CSOC - Cyber Security Operations Center

Our 24/7 operating cybersecurity center, monitors and responds to security events, ensuring that our customers can focus on their business in peace.

Need help with a security incident?
Contact our DFIR team

Need-based solution

Not everybody needs everything that is available. Instead, the level of protection should always be scaled according to the goals and threat surface area. For many organisations, the most important benefits are already provided by small things and, when the operations grow, Loihde’s CSOC supports the path of transforming cyber security into a competitive advantage. A clear and goal-oriented roadmap is the way to success, also in the context of cyber security.

Log Management and SIEM

Log management makes it possible to determine what has happened and who has accessed the data retrospectively.



The service also allows for showing that the necessary monitoring measures have taken place and that the statutory obligations have been fulfilled (e.g., the EU General Data Protection Regulation). Safe storage of logs is important in order to protect confidential information. Logs of information security devices, network devices, servers and applications can be kept.

The service is used to produce a secure, expandable and high-performance log data management and storage service for the customer. The service makes it easier to access log data but also allows the customer to monitor and limit access to their log data. Centralised log data makes it possible to utilise data for various business needs, such as information security, financial or IT management or production, accounting and auditing.


Endpoint Protection

Endpoint protection helps to identify and prevent threats at the level of the terminal device and not only after they have penetrated deeper into the organisation.



For attackers, terminal devices are commonly the most attractive way to access data and cause harm. Every day, organisations use a wider range of various applications that make it possible to work on a smartphone regardless of your location with the Wi-Fi of a fast food restaurant. On one hand, this makes it possible to verify that you have received an email or finished a document, and on the other, attackers gain a new way to access the organisation. When work is done in a hurry on the small screen of a smartphone, even the most vigilant users can easily fall victim to phishing, for example.
Our modern solution also takes into account the user and their privacy. It does not compromise the performance of the terminal device and only the required data that can also be anonymised, if necessary, are used in the information security analyses. When arranged properly, information security is not a limitation but an enabling factor that makes it possible to cut the tie between work and location.


Threat Intelligence

Defensive capability is based on information of the field of threats. The Threat Intelligence service is designed to provide you with the essential information related exactly to your activities.



Establishing a proactive cyber defence requires reliable, clear and comprehensive threat intelligence. Threats, vulnerabilities, targeted attacks and methods of attacks must be monitored in order to be able to make the correct strategic and operative cyber threat and risk management decisions. The Threat Intelligence service provides information on the status of various themes related to your industry or company from many sources of data, including the dark web.

A lot of information is available, but, in order to take advantage of it, the essential aspects must be determined and refined for the organisation. Our Threat Intelligence service determines, processes and refines the data to be used by the customer. Together with the CSOC Service, threats can be detected quickly and preventive measure can be taken to protect activities in a proactive manner.



Digitalisation has also had its effects on critical industrial and automation environments (OT–SCADA/ICS). New business, support and remote control processes have introduced new information security risks.



The environments that were previously very isolated are now increasingly networked with other information systems. Poor insight and new information security risks make the environments vulnerable.

Our critical industrial environment monitoring service puts your basics in order. The automated system/device inventory provides insight into devices and systems and their status. Passive monitoring makes it possible to monitor the behaviour of environments without interruptions. The CSOC monitors and reacts to information security threats and incidents. The solution can be scaled and applied to decentralised production environments and it also makes the monitoring and quality of information security more uniform. This provides more security to operations.


Privileged Access Management

Our Privileged Access Management service allows you to keep track of who has accessed a digital system and when and what has been done.



Privileged Access Management is a service for secure management and monitoring of user IDs, access rights and sessions. The service provides reliable management of the user IDs and passwords of all digital systems. The Loihde CSOC – Cyber Security Operations Centre monitors in real time what is done with each user ID and by whom.

The service monitors and manages sessions, administrator IDs, approval processes, ensuring the secure use of IDs with privileged access. If, despite everything, something happens, a log of the chain of events makes it possible to analyse the events and what or who caused them.

The service provides ready-made good practices for monitoring and managing access privileges with an easy and quick introduction.


DFIR service (Digital Forensics and Incident Response)

A Tier 3 cybersecurity analyst to support the investigation when a security breach occurs.


DFIR service is part of the CSOC service package, where a Tier 3 cybersecurity analyst analyzes the best information available to determine what has happened. Based on the information obtained, the DFIR cybersecurity analyst decides on further actions and coordinates the investigation with the customer’s experts and Loihde’s CSOC Tier 2 analysts. All investigations aim to help the customer recover from the security breach in the best possible way.

In the DFIR service, the customer receives assistance from Tier 3 cybersecurity analysts within 24 hours of detecting a security breach. Examples of Tier 3 services include investigating data breaches, managing significant security incidents and measures, analyzing malware, and hunting for advanced threats.

Need help? Contact us.


Our Customers