CANCOM Cyber Defense Services consist of a variety of services and modules, making them far more than the sum of their parts. The services are offered from the CANCOM Security Operations Center (SOC). There, corporate IT environments are monitored by security experts around the clock, 365 days a year. As soon as a security incident is detected, the threat is immediately analyzed and countermeasures are initiated. Potential security gaps are identified and eliminated to safeguard against future threats.
All service modules are obtained from CANCOM as a monthly service after an initial planning and setup phase. CANCOM security analysts work hand in hand with the IT departments of the companies.
CANCOM „SOC as a Service“
With automated analysis and detection of attacks, our CANCOM Security Analysts keep the security in your company at the highest level. In addition, our analysts can link customer-specific events to global threats and initiate countermeasures.
CANCOM “SOC as a Service” consists of three core elements.
A SIEM (Security Information & Event Management) solution based on IBM QRadar is used for the automated analysis and detection of attacks. This first takes in data from different, defined sources. This data is then normalized, analyzed and correlated. The sources include both classic security components as well as applications and, nowadays, especially cloud services. The result is intelligent alerts to CANCOM security analysts.
Threat intelligence and information about threats, such as malware or perpetrator groups, also allow our analysts to link customer-specific events with global threats.
You are also welcome to use “SOC light aaS”. This variant has a particularly good price/performance ratio and starts at a minimum of 500 EPS (Events per Second). The nine most important use cases for the detection of security incidents are taken into account. Enterprise users benefit from fast onboarding and highly standardized operation.
The following specific services are included in SOC aaS:
CANCOM “SOC as a Service” with Incident Response
In addition to the “SOC as a Service” services, attacks are defended against at any time on the basis of jointly defined procedures – regardless of operating hours, location or availability of the client’s employees. This means you are always on the safe side.
As an extension to SOC as a Service, CANCOM offers Incident Response.
This enables attacks to be defended against at any time on the basis of jointly defined procedures (runbooks) – regardless of operating hours or whether the customer’s employees are currently available. The actions defined in the runbook allow attacks to be averted or damage to be minimized.
In addition to the SOC as a Service services, the Incident Response:
CANCOM Vulnerability Management
CANCOM’s Vulnerability Management checks target systems for known and potential vulnerabilities. This makes it possible to identify and document the current security status of the IT environment. This means that threats can be identified even more quickly.
For secure IT operations, it has become essential to identify potential vulnerabilities. Trends such as digitization and IoT often result in heterogeneous and highly complex IT landscapes that are no longer managed centrally.
The optional vulnerability management checks the target systems for known and possible vulnerabilities. With the help of this information, threats can be assessed in a targeted manner. This enables the current security status of the IT environment to be identified and documented. The information obtained can be automatically integrated into the SIEM system to identify threats even faster.
The following services are specifically included:
Learn all about the Cyber Kill Chain as an effective model for threat assessment, response and analysis as part of IT security incidents in our practically oriented whitepaper.
Your added value at a glance
24/7 real-time monitoring
We provide round-the-clock monitoring of worldwide security events
DBy quickly identifying current threat situations, effective countermeasures can be taken at any time
With the automated analysis of information taking into account the current threat situation, you are always up to date
Active defensive measures
In the event of an attack, effective measures to defend against security threats are initiated immediately as part of the incident response process
Rapid alerting system
By providing new threat alerts and notifications, you are always in control even in the event of a threat situation
Secure crisis management
In the event of cyber threats and incidents, there is rapid coordination and efficient management of precise responses
Performance and security reports
With regular reports on performance and security, you always have an overview of the current situation
Continuous improvement of information security
Ongoing analysis and efficient vulnerability management enables continuous optimization of dynamic IT landscapes
Always close at hand
Additional security provided by the CANCOM SOC team at our German locations / SOC data centers in Hamburg, ensuring that your data always remains protected within the country's borders
Contact us! Our experts will contact you quickly and will assist you.