Banner Insentis Portfolio IT Security

Attack Detection, Security Monitoring & SOC

Attack Detection

One instrument for attack detection is, for example, a SIEM system (Security Information & Event Management), which supports the detection of threats (keyword: Threat Intelligence) during operation and thus ensures faster and more efficient defense and thus significantly reduces the damage in the event of an attack. The Security Act 2.0 obliges CRITIS companies to use systems for attack detection from 2023.

Security Operations Center (SOC)

A Security Operations Center (SOC) is a centralized function within an organization to protect against cyberattacks. It is composed of security experts, processes and technologies to provide 24/7, real-time monitoring of enterprise security. The key tasks of a SOC include:

  • Proactive real-time monitoring of networks, hardware & software
  • Incident Response
  • IT forensic investigations
  • Management and improvement of security monitoring
  • Ongoing optimization of IT security
  • Technical support for all security-related issues
  • Reporting on the current security situation for management

What added value does a SOC provide?

  • Early detection & response to security incidents
  • Reduction of risks and downtime
  • Defense against diverse cyber attacks, such as ransomware, phishing, APT attacks
  • Improved threat control and prevention
  • Support for audit and compliance objectives
  • Prompt recovery of systems after an attack
  • Increase customer confidence
  • Reduce costs associated with security incidents

Establishment of a Security Operation Center

With our expertise, we support you in setting up a Security Operation Center. The first step is to choose a suitable SOC model. Depending on your requirements, you could operate your SOC completely yourself (in-house SOC), leave security monitoring entirely to a service provider (managed SOC) or set up a hybrid SOC. With our help, you will find the optimal concept for you.

We also support you in selecting, setting up and connecting the appropriate SOC technologies:

  • Endpoint Protection
  • Firewall, Intrusion Detection System (IDS) & Intrusion Prevention System (IPS)
  • Logging Systems
  • SIEM & SOAR Solutions
Security Information and Event Management (SIEM)

The SIEM is the heart of a security operation center. All data from firewalls, network appliances, intrusion detection systems and other IT systems is collected and filtered here. Based on this event data, threats can be detected, classified and analyzed. We develop a suitable SIEM concept for you (on-premise or cloud) and support you in setting up SIEM solutions such as Azure Sentinel, Splunk, QRadar or Elastic.

Security Orachestration, Automation and Response (SOAR)

A SOAR system can help contain threats as quickly as possible through automated workflows and responses, such as isolating infected systems and locking down compromised user accounts. With the help of appropriate playbooks, you are prepared for all eventualities.

Security Monitoring as Managed Service

To ensure long-term security, ensure compliance, detect potential threats early and defend against them, we offer the following managed services as part of our Insentis Digital Security Assurance ProgramĀ©:

Insentis Digital Security Assurance Program

Security Operations Center (SOC) as a Service

We monitor your application and IT landscape for suspicious activities 24/7. If not yet available, we set up a suitable SIEM and SOAR solution for you and connect all systems and applications to be monitored. We inform you when action is required or relevant events occur. In addition, we support you in the event of incidents as part of our incident response consulting services and create measures according to "lessons learned" to systematically reduce the probability of incidents and thus increase security.

Insentis Digital Security Assurance Program

Identity Theft Monitoring

Credentials are being siphoned off around the world every day, and some of them are also being offered on the darknet, making identity theft a significant risk: We monitor the identities of your employees or your customers for leaks via all common channels and inform you or the victims about it and provide instructions for action.


Vulnerability und CVE-Monitoring

We check all your deployed third-party components such as libraries, software, containers and systems for published vulnerabilities and create recommendation measures, through direct updates of the omponents, workarounds or virtual patching using an application layer firewall (WAF).

Compliance Monitoring

We monitor your websites, applications and your IT infrastructure for compliance with standards and legal requirements such as EU-GDPR, Security Act 2.0, PSD2, KRITIS B3S, MaRisk or PCI-DSS.

 

 

scroll to top