A SIEM (Security Information and Event Management) is a central tool that collects, stores and evaluates all IT security data of a company. First, the so-called events (log data, system and status messages) of all end devices (clients, servers, applications, network and especially IT security components) are merged and analyzed according to various criteria. This enables, for example, trends with regard to utilization or capacity, but also behavior/attack patterns, to be recognized and uncovered. If the results are critical, an alarm is triggered immediately. All other data is documented in reports for later evaluation.
As your Managed Security Service Provider, we operate a centralized, DSGVO-compliant SIEM solution for you in our BSI-certified NOC/SOC with which we have an overview of all relevant security data in your company.
Our Managed SIEM solution is a multi-tenant, central monitor platform for all Managed SIEM customers and as such integrated into our own Network & Security Operation Center. The dacoso NOC/SOC is based in Germany, is redundantly designed and is supported by experts trained in Germany. Decisive for many customers in the fields of information protection and KRITIS: We have received the ISO 27001 certificate for the NOC/SOC on the basis of IT-Grundschutz from the Federal Office for Information Security (BSI).
The implementation, maintenance and operation of the solution are completely handled by us. You receive your own project manager, who is available as a central contact person.
Depending on the requirements, different SIEM modules are installed on one or more virtual servers in the customer network. The customer terminals to be monitored send all log files (events) to these SIEM modules for storage and evaluation. A connection to the dacoso SIEM platform is established via a secure VPN. Only metadata is transmitted - customer data itself is not passed on.
Individual use cases are defined and implemented prior to implementation. For example, it can be configured to detect unauthorized access to business-critical applications or attacks on network components. Or special evaluations in connection with compliance requirements (e.g. ISO, BDSG, DSGVO, PCI-DSS etc.) can be configured and created.
dacoso specialists analyze the events processed in the SIEM solution for their security relevance and notify the customer in the event of an incident according to defined alarm levels. On request, regular reports can be generated that can be used, for example, to document compliance guidelines. Ad-hoc reports on the current status of the monitored components are also possible at any time.