IT-Security

IT Security Monitoring

Real time surveillance for an early detection of cyber-attacks

Early warning is the first step in a successful defense

A minimization of damage by early detection of cyber-attacks is the most important goal of IT security monitoring. Our proactive IT security monitoring collects event data from different operative levels and analyzes them in real time. The correlation of data from a network anomaly detection, network and web application firewall protocols as well as metrics of system and application monitoring allow for a comprehensive cyber-attack risk evaluation. With these analysis results, target-oriented measures to contain such attacks can be designed.

System- and Application Log Management
Our Log Management System consists of central log servers saving protocol data from network systems, operating systems and applications audit-proof, enabling a central evaluation.
Security Event Management
During the Security Event Management network monitoring events such as the anomalies in traffic fluctuation are correlated with system surveillance logs and data of the Log Management, enabling an evaluation. werden die Ereignisse.
Security Incident Management
Considering the Security Incident Management, there has to be differentiated between a disturbance and a security incident. Successful exploits do require measures to secure data, damage mitigation, IT forensics and recovery.

A correct categorization of information assets is especially important with IT monitoring. It encompasses the hierarchic incorporation of components in respect to their used topology, the registration of system and application software as well as shared public services and allowed user access and the classification of network traffic profiles. The configurations that were set during this step are fundament to the ongoing monitoring of the Security Controls and the correlation within the Complex Event Processing.

Further information

Security Incident and Event Management

The technologies summarized in the term SIEM are based on the results of security relevant data in a central repository, which is permanently provided with data by different agents. Security relevant processes can be controlled, events correlated and in case of an incident a forensic analysis can be executed with the help of this central database.

Security Incident and Event Management

Managed SIEM for Private Clouds

To successfully use SIEM, some requirements have to be met:

An integral security management requires detailed knowledge about the hosting platform, the established security controls and the system as well as the application software.

A 24/7 standby for incident managers and administrators has to be organized.

For every incident there must be conducted a quick risk evaluation. Also action plans have to be available.

Action plans have to be trained so they can be reliably realized in case of an emergency.

Why should we be your IT service provider?

As managed hosting provider, we obviously know your e-commerce application well. Additionally, we have all the software required for SIEM such as the monitoring of the cloud infrastructure as well as the tools for central storage and event analysis ready for operation. We are also the first point of contact for the identification of attacks, initiation of defensive measures and data backups.

Other performance features of our IT security are central contact persons who know your web application well, short communication ways and important Security Assessment services.

Further information