NTS Threat Detection Service | SIEM

The number of cyber-attacks is constantly on the rise due to advancing digitalization, the enlargement of the system environment of a company and trends towards remote work. Therefore, it is essential that large businesses as well as SMEs be proactive and invest in their IT security. According to the guidelines, and the threats of possible fines, regarding compliance with the NIS2 guideline, which defines the minimum standards for cyber security in the EU, more and more companies are urged to increase their resilience and their reaction to security incidents. It’s not a question of whether you are a target of an attack or not: but rather when. However, the outcome of an attack depends on if protection is existent or not.

It is the primary goal of NTS to support its customers in the area of security in the best possible way. Thus, NTS provides its own Security Operation Center with highly qualified engineers and analysts. The foundation was laid by the Service NTS Vulnerability Management that helps to detect and to rectify weaknesses in the company. With the Threat Detection Service|SIEM (TDS|SIEM), NTS advances a step further and identifies threats in real time.

PRECISE MINIMIZING OF DANGERS

With TDS|SIEM, security relevant events are collected, correlated, and analyzed by means of log data. With the help of SIEM use cases (rules for the detection of suspicious behavior), suspect behavior is detected and the NTS Defense Analysts are alarmed. The analysts analyze each alarm thoroughly in order to detect an actual threat. If this is the case, the customers are informed about it and supported in their tasks to overcome this incident. The selection of use cases as well as individual adaptions are developed together with the customer, and it is focused on the biggest risks and threats for their operation. The use cases are continuously adapted and enhanced in the course of this service, in order to ensure optimal detection and to minimize a false positive rate during alarms. For many businesses it is very challenging to fulfill these requirements internally, as a lot of time is needed for the analysis of the alarms. Furthermore, special knowledge and resources are required as well. NTS gladly takes over this responsibility and relieves the IT and security departments of the customers.

YOUR ADVANTAGES AT A GLANCE

Assurance of threat detection by NTS
24×7 available highly qualified security analysts
Dedicated customer analysts as a Single Point of Contact
Best possible support for the safeguarding of the operational continuity
Full transparency thanks to access possibilities onto the NTS Defense platform
Usage of the Data Analytics system even for non-security relevant data – no security silo
Profound analysis and permanent support
Protection for extensive customer environments
Implementation of custom use cases that are tailor-made to the customer

The comprehensive TDS|SIEM Managed Service is based on the NTS Defense Platform, which provides all required components, including hardware, software, and licenses. NTS adds special emphasis to the open architecture of the NTS Defense Platform. As there is no separate security silo generated, the customer has the possibility to access or to utilize the collected data besides these services as well (e.g., IT operations, business intelligence). Furthermore, the NTS Defense Platform is devised in a way that it is easily scalable without the need to change the hardware so that it is ready to face future requirements.

A further essential advantage of these services is the high portion of the digital customer environment that can be covered. All these systems, from cloud components, via applications all the way to different data banks, can be integrated in the SIEM and are therefore permanently monitored for threats. Through the implementation of so-called use cases, a protection from threats that is tailor-made to the customers’ operation is offered to the customer as well.

The NTS TDS|SIEM comprises, amongst others, of the following services:

Monitoring and operation of the NTS Defense Platform
Continuous monitoring of security events
Implementation and continuous expansion of use cases
Prompt compilation of emergency use cases in case of new threats
Notification in case of critical threats
Incident response team support during the restoration of the operation
Regular threat detection meetings
Dedicated security analyst for the customer
Contribution to continual improvement

From the first information meeting all the way to the ongoing operation. During this entire process, NTS accompanies the customer throughout every step with its best expert know-how.