Security Monitoring Concept
The method for continuous optimization

Security Monitoring Concept
The method for continuous optimization

An efficient security monitoring solution is a complex system of technical components and organizational units. Different original systems and personal functions as well as hardware and software tools all depend on each other and are very much interconnected. Everything has to be perfectly aligned in order to create an overall structure that gives you real protection against cyber attacks.

Cyber Defense Platform

Planning and implementing a cyber defense solution by means of security monitoring in your company means answering a few questions:

  • Where are we today? What do we already have in place?
  • How should we organize ourselves?
  • What are we able – or do we want – to do ourselves, and what should we purchase from others?
  • Which tool best meets our requirements?
SOC Prozesse

We will work with you to find the answers to your questions. Countless projects have shown that the security monitoring cycle is an efficient method of introducing and operating a security monitoring solution. In the review and concept phase, we develop all conceptual aspects of the planned security monitoring or SIEM solution and the SOC/ISIRT organization so that nothing stands in the way of a smooth introduction and implementation.

Details on our security monitoring method can be found at

At this website you will also find information on the Security Monitoring Guide, a self-assessment questionnaire that will help you make a decision.


As part of the cyber security strategy and tailored to the initial situation and needs, we support our clients in the following conceptual topics:

Review and Gap Analysis

When you start security monitoring, we use a gap analysis in this phase to explore your current situation and define the steps you need to take to achieve your goals. If you already have a solution in place, this analysis involves checking and continuously improving its effectiveness.

  • Identification of business processes, assets and the environment
  • Preparation of risk analysis, determination of threat scenarios and protection needs
  • Detection of security deficits and definition of measures
  • Determination of specifications, requirements and framework conditions
  • Definition of solution and implementation strategy

Being aware of the long-term security strategy and the vision of the security monitoring objective, we seek to give our clients an effective basis for security monitoring through a prioritized and structured approach.

Design of Cyber Security Intelligence and SIEM Platform

We support you in the design of a company-specific, centralized cyber security intelligence and SIEM platform for the recognition, analysis and processing of cyber security events.

  • Dimensioning and architecture of a scalable and future-oriented platform.
  • Definition of integration for log sources and data storage in compliance with the requirements (policy, compliance, data protection)
  • Seamless integration into your existing infrastructure, tools and processes
  • Analyses and reports tailored to stakeholder needs
  • Coordination with existing or supplementary prevention and detection solutions to establish a highly effective cyber security intelligence platform

Use Case Engineering for each phase of the Cyber Kill Chain

In dialogue with you we define use cases that are tailored to your company's needs for incident detection. You will benefit from our SOC and ISIRT experience. These teams analyze and combat real attacks on a daily basis; the same applies to auditing and pentesting (think like an attacker).

When defining the use cases, we rely on your cyber security strategy, assets and risk analysis, as well as on the information sources of your existing security components in the area of protection and detection. Based on our database with more than 200 use cases and your existing data sources, we show you which cases can be implemented and how complex and effective they will be.

Security Monitoring Concept

When choosing the use cases, we attach great importance to covering all phases of a cyber attack – including advanced persistent threats. The correlation of use cases in all attack phases helps reduce false positives and detect actual attacks and incidents quickly and reliably in the background noise of security events.

Security Incident Management (Operational Concept and Processes)

Successful security monitoring requires a structured approach as well as coordinated and well-established processes in order to:

  • quickly identify, report and evaluate security incidents
  • manage security incidents efficiently and effectively (minimize the extent of the damage, analyze, recover)
  • fix vulnerabilities before they can be exploited
  • learn from security incidents, set up preventive measures and improve integrated security management.

We will help you establish appropriate information security incident management based on ISO 27035. In the planning and preparation phase, all the necessary structures and processes are set up for the later operating phase:

  • Definition of Information Security Management Policy (management obligation, summary and overview)
  • Definition of information security management system (classification and categorization as well as documentation of cyber security events and incidents, definition of communication structures and means, instructions and processes for classification, escalation, communication, evidence gathering and forensic analyses)
  • ISIRT and SOC organization
  • Runbooks (action plan) for handling individual threat and incident scenarios
  • Training, awareness and tests for the entire incident management system
  • Definition of accompanying and supporting measures