CSOC - Cyber Security Operations Center

Need-based solution

Not everybody needs everything that is available. Instead, the level of protection should always be scaled according to the goals and threat surface area. For many organisations, the most important benefits are already provided by small things and, when the operations grow, Loihde’s CSOC supports the path of transforming cyber security into a competitive advantage. A clear and goal-oriented roadmap is the way to success, also in the context of cyber security.

Log Management and SIEM

Log management makes it possible to determine what has happened and who has accessed the data retrospectively.



The service also allows for showing that the necessary monitoring measures have taken place and that the statutory obligations have been fulfilled (e.g., the EU General Data Protection Regulation). Safe storage of logs is important in order to protect confidential information. Logs of information security devices, network devices, servers and applications can be kept.

The service is used to produce a secure, expandable and high-performance log data management and storage service for the customer. The service makes it easier to access log data but also allows the customer to monitor and limit access to their log data. Centralised log data makes it possible to utilise data for various business needs, such as information security, financial or IT management or production, accounting and auditing.



The SOC (Security Operations Centre) is a pillar for information security monitoring and exceptional situations.



The SOC is a cyber security monitoring service that is active around the clock. When problems are identified as early as possible, anomalies can be responded to quickly and damages minimised.

A situation picture of the customer’s information security insight is generated through analyses, combinations and processing of information collected in the customer’s environment. Various tools used by our experts include log data and machine learning that allow for filtering the most important aspects from massive amounts of data on which our experts can then focus. The measures required to eliminate an information security threat are initiated immediately, in accordance with the process agreed upon with the customer.


Threat Intelligence

Defensive capability is based on information of the field of threats. The Threat Intelligence service is designed to provide you with the essential information related exactly to your activities.



Establishing a proactive cyber defence requires reliable, clear and comprehensive threat intelligence. Threats, vulnerabilities, targeted attacks and methods of attacks must be monitored in order to be able to make the correct strategic and operative cyber threat and risk management decisions. The Threat Intelligence service provides information on the status of various themes related to your industry or company from many sources of data, including the dark web.

A lot of information is available, but, in order to take advantage of it, the essential aspects must be determined and refined for the organisation. Our Threat Intelligence service determines, processes and refines the data to be used by the customer. Together with the CSOC Service, threats can be detected quickly and preventive measure can be taken to protect activities in a proactive manner.



Digitalisation has also had its effects on critical industrial and automation environments (OT–SCADA/ICS). New business, support and remote control processes have introduced new information security risks.



The environments that were previously very isolated are now increasingly networked with other information systems. Poor insight and new information security risks make the environments vulnerable.

Our critical industrial environment monitoring service puts your basics in order. The automated system/device inventory provides insight into devices and systems and their status. Passive monitoring makes it possible to monitor the behaviour of environments without interruptions. The CSOC monitors and reacts to information security threats and incidents. The solution can be scaled and applied to decentralised production environments and it also makes the monitoring and quality of information security more uniform. This provides more security to operations.


Endpoint Protection

Endpoint protection helps to identify and prevent threats at the level of the terminal device and not only after they have penetrated deeper into the organisation.



For attackers, terminal devices are commonly the most attractive way to access data and cause harm. Every day, organisations use a wider range of various applications that make it possible to work on a smartphone regardless of your location with the Wi-Fi of a fast food restaurant. On one hand, this makes it possible to verify that you have received an email or finished a document, and on the other, attackers gain a new way to access the organisation. When work is done in a hurry on the small screen of a smartphone, even the most vigilant users can easily fall victim to phishing, for example.
Our modern solution also takes into account the user and their privacy. It does not compromise the performance of the terminal device and only the required data that can also be anonymised, if necessary, are used in the information security analyses. When arranged properly, information security is not a limitation but an enabling factor that makes it possible to cut the tie between work and location.


Privileged Access Management

Our Privileged Access Management service allows you to keep track of who has accessed a digital system and when and what has been done.



Privileged Access Management is a service for secure management and monitoring of user IDs, access rights and sessions. The service provides reliable management of the user IDs and passwords of all digital systems. The Loihde CSOC – Cyber Security Operations Centre monitors in real time what is done with each user ID and by whom.

The service monitors and manages sessions, administrator IDs, approval processes, ensuring the secure use of IDs with privileged access. If, despite everything, something happens, a log of the chain of events makes it possible to analyse the events and what or who caused them.

The service provides ready-made good practices for monitoring and managing access privileges with an easy and quick introduction.


Our Customers