Blue Team Deepdive

Cyber Defense Center

The CANCOM Cyber Defense Center reacts quickly to attacks and helps to initiate efficient countermeasures. The service has a modular structure and can be deployed flexibly according to customer requirements using individual modules (NSM, EDR, LOG, etc.). Behind the modules, threat intelligence information is compared with the existing data of the modules and analyzed.

Over 60 analysts work 24/7/365, distributed over 4 locations in the D-A-CH region to protect our customers from cyber attacks in the best possible way.

The CANCOM Managed SOC Service increases the visibility of your infrastructure and covers all network elements: devices, applications, data and, of course, users. The CDC recognizes attackers, identifies compromised systems and helps to respond to these attacks with the right means. The CANCOM Cyber Defense Center relies on the connection between man and machine; an efficient combination of analytical thinking, the experience and know-how of CANCOM cyber security analysts and the support of various technologies.

The main areas of a

Technology

Use of market-leading technologies and partners for continuous service from the Cyber Defense Center as well as regular fine-tuning of the sensors and comparison with various threat feed databases.

Processes

We don't impose a "standardized approach" on our customers, but instead respond to each one individually. Our experience from over 8 years of market presence, including our heterogeneous customer structure, gives us a 360-degree view of the attack world and allows us to establish highly efficient processes, such as senior analysts with customer responsibility, dedicated service managers and monthly report meetings.

People

"Where a man attacks, a man should defend!" This is the motto by which we design and live our service. Accordingly, our colleagues from the Cyber Defense Center are our top priority. Although we have various supporting systems in place, each of our reported tickets is created manually by an analyst, which also includes recommendations for action tailored to the customer.

Our modular structure

In order to offer our customers the best possible protection across the entire kill chain, our service has a modular and flexible structure. This is because not every potential customer has the same requirements and circumstances.

Network Security Monitoring

Recording of network traffic
Automated and manual analysis
Anomaly detection
Network forensics

Log - Analysis

SIEM
Log aggregation and analysis
Statistical analysis
Data correlation

Threat Intelligence

Threat Landscape
Threat Actor & Campaign Tracking
Brand & Credential Monitoring

Endpoint Detection & Response

Endpoint Visibility
Live Remote Analysis
Remote Data Collection
Endpoint Isolation

Vulnerability Management

Asset Discovery
Vulnerability reporting
Proactive tracking
Enrichment through threat intelligence

Operational Technology Monitoring

Specialization in OT devices and protocols
Continuous monitoring
Overview of assets and communication flows
Detection of attacks and vulnerabilities

Benefit from our customer dashboard and customized solutions

Central overview of all key indicators and events
IT and OT in one overview
API interface
Role-based concept
Predictable costs
Personal contact and discretion in the event of verified incidents are particularly important to us.
Immediate alerting via multiple channels