Managed Security Services with Consist

Relieve the burden on your IT department with a professional, strong partner at your side. Sound, up-to-date expertise, combined with faithful, long-term collaboration with our clients characterizes the managed security services by Consist.

  • SIEM

    Complete relief of Security Information and Event Management

    SIEM Services

  • SOC

    Incidents are dealt with by security experts - Service packages to match the corporate structure

    SOC Services

  • Endpoint Security

    Policy-based, simple, and resource-saving implementation

    Endpoint Security

SIEM Services

Continuous security monitoring and compliance from a single source


SIEM is the most efficient answer to meeting the rising requirements in both legal and cyber-criminal issues:

  • Complete depiction of all corporate data
  • Audit-proof results which ensure compliance and data protection
  • An adaptive system which acts proactively without draining resources, before damage is done

With our >Implementation and >SIEM Operations services, we guarantee professional operation of your IT security systems at the highest legal and technical level with transparency of our services at all times.
Radar als Sinnbild für ein dauerhaftes Monitoring durch ein SIEM im SOC

SOC Competence

What characterizes a good SOC?

SIEM system at a high qualitative level
Onboarding of relevant use cases and processes
Competition wins at international level



>Boss of the SOC - Splunk BOTS

SOC Services

Services for setting up, taking over or expanding a SOC

Our well-coordinated teams of experts take care of first-, second- and third-level support - from defined individual processes to holistic independent coordination of the SOC.

The high quality of our security experts' work is not only reflected in the smooth integration of our services, but also in the ability to include proactive measures such as > threat hunting, pentesting or red-teaming.

Relieve your employees of of analyzing security events, incident management and the continuous connection of new source systems.

Select a service package that suits your company:

IMPLEMENTATION SIEM OPERATIONS SECURITY MONITORING TUNING CONSIST SOC SERVICES

SOC Services Packages

IMPLEMENTATION

The SIEM system requires suitable data sources in order to be able to detect security-relevant incidents throughout a company's IT. The identification of these data sources and their integration into the SIEM system are the task of SIEM Data Integration & Architecture.


Data Sourcing
  • Identification of suitable data sources for the SIEM system (integration of desired/relevant IT infrastructure and tools)
Architecture
  • Design, sizing and installation of the SIEM system
Integration
  • Connection of data sources to the SIEM system in cooperation with the data providers

 

SIEM OPERATIONS

Operation of the SIEM system

  • Monitoring the availability and consistency of the SIEM system

  • Implementation of updates and patches

  • Support in troubleshooting with regard to data deliveries from other systems

  • Analysis and correction of SIEM system errors, documentation

 

SECURITY MONITORING

SOC Level 1
  • Classification and validation of all events of the SIEM system
  • Verification and, if necessary, correction of criticality
  • Solution to simple events with standard operating procedures (SOP)/runbooks
  • Escalation of serious, extensive events to SOC Level 2

The knowledge base is continuously maintained based on the analyzed events and their processing documentation.


SOC Level 2
  • Reviewing and, if necessary, correcting the criticality of events from Level 1
  • Analysis, solution and documentation of events
  • Continuous maintenance of SOPs/runbooks and knowledge base

Highly critical events are transferred to the SOC Level 3. Identified incidents that cannot be resolved in the SOC are received by the CSIRT - Computer Security Incident Response Team.


SOC Level 3

In SOC Level 3, events are processed that were classified as highly critical in Level 2

  • Checking and, if necessary, correcting the criticality
  • Solution and documentation of the events
  • Transfer of identified incidents that cannot be resolved in the SOC to the CSIRT

 

TUNING

Use Cases Development

In content engineering, the detection of security-relevant events based on the data of the SIEM system is further developed in a continuous process, thus enabling the fine-tuning of the use cases.

  • Creation and adaptation of rules for the detection of security-relevant events
  • Exchange with SOC Level 1-3 to identify new rules and change requirements existing rules
  • Monitoring of threat intelligence feeds to identify new rules or change requirements of existing rules to respond to current threats
  • Exchange with SIEM Data Integration and Architecture to connect additional data sources to the SIEM system

Managed Services for Endpoint Security

Select the right support modules for your company from our security platform:

  • Hardware and software inventories
  • Checks via endpoints like servers, virtual machines and cloud infrastructures
  • Patch management
  • Checks of non-administrated endpoints
  • Compliance checks and vulnerability checks

> Endpoint Management

Security-Leistungen von Consist gehen nahtlos in die Managed Services über

Your contact

Joscha Sternadel, Portfoliomanager bei Consist

Joscha Sternadel

Portfolio Manager

phone: +49 431 3993-775

mobile: +49 162 2130358

e-mail: sternadel@consist.de