Contact Cyber Defence

You want to know more? You can reach our cyber-defence colleagues here:

cyber-defence@dacoso.com

Close

What is a SIEM?

A SIEM (Security Information and Event Management) is a central tool that collects, stores and evaluates all IT security data of a company. First, the so-called events (log data, system and status messages) of all end devices (clients, servers, applications, network and especially IT security components) are merged and analyzed according to various criteria. This enables, for example, trends with regard to utilization or capacity, but also behavior/attack patterns, to be recognized and uncovered. If the results are critical, an alarm is triggered immediately. All other data is documented in reports for later evaluation.

Managed SIEM for more IT security

As your Managed Security Service Provider, we operate a centralized, DSGVO-compliant SIEM solution for you in our BSI-certified NOC/SOC with which we have an overview of all relevant security data in your company.

dacoso Managed SIEM >> 

 

SIEM-Outsourcing – why?  

  • Increasing digitalization means increasing security risks: Attackers are well organized and imaginative, and an incident can endanger the very existence of the entire organization. The usual measures (IDS/IPS, firewall, virus protection) are no longer sufficient to protect against them and to comply with the strict compliance guidelines (including DSGVO, BSDG, SOX). 
  • Effective cyber security solutions are always complex and time-consuming - this also applies to SIEMs: They need trained experts with comprehensive knowledge in the areas of technology (networks, IT security) and organization (regulations, processes, security standards). For the correct evaluation of events arriving in a flood-like manner, not only know-how but also experience gained is decisive.
  • Investments are necessary to set up the solution. For us, SIEM is integrated into a modern, certified NOC/SOC.
  • Only a few companies can guarantee internal 24/7 monitoring. 
  • As a Managed Service Provider, we contribute the know-how and the technical requirements for efficient Cyber Defence - we make you use. And to the extent that you determine: On request, the daily monitoring and operation of your IT security remains the responsibility of your team. We concentrate on levels 1 and 2 of security incidents and involve you when it comes to critical level 3 events.

Managed SIEM in NOC/SOC with BSI Certificate

Our Managed SIEM solution is a multi-tenant, central monitor platform for all Managed SIEM customers and as such integrated into our own Network & Security Operation Center. The dacoso NOC/SOC is based in Germany, is redundantly designed and is supported by experts trained in Germany. Decisive for many customers in the fields of information protection and KRITIS: We have received the ISO 27001 certificate for the NOC/SOC on the basis of IT-Grundschutz from the Federal Office for Information Security (BSI). 

The implementation, maintenance and operation of the solution are completely handled by us. You receive your own project manager, who is available as a central contact person.

Collect, save and evaluate events

Depending on the requirements, different SIEM modules are installed on one or more virtual servers in the customer network. The customer terminals to be monitored send all log files (events) to these SIEM modules for storage and evaluation. A connection to the dacoso SIEM platform is established via a secure VPN. Only metadata is transmitted - customer data itself is not passed on.

Use cases on demand

Individual use cases are defined and implemented prior to implementation. For example, it can be configured to detect unauthorized access to business-critical applications or attacks on network components. Or special evaluations in connection with compliance requirements (e.g. ISO, BDSG, DSGVO, PCI-DSS etc.) can be configured and created.

Alerting in Incident Cases

dacoso specialists analyze the events processed in the SIEM solution for their security relevance and notify the customer in the event of an incident according to defined alarm levels. On request, regular reports can be generated that can be used, for example, to document compliance guidelines. Ad-hoc reports on the current status of the monitored components are also possible at any time.