services. The result is intelligent alerts to CANCOM security analysts.
Threat intelligence and information about threats, such as malware or perpetrator groups, also allow our analysts to link customer-specific events with global threats.
You are also welcome to use "SOC light aaS". This variant has a particularly good price/performance ratio and starts at a minimum of 500 EPS (Events per Second). The nine most important use cases for the detection of security incidents are taken into account. Enterprise users benefit from fast onboarding and highly standardized operation.
The following specific services are included in SOC aaS:
- Integration of defined IT systems
- Automated correlation and analysis of data
- Automated classification of threats by means of a coordinated set of rules
- 1st level analysis and evaluation of correlated events
- Advanced 2nd level analysis with integration of threat intelligence
- Alerting and support of the customer in case of danger
- Archiving of events and security incidents
- Ongoing adaptation and optimization of the SIEM system
- Tool-based reporting on history and trends of events and incidents
- Creation of reports for compliance requirements (ISO 27001, etc.)