Cyber SafeAlert

IT security monitoring for medium-sized businesses

IT monitoring is not witchcraft - we make network monitoring simple and clear. We offer small and medium-sized companies Cyber SafeAlert, a technical IT monitoring system developed by the experts in Europe's largest competence center for IT security.

DEKRA Cyber SafeAlert is the hardware and cloud-based 360° vision watchtower for companies with up to 500 employees. Using modules that identify possible weak points and gaps, your security risk is analyzed and presented to you in a clear interface - prioritized according to the need for action.

The DEKRA Cyber SafeAlert system is based on two components - the hardware sensor and the secure cloud. The hardware sensor is easily installed on site in your network. There it scans the network traffic around the clock, detects anomalies and searches for weak points in your IT system. The collected data is sent to a secure cloud where it is analyzed and processed. In the user interface, the cockpit, you can find your risk profile centrally and easily in understandable terms at the touch of a button.

Your Benefits

  • Continuous, centrally controlled, fully automated IT security monitoring
  • Cockpit with instructions for solving security problems in your local language
  • Various service packages for individual budget requirements

Procedure Cyber SafeAlert

Signature and behavior-based analysis of dangerous malware and other risks in network traffic.

Data is constantly being received from and sent to the internet, both actively and passively, by legitimate users as well as attackers who take advantage of this exchange. The Cyber SafeAlert Solution detects suspicious patterns and anomalies such as malware, command and control servers, bots, spyware, drive-by sources, DDoS targets and sources.

Signature-based recognition works by discerning predefined patterns. However, attackers are increasingly finding novel methods of infiltrating networks that defy easy identification. Behavior-based detection specializes in exactly this area.

Choose from the various package sizes, depending on the amount of data to be analyzed.

Continuous external and internal scans identify and report on existing vulnerabilities in your IT so you can address them in a structured manner.

External and internal vulnerability scans (called Vulnerability Management and Assessment) give you an overview of current vulnerabilities in your network categorized by risk level (high, medium and low). You can see the results in your Cyber SafeAlert Cockpit: a clear priority list for processing and preparing information to meet compliance requirements. Employee training is not necessary.

In addition to fast and efficient authenticated and non-authenticated vulnerability scans, compliance and password checks identify configuration issues related to applications, passwords, and user policies. The system detects standard or missing passwords, outdated patch versions for installed software and services for Windows systems with registry and dll checks.

The number of devices, which are decisive for the scans, varies depending on the package you choose. Depending on your choice the package performs either one or both types of scans.

In addition to findings from automated risk analyses, framework factors for your IT security are also included.

How high is the current risk of your business being harmed by a cyber-attack? Cyber SafeAlert provides an overview of the facts underlying your current IT risk. This includes information gained from the automated risk analysis as well as framework factors that impact your IT security. Organizational details inside and outside your company are regularly queried as part of a simple and understandable self-assessment and included in the risk analysis.

Logs are an important source for tracking safety-relevant events. They are therefore collected, analyzed, correlated and may result in alarms.

Logs from various sources in a network (servers, clients, network devices, firewalls, applications, etc.) provide crucial information on security-relevant events. The trick is to filter out the truly relevant information from millions of events. This IT risk recognition module is called Security Information and Event Management (SIEM).

Numerous common log formats are supported by SIEM. When choosing a package, each with a maximum number of log sources, you define which log sources are relevant for your company.

SIEM compiles information and events from these log files, and a state-of-the-art correlation engine identifies potential risks using continuously expanded tailor-made rules and policies.

Analysis of web downloads and/or e-mail attachments.

Novel or disguised malware, Advanced Persistent Threats (APTs) and Trojans enter networks through web downloads and/or email attachments because they cannot be detected by signature-based systems alone. In addition, there is the risk of insider threats, whereby important information is obtained without authorization. DEKRA Cyber SafeAlert uses several systems for signature- and behavior-based analysis of the latest generation of network traffic and sandbox technologies with complete system emulation to analyze all incoming email attachments and web downloads and evaluates the findings centrally. The topicality of this module is ensured by continuous feed updates.

Safety-relevant data are culled from the large mass of data with the help of a comprehensive correlation. Data is correlated both within a risk recognition module and across several other modules.

A single piece of information within a mass of data does not often indicate your security relevance clearly. Only a combination of information creates the valuable puzzle pieces that are necessary to track down an attacker. A correlation of logs with vulnerabilities, IDS data or SIEM findings allows a complete overview of security-relevant data.

Correlation and cross-correlation are based on rules, policies and self-learning algorithms: Rules are predefined to recognize patterns and are continuously being extended. Policies are used to determine whether specific actions are taking place at the right time and in the right place. Self-learning algorithms include the Correlation Engine's ability to learn to distinguish between normal and abnormal occurrences and to detect behavioral changes in applications, servers, and other network areas. Examples of anomaly detection include use outside business hours, excessive use of applications or other IT services and patterns in network traffic over time and compared to past periods (taking into account daily, weekly, monthly, and seasonal variations).

Brings together the latest security-relevant information.

Threat Intelligence information is gathered from many of the world's leading internal and external commercial and open source sources. It enables malicious behavior to be detected more quickly - for example, connections from or to suspicious IPs from the internal IT infrastructure.

This information includes IP addresses with bad reputations, URLs, email addresses used for phishing, and file names, file paths, or user agents used for malware.

Cyber SafeAlert's comprehensive collection and processing of security-relevant data, coupled with the extensive threat intelligence information from various sources, allows for unparalleled speed in detection and response.

All insights gained are presented centrally, comprehensibly and clearly in the Cyber SafeAlert Cockpit. They are prioritized and accompanied by adjustment suggestions, so you know what to do and when to do it.

The cockpit shows your individual overview of the safety-relevant information provided by the automated detection. The results are compared with the established, classified and prioritized security issues. Users can select which devices should be included in the check among those available in the overview list.

You know what should be done, in what order, and you already have the information you need to take the next steps to eliminate or minimize the risk. Cyber SafeAlert provides the most important and comprehensive information clearly and conveniently, no need to look further!

Why DEKRA?

  • We are your competent partner in the field of IT monitoring with many years of experience.
  • We enable you to monitor your IT system around the clock.
  • We offer you the possibility to involve one of our experts in the monitoring processes as required.

Have questions? Contact us

Ingo Legler

Ingo Legler

Product Manager & Expert

separator
+49 30 986 0987-123
separator
Andreas Schlöricke

Andreas Schlöricke

Project Management Cyber Security

separator
+49 30 986 0987-126
separator
Share page