Menu
Cyber Security
Back to previous page

Security Operations Center (SOC)

IT security, at your service

IT security incidents are a major threat to businesses and authorities. Denial-of-service attacks (DoS), phishing, ransomware or business email compromise (BEC) are just some of the threats that can have devastating consequences. Cyberattacks are becoming increasingly precise, combining multiple angles of attack.

Conventional IT security measures like firewalls, malware scanners or intrusion detection systems are not enough to detect attacks in time and take effective countermeasures.

Legal provisions, such as the EU’s General Data Protection Regulation (GDPR) or Germany’s IT Security Act (IT-Sicherheitsgesetz), also require companies and organizations to verifiably provide up-to-date protection for their IT systems and data and immediately report security incidents to the responsible supervisory authority.

Do you have any questions?

We look forward to hearing from you if you have any questions on these topics.

 

Contact us

Greater security and compliance

A security operations center (SOC) is an important tool for detecting and defending against current IT security threats and supporting IT compliance. The most important tasks of the SOC are:

  • Detecting suspicious activities in your IT infrastructure
  • Sounding the alarm in the event of critical incidents
  • Initiating effective countermeasures

There is a wide range of events that an SOC can deem to be unusual. They can be a sign of an ongoing attack, a compromised system, activities by a malicious insider or a loss of performance. These are all very complex events. That is why operating an SOC requires experienced and well-trained security specialists.

At our headquarters in Wiesbaden, we at SVA operate an SOC that is available around the clock and can offer you four frequently required service elements as part of a modular offering

  • SVA security intelligence platform
    Provision and operation of a central platform for security event management and analysis.
  • Network traffic and behavior analysis
    Additional network traffic data for the security intelligence platform.
  • Emergency response service
    Comprehensive support to minimize damage and forensics in the event of a security incident.
  • Security monitoring
    Continuous monitoring and analysis of security incidents by security specialists, including alerting.
Why SVA?
  • Over the last 20 years, SVA has grown to become one of the leading IT service providers in Germany.
  • Our expertise covers a vast range of technologies and disciplines.
  • With our SVA Cyber Defense Team, we offer unique capability for limiting security incidents and in forensic analysis.
  • All of our specialists and system components are based in Germany.
  • SVA Operational Services has operated an information security management system since 2016, in line with ISO 27001 and certified by TÜV Rheinland.

SOC by SVA: How it works

Security intelligence platform

SVA operates a security intelligence solution based on IBM QRadar. This is the central SOC platform for detecting and analyzing security incidents in your IT infrastructure. For security reasons, each customer receives their own appliance installed on premises. Security-relevant IT events are detected and checked against the threat information of the IBM X-Force Security Research team, helping to both detect known threats and identify anomalies that could point to previously unknown attacks.

Network traffic and behavior analysis

Network traffic data is monitored and analyzed using flow processors. Correlating this traffic with the incident data in this way makes it possible to detect more threats than by concentrating solely on event data.

Security monitoring

An experienced team of specialists in the SVA Security Operation Center (SVA SOC) monitors all incidents identified by the security intelligence platform. This data is automatically combined with information from countless threat intelligence sources and is manually analyzed by the SVA SOC specialists in order to determine whether the incident has an impact on security and requires further action. The possible steps include alerting the customer, taking immediate action based on a predefined plan, or calling on the SVA Cyber Defense Team.

Emergency response service

In the event of a security incident, you need to take damage limitation measures as quickly as possible. The specialists in the SVA Cyber Defense Team have wide-ranging expertise and many years of experience, and can help you both on site and remotely to quickly get your business back up and running. When investigating, securing and analyzing the clues, the SVA Cyber Defense Team uses proven forensic methods to determine the cause and scope of the incident. This allows them to take suitable measures to limit the damage and protect against further threats. Once the investigation is complete, you receive a detailed report containing recommendations on how to reduce vulnerabilities, as well as other risk reduction measures.

Any Questions?

If you would like to know more about this subject, I am happy to assist you.

Contact us
Michael Ganzhorn
Michael Ganzhorn
Product Manager Security Operations Center SOC