Managed Security Services with Consist
Relieve the burden on your IT department with a professional, strong partner at your side. Sound, up-to-date expertise, combined with faithful, long-term collaboration with our clients characterizes the managed security services by Consist.
Continuous security monitoring and compliance from a single source
SIEM is the most efficient answer to meeting the rising requirements in both legal and cyber-criminal issues:
- Complete depiction of all corporate data
- Audit-proof results which ensure compliance and data protection
- An adaptive system which acts proactively without draining resources, before damage is done
With our >Implementation and >SIEM Operations service packages, we guarantee professional operation of your IT security systems at the highest legal and technical level with transparency of our services at all times.
What characterizes a good SOC?
SIEM system at a high qualitative level
Onboarding of relevant use cases and processes
Competition wins at international level
Services for setting up, taking over or expanding a SOC
Our well-coordinated teams of experts take care of first-, second- and third-level support - from defined individual processes to holistic independent coordination of the SOC.
The high quality of our security experts' work is not only reflected in the smooth integration of our services, but also in the ability to include proactive measures such as threat hunting, pentesting or red-teaming.
Relieve your employees of of analyzing security events, incident management and the continuous connection of new source systems.
Select a service package that suits your company:
SOC Services Packages
The SIEM system requires suitable data sources in order to be able to detect security-relevant incidents throughout a company's IT. The identification of these data sources and their integration into the SIEM system are the task of SIEM Data Integration & Architecture.
- Identification of suitable data sources for the SIEM system (integration of desired/relevant IT infrastructure and tools)
- Design, sizing and installation of the SIEM system
- Connection of data sources to the SIEM system in cooperation with the data providers
Operation of the SIEM system
Monitoring the availability and consistency of the SIEM system
Implementation of updates and patches
Support in troubleshooting with regard to data deliveries from other systems
Analysis and correction of SIEM system errors, documentation
SOC Level 1
- Classification and validation of all events of the SIEM system
- Verification and, if necessary, correction of criticality
- Solution to simple events with standard operating procedures (SOP)/runbooks
- Escalation of serious, extensive events to SOC Level 2
The knowledge base is continuously maintained based on the analyzed events and their processing documentation.
SOC Level 2
- Reviewing and, if necessary, correcting the criticality of events from Level 1
- Analysis, solution and documentation of events
- Continuous maintenance of SOPs/runbooks and knowledge base
Highly critical events are transferred to the SOC Level 3. Identified incidents that cannot be resolved in the SOC are received by the CSIRT - Computer Security Incident Response Team.
SOC Level 3
In SOC Level 3, events are processed that were classified as highly critical in Level 2
- Checking and, if necessary, correcting the criticality
- Solution and documentation of the events
- Transfer of identified incidents that cannot be resolved in the SOC to the CSIRT
Use Cases Development
In content engineering, the detection of security-relevant events based on the data of the SIEM system is further developed in a continuous process, thus enabling the fine-tuning of the use cases.
- Creation and adaptation of rules for the detection of security-relevant events
- Exchange with SOC Level 1-3 to identify new rules and change requirements existing rules
- Monitoring of threat intelligence feeds to identify new rules or change requirements of existing rules to respond to current threats
- Exchange with SIEM Data Integration and Architecture to connect additional data sources to the SIEM system
Managed Services for Endpoint Security
Select the right support modules for your company from our security platform:
- Hardware and software inventories
- Checks via endpoints like servers, virtual machines and cloud infrastructures
- Patch management
- Checks of non-administrated endpoints
- Compliance checks and vulnerability checks