
analysis and
threat management



























What is threat management?

Hardening & monitoring
We strengthen your systems to prepare for the unexpected. We use state of the art benchmarks, tools and techniques to warn you before attackers can cause damage to your business.

Remediation
Once the attacker has been stopped, the backdoors he created are closed. Compromised user accounts and systems must be reinitialized and brought back into operation

Continous improvement
Finally, the chosen processes and security controls are adapted to the specific threats that the organisation and/or business faces.
We protect and support our customers on their premises, on AWS and in their Azure cloud
Threat management shouldn’t stop at network boundaries. Many organisations use AWS and MS Azure to run parts of their services and these also need to be covered. We ..
- audit network devices
- manage cloud native controls
- configure cloud log-management
- establish retention policies
- create remediation playbooks
- create auditable policies
63 %
Alerts investigated
Percentage of the total number of alerts investigated (US average)
45 %
Remediated
Percentage of those real incidents that are remediated
25 %
real incidents
Percentage of those investigated alerts that are actual incidents
8 of 26
fixed
Of every 100 alerts, there are 26 real incidents, only 8 of which are fixed.
Powerful control panels and APIs
Plans & pricing
€ 10.000 /mth
Up to 5GB log volume per day
- Customer Dashboard
- 2 days setup
- Push notifications
- Customizable reports
- Log-in via 2F authentication
€ 1000 /day
We look after your IT components
- Systems integration
- Custom reporting
- Custom incident response
- Conceptual work
- Auditing


Think globally, deploy locally (European)
4
locations
Our key differentiators
Geographic footprint
We promote European solutions wherever possible and help customers to comply with the European Union’s General Data Protection Directive.
Small & medium sized enterprises
We establish a high degree of automation, allowing first class solutions for small companies without heavy investment in security software.
The minimum paperwork necessary
We respect the readers of our concepts and don’t hide relevant information in reams of management talk.
Show, don't tell.
We verify all of the solutions that we use, so that we know everything will work when it is installed.
Open source & commercial tools
As we focus on threat management, we use both open source and commercial solutions at the same time. We don’t try to convince our customers to choose between them.
No long term contracts necessary
Threat management needs to get off the ground quickly, but solutions must also be easy to adapt to the actual threats.
Recent blog articles
COVID-19 and climate change are two examples of crises that affect everybody, and make everybody talk about disaster management and the need for strong systems to avoid the worst. Unfortunately it’s human nature to forget the bad times as soon as they are over, and turn back into the proverbial grasshopper who spends the good […]
Recently we had a presentation at the anual sernet conference, see video [in German] and the presentation. Sernet provides the most widely used ISMS tool in Germany. The software is based on an a long open source history. Technologically it uses the Eclipse Rich Client Platform (RCP). Our contribution was an Add-on for Verinice (see […]
To have a good monitoring solution is essential for managing availability at enterprise level. So many organizations start with open source technology to visualize parameters. Grafana is used often and there are many complementing software pieces, which together create a mature environment. This tends even to influence the security management as well. A customer required […]
For hardening you should use the best practice in form of the Center for Internet Security (CIS) benchmarks. Each benchmark contains a number of single atomar tests that are well described and discussed in the CIS expert community. Before a benchmark is finally published it runs through a defined quality assurance process which is kind […]
Transparency is one of our core values, and one of the basic principles of the GDPR. The ideal Users, by which we mean citizens, partners, clients and customers, have a right to know what is going on with their data. Ideally documentation should be provided in a clear, easy to understand format, reformatted for the […]
Not many companies expect to be hacked. Often it happens because their security controls don’t cover all of the possible business vulnerabilities, or the budget is invested in the wrong areas. Whether we are talking about penetration testing or auditing, a security engineer’s job is to reveal and deal with the unexpected. We are often […]
Some people don’t really like our name – it is a bit too much like we’re giving an order. Others are happy to have confirmed what they know is true. We were in Jerusalem, in early February on a very sunny day – if you come from Berlin, like we do, you would almost say […]