Cyber Defense Center

Blue Team Deepdive

Contact our experts nowContact our experts now

The CANCOM Cyber Defense Center reacts quickly to attacks and helps to initiate efficient countermeasures. The service has a modular structure and can be deployed flexibly according to customer requirements using individual modules (NSM, EDR, LOG, etc.). Behind the modules, threat intelligence information is compared with the existing data of the modules and analyzed.

Over 60 analysts work 24/7/365, distributed over 4 locations in the D-A-CH region to protect our customers from cyber attacks in the best possible way.

The CANCOM Managed SOC Service increases the visibility of your infrastructure and covers all network elements: devices, applications, data and, of course, users. The CDC recognizes attackers, identifies compromised systems and helps to respond to these attacks with the right means. The CANCOM Cyber Defense Center relies on the connection between man and machine; an efficient combination of analytical thinking, the experience and know-how of CANCOM cyber security analysts and the support of various technologies.

The main areas of a

Technology

Use of market-leading technologies and partners for continuous service from the Cyber Defense Center as well as regular fine-tuning of the sensors and comparison with various threat feed databases.

Processes

We don't impose a "standardized approach" on our customers, but instead respond to each one individually. Our experience from over 8 years of market presence, including our heterogeneous customer structure, gives us a 360-degree view of the attack world and allows us to establish highly efficient processes, such as senior analysts with customer responsibility, dedicated service managers and monthly report meetings.

People

"Where a man attacks, a man should defend!" This is the motto by which we design and live our service. Accordingly, our colleagues from the Cyber Defense Center are our top priority. Although we have various supporting systems in place, each of our reported tickets is created manually by an analyst, which also includes recommendations for action tailored to the customer.

request nowrequest now

Our modular structure

In order to offer our customers the best possible protection across the entire kill chain, our service has a modular and flexible structure. This is because not every potential customer has the same requirements and circumstances.

Red prohibition symbol on a black background.

Network Security Monitoring

Recording of network traffic
Automated and manual analysis
Anomaly detection
Network forensics

Graphical representation of a yellow and green circle with text elements on an error page with too many requests.

Log - Analysis

SIEM
Log aggregation and analysis
Statistical analysis
Data correlation

Graphic representation of a red and green circle on a black background, possibly symbolizing the server status on an error page.

Threat Intelligence

Threat Landscape
Threat Actor & Campaign Tracking
Brand & Credential Monitoring

Endpoint Detection & Response

Endpoint Visibility
Live Remote Analysis
Remote Data Collection
Endpoint Isolation

Graphic representation of a green circle on a black background.

Vulnerability Management

Asset Discovery
Vulnerability reporting
Proactive tracking
Enrichment through threat intelligence

Black square against a black background, symbolizes the monitoring and security in CANCOM's Cyber Defense Center.

Operational Technology Monitoring

Specialization in OT devices and protocols
Continuous monitoring
Overview of assets and communication flows
Detection of attacks and vulnerabilities

Benefit from our customer dashboard and customized solutions

Central overview of all key indicators and events
IT and OT in one overview
API interface
Role-based concept
Predictable costs
Personal contact and discretion in the event of verified incidents are particularly important to us.
Immediate alerting via multiple channels