Increasing digitization and networking as well as increasingly sophisticated attack methods used by hackers make IT systems more vulnerable than ever. Operators of critical infrastructures (CRITIS) are thus becoming interesting targets with high damage potential for society. Because if they fail, this can lead to far-reaching and sometimes dramatic consequences for the population. The aim of the IT Security Act, which came into force in 2015, is to improve protective measures against cyber attacks. IT security in accordance with the "state of the art" becomes just as mandatory as reporting significant security incidents to the Federal Office for Information Security (BSI).
Are you ready for May 1, 2023? Because from then on, the stricter requirements for IT security and cyber resilience of the IT Security Act 2.0 (IT-SiG) will take effect - with far-reaching effects on more and more CRITIS organizations. Not only is the operational implementation of the IT-SIG requirements a real challenge with such a short lead time. The potential fines are also set sensitively high in the IT Security Act: up to 4% of turnover or 20 million euros.
This makes it all the more important to act now and set the right course to avoid a rude awakening during the BSI audit.
IT-SiG 2.0 defines the legal requirements that have been mandatory for CRITIS organizations since May 1, 2023. Tackle the IT-SiG before you and your critical infrastructure are targeted by hackers and attacked. Rely on our cybersecurity expertise and let us advise you on how to implement the legal requirements for attack detection (Section 8a (1a) BSIG) as well as mandatory reporting (Section 8b (4) BSIG) in accordance with the German Federal Office for Information Security (BSI) We will help you to design your IT and OT landscape so that you achieve at least the necessary maturity level 3 and meet all basic requirements for logging, detection and response. This means full legal conformity (compliance) in minimal implementation time through targeted technical and organizational measures (TOM)!
Make the most of the pressure to act through IT-SiG 2.0: Gain transparency and control over your IT security with all critical areas, components and data - without having to operate a control center in your own organization. Our Security Operations Center (SOC) makes this possible! Here, all threads come together as in a "Mission Control Center". We offer the perfect mix of processes, systems and proven experts as a customized IT security solution tailored to your needs: logging, detection and response from a single source. And SOC as a Service (SOCaaS) offers the highest security standards "Made in Germany" - even certified.
The central success component of our IT security solution is Security Information & Event Management (SIEM). This works like a magnet - the software attracts security-relevant data from all sources and directions that are generated within an IT and OT environment. All information flows together to a central location - the SOC - where it is analyzed by our experts. In this way, security gaps can be detected at an early stage and attacks can be quickly averted. Exactly as the BSI prescribes for operators of critical infrastructures with its IT-SiG 2.0.
This solution can be expanded in a modular fashion with supplementary systems such as Network Detection & Response (EDR), Endpoint Detection & Response (EDR) as well as Vulnerability Assessment (VAS) and Threat Intelligence (TIS). This is future-proofing that grows seamlessly with your security needs!
We ensure that you cover all the mandatory requirements of IT-SiG 2.0 (maturity level 3 of the BSI orientation guide) from day 1 and are ready for the BSI audit! We are your experienced navigator and advisor through the jungle of laws, orientation aids and guidelines.
What you can expect from us:
- Managed service with German- and English-speaking support 24/7, from our certified Security Operations Center (SOC) in Germany.
- Data protection compliant
- Monitoring by SIEM system with preset use cases covering all relevant cases and integrating the most important log sources
- Ticketing system for fast and targeted communication in case of incidents
- BSI reporting and contact point for reportable IT incidents
- Compliance reporting for documentation of legally compliant implementation plus service performance
Your KRITIS company already meets the requirements of maturity level 3 ("must") today? Then we have something for you! Meet the "can" and "should" requirements and close attack points with our premium product.
All components of the "Compliance" variant plus the following services:
- Extension of the SIEM system with SOAR capabilities for an automated and fast response to incidents based on playbooks.
- NDR (Network Detection & Response) system for analysis of network activities
The public relies on the provision of security by CRITIS organizations in a wide variety of industries on a daily basis. Within the framework of "industry-specific security standards" (B3S), CRITIS operators or their associations can specify how the general requirements for the "state of the art" can be met in the respective industries. This means greater legal certainty in the event of an audit by the Federal Office for Information Security (BSI).
Basically, nine different industries are distinguished whose requirements we know exactly:
The pressure on CRITIS organizations is immense: The entire IT and OT must be put to the test within a very short time in order to meet the high security requirements of the legislator. This is only possible with an experienced consultant who can also implement customized solutions.
David Haas, dacoso-Expert für KRITIS
- Consulting, implementation and operation from a single source
- Compliance - tailored to the requirements of IT-SiG 2.0
- IT security "Made in Germany
- Flexible integration of your IT infrastructure components and applications
- Experienced experts who are familiar with KRITIS requirements
- Comprehensive reporting
- Near real-time attack detection and comprehensive log file analysis
- certified Security Operations Center (SOC)
- reliable operation as a managed service (detection & response)
- 24/7 availability
- BSI contact point for reporting cyber attacks
- expandable, modular security portfolio - we take you to the next maturity level