Managed Security Services

Blog

Posted On: 13 December 2021

Everything you always wanted to know about our Managed Security Services for SME (but were afraid to ask)

On the occasion of the 1-year anniversary of our “Managed Security Services for SMEs” service, we would like to introduce this service to you in detail. Maybe our service is something fitting your needs?

What are these managed security services all about?

bw digitronik/Cybertech offers you a Managed Cyber Security Service under this name. This includes both the management and rental of the SIEM solution as well as the SOC operations and is suitable for small and medium-sized companies that cannot afford or do not want to have their own SOC; whether due to a lack of personnel resources, for financial or other reasons.

Read here what a SOC does and what a SIEM is all about.

Why is a SIEM needed at all?

You can find the answer here.

And what protection does your SIEM and SOC service offer me?

Among other things, we can help you to better protect yourself from the following incidents:

• Cyber attacks
• Damage to IT infrastructure
• Unwanted software (malware)
• Theft of business information
• Theft of confidential data (credit card data, employee and customer data)
• Exploitation of IT vulnerabilities

How much will this SME service cost me?

You can find a price indication here. We happily provide you with an offer tailored to your needs, just ask us!

What information does bw digitronik / Cybertech need for a quotation?

For a quote, simply send us the quantity of your IT devices that you would like to include in the SIEM and thus also in the SOC.

And which IT devices do you think I should include in the service?

Our recommendation is to focus on the most (security)-critical devices:
• Focus on the most important IT assets (e.g., SAP and other critical applications, servers, databases).
• IT security devices
• Network Devices

How much time do I have to factor in for the installation of the service?

Depending on the size of your IT environment and the number of devices, this can vary greatly. If you decide to use our service, all details will be discussed in advance in a workshop. To give you an idea of the scope, please find below some information about our approach to setting up the service:

• Definition of classification criteria for shared use
• Exchange of OLAs / SLAs / KPIs
• Contact list sharing
• Definition of templates and reporting delivery method
• Inventory of systems and applications to be monitored with classification
• Integration with the customer’s IRT (optional)
• Integration of ticketing tools
• Definition of Single Point of Contact (SPOC)
• SOC Team & Control Room Facility

In general, a minimum of about 10 days should be required, but for larger environments it can easily go up to 30 days.

What is the time commitment for my employees?

Basically, our offer is there to relieve your employees. However, we still depend on your support for the operation of the SIEM solution. We recommend scheduling half a day to a full day per week for tuning, especially at the beginning of the service. Information on your obligations to cooperate can be found in the next section.

What are my obligations to cooperate?

Below you will find the requirements:
• You provide a project manager, e.g. for the coordination of activities and collaboration
• Sufficient hardware for the virtual machines
• Enabling firewalls to ensure functionality
• Access to the hardware for installation on the virtual machines for configuration
• You provide remote access
• You will provide an internal project manager/coordinator. (SPOC)
• You ensure that the information required to implement the project is available in a timely manner.
• You ensure that the SIEM can communicate with the SOC’s technical platform (SOAR).
• You ensure access to the SIEM-Platform for our SOC-analysts is functioning
• You ensure that our Engineers have remote access to the admin functions of the SIEM

What is the minimum term of the contract?

The minimum term for our service is 1 year. After that, the service can be canceled at any time with a notice period of 3 months

What exactly is included in the managed service?

We rent and operate the SIEM solution for the customer. This includes maintenance in the form of upgrades, patches, adjustments of log sources, and tuning of the system.

Add to that our SOC services:

• SOC Services L1: Analyst “on screen” who performs an initial analysis of all “alarm messages” from the SIEM system and determines whether they need to be analyzed in greater depth.
• SOC services L2: Analyst “on screen” who takes over the forwarded “alarm messages” from L1 and subjects them to a more in-depth analysis.
• SOC-Sevices L3: Senior analyst or IT subject matter specialist who can be called in at the agreed cost in the event of an “incident” and works out the defense and solution strategy together with the customer.

Which SIEM solution is used for this service?

For our “Managed Security Services for SMEs” package, we rely on the SIEM solution from SGBox.

And what are the capabilities of the SGBox SIEM solution?

The following SGBox products are included in the SIEM solution and in our service:

Log Management (LM) – Collect log and security-related events from any type of data source, providing a complete view of the security posture across the organization and facilitating investigations.
Event Correlation (SIEM) – Correlate events taking place on your network and automatically send an alert or take a response.
System Monitoring (SM) – Provide real-time information and analyze performance and status of network components.
Network Vulnerability Scanner (NVS) – Automate vulnerability scans to detect vulnerabilities of any type of hosts and devices. The solution generates detailed and customized reports to help IT manage vulnerabilities and reduce the risk of data breaches.
Endpoint Threat Detection (ETD) – Advanced detection and response to anomalies and attacks in the Microsoft environment.
User Behavior Analytics (UBA) – Track, collect, and assess user data and activity using monitoring systems.

Are there testimonials or is there the possibility to talk to a reference customer?

Unfortunately, we are not allowed to publish testimonials about our service, as we have signed an NDA (Non-Disclosure-Agreement) with our customers. However, we will be happy to arrange a meeting with one of our existing customers upon request.

Why should I purchase SIEM and SOC services from bw digitronik?

We, bw digitronik ag, are a local Swiss IT security partner and already look back on more than 30 years of experience in cyber security. In addition, we are embedded in a leading European group for Cyber Security Services (Cybertech). Thus, we enable Digital Transformation with a holistic view on IT Security. We have been offering managed security services to our customers within the Cybertech group for 10 years, and managed SOC services for the last 5 years. In this constellation and with the accumulated experience, it is possible for us to offer you an optimal price/performance ratio. In cooperation with SGBox, the overall package also includes an SME-focused SIEM platform.

Do you have any other questions?

Feel free to send them to mss@cybertech.eu and we will reply as soon as possible.