Service

Cyber
Defence

infoguard_header_lp_loesungen

Cyber Defence

In the ever-changing world of cyber threats, it is crucial to identify and respond to attacks quickly – 24/7. The top priority of InfoGuard Cyber Defence Services is to monitor your entire infrastructure so that cyberattacks can be detected immediately and successfully defended against.

Managed 
Detection & 
Response (MDR)

Monitoring of your networks, end devices and cloud environments by our Cyber Defence Center in Switzerland, our own cyber defence platform, experienced experts and established processes as well as the use of leading, AI-based detection & response technology: all helping you to detect and defend against the latest cyberattacks and ensure your operational readiness.
Extended Detection & Response (XDR)  

XDR identifies sophisticated cyberattacks based on anomalies in your infrastructure. Relevant security incidents on workstations, smartphones, tablets, servers and cloud workloads are summarised, so you’re notified about the attack straight away and our experts at the InfoGuard Cyber Defence Center can react immediately before the attacker spreads throughout the network.

Endpoint Detection & Response (EDR)
Almost every security breach occurs on an endpoint. By integrating intelligent operating system agents, our analysts and detection systems get insights into what is effectively happening on an endpoint. This meta-information enables potential attacks to be detected more quickly and incidents responded to more swiftly.
Identity Detection & Response (IDR)  
Our identity detection & response is based on Microsoft Defender for Identity (MDI) and uses local Active Directory signals to identify, detect and investigate advanced threats, compromised identities and malicious insider actions against the organisation.
Network Detection & Response (NDR)
By deploying a range of analysis technologies from the field of artificial intelligence (AI) and machine learning as well as sandbox technologies, we can monitor your network comprehensively and in a highly automated manner. If a threat is detected, the alarm is raised immediately and we can respond to the incident without delay.
Cloud Detection & Response (CDR)
Our cloud detection & response service identifies and prevents threats targeting your cloud infrastructure and applications. The service offers protection from threats that occur in emails, links (URLs), attachments or collaboration tools such as SharePoint, Teams and Outlook.
Security Information & Event Management (SIEM)  
Analysing system logs from your infrastructure is key to locating information about security-relevant events. This is why all log information is integrated into our SIEM system, correlated and analysed, enabling us to efficiently recognise incidents that indicate misuse, internal/external attacks or other security threats.

Comprehensive
Incident Response &
Forensics

Successful cyberattacks can never be completely ruled out. Rapid and professional intervention by recognised experts is crucial. Our own CSIRT (Computer Security Incident Response Team) is there to support you around the clock and guarantees a rapid restoration of your operational readiness.

Hunting &
Intelligence

Our Threat Intelligence Team actively searches for attack indicators in your infrastructure and cyber threats on the darknet. Take advantage of our experience from recent cybercrime incidents, hundreds of incident response cases and insights from our Red Team.
 
Compromise Assessment   
In a compromise assessment, our experts search the entire company for evidence of an incident and unusual behaviour using a series of “Indicators of Compromise” (IOC). This will tell you whether your company has been breached by an advanced attacker. InfoGuard also identifies commodity malware that is not related to a sophisticated attack but should still be removed.
Threat Hunting  
InfoGuard proactively searches for APTs and anomalies that are not automatically detected. This involves us continuously collecting indicators of compromise (IOC), which we use to identify new threats in real time. In addition, other security events from the SIEM are also correlated in order to recognise and uncover connections between potentially suspicious activities within the environment as a whole. This means we can immediately take the right steps to stop and isolate the attack.
Cyber Threat Intelligence (CTI)  
Our Cyber Threat Analysts deal with the current threat situation around the clock and analyse information from the darknet, threat intelligence feeds and many other sources. You will periodically receive a Threat Report with a detailed analysis of the general threat landscape and our experts’ risk assessment for your company so that you can take proactive steps. Of course, you’ll be alerted immediately if we find critical indicators or information that could jeopardise your reputation.

Security
Operations

Our Managed XDR and SIEM services are used to recognise and defend against cyberattacks in a targeted manner. Managing the constantly changing threat landscape also involves permanently checking vulnerabilities and monitoring potential attack risks. Our cyber security specialists uncover changes to your vulnerabilities and misconfigurations at an early stage.
Managed XDR & SIEM   
Our cyber security specialists collect, correlate and analyse system data with leading XDR and SIEM systems to detect anomalies and signs of a cyberattack at an early stage. Relevant security events on workstations, smartphones, tablets, servers and cloud workloads are summarised. This means that you’re notified about the attack straight away and our experts can react immediately before the attacker spreads throughout the network.
Vulnerability Management  
The external vulnerability management service shows you your company from the attackers’ perspective. Security experts at our Cyber Defence Center scan your perimeter infrastructure on a daily basis. As soon as a critical vulnerability emerges that is exposed to the Internet, we handle the risk assessment of the vulnerability on your behalf and contact you proactively. Our experts are then available to advise you on demand so that you can rectify the vulnerability quickly and effectively.
Digital Risk Exposure Services    
New cyberattacks on companies take place every day. Cyber security is therefore an enormously important topic for a company’s commercial success. Our InfoGuard Digital Footprint Risk Monitoring Service lets you keep an eye on your risks and identify vulnerabilities that are visible and exploitable from the perspective of an external attacker at an early stage. This allows you to continuously assess and identify your company’s cyber risks.

Do you have any questions about our Cyber Defence Services?

Please fill out the form to get in touch with our experts. We are happy to advise you.

TOP-CIRCLE

Cyber Defence & Incident Response

Recognize and prevent cyber attacks and
recover the ability to act

More than 90 highly qualified cyber security experts and analysts work at our InfoGuard Cyber Defence Centers (CDC) in Switzerland and Germany. The CDC at our site in Baar is ISO 27001-certified and ISAE 3000 Type 2-audited. It has a multi-level physical security concept and the security systems are monitored around the clock.

The vital technical components are redundantly designed and guarantee maximum availability. At the same time, we fulfil the strict data protection requirements (DSG and EU GDPRO/GDPR) and the guidelines for the Swiss financial sector.

We also ensure that the data is stored exclusively at the customer’s premises or in our redundant data centres in Switzerland.

InfoGuard is a BSI-qualified APT response service provider, a member of FIRST (Global Forum of Incident Response and Security Teams) and also acts as an incident response partner and claims handler for leading insurance companies, brokers and loss adjusters, which is testament to the high quality standard of its cyber defence and response services.

We also ensure that the data is stored exclusively at the customer’s premises or in our redundant data centres in Switzerland.

InfoGuard is a BSI-qualified APT response service provider, a member of FIRST (Global Forum of Incident Response and Security Teams) and also acts as an incident response partner and claims handler for leading insurance companies, brokers and loss adjusters, which is testament to the high quality standard of its cyber defence and response services.

Our Service Management Team meets with you regularly to reflect on past events, discuss optimisation options and inform you about changes in the cyber threat situation. Thanks to our experience and findings from many other customers, you benefit from customised security recommendations that continuously improve your cyber security.

A web-based cockpit gives you a quick, round-the-clock overview of the current threat situation and the status of your infrastructure.

infoguard-cyber-defence-center

Benefit from our long Experience

24/7

Managed Detection &
Response Services from our CDC in Switzerland

90+

Experts in dedicated SOC-, CSIRT- and Threat-Intelligence-Teams

13+

Years of SOC Experience & Expertise

400+

Cyber Defence- & CSIRT-Customers

2xSOC

24/7 Security Operations Centers (SOC) in Switzerland and Germany

Hundreds
of Incident Response Cases
per Year

BSI qualified APT-Response
Service Provider &
FIRST Member

Swiss 
SOC-Platform

infoguard-cyber-defence-platform

Cyber Defence Platform

InfoGuard Cyber Defence Platform

The core of an effective and effective cyber defence

The InfoGuard Cyber Defence Platform, developed in-house, highly scalable and operated on-prem in Switzerland, forms the core of our Cyber Defence Services and is based on an open XDR architecture.

To ensure that we see threats from all angles, the platform collects data from end devices, networks, IoT/OT infrastructures, cloud environments and identitie.

By using different detection methods – including machine learning – the platform can quickly detect anomalies and suspicious behaviour and enrich them with insights from actual security incidents, simulated cyberattacks and threat intelligence feeds to support our teams of analysts. The swarm intelligence gathered from hundreds of customers, thousands of security events and hundreds of IR cases every day guarantees the best possible protection and the fastest possible response.

By using different detection methods – including machine learning – the platform can quickly detect anomalies and suspicious behaviour and enrich them with insights from actual security incidents, simulated cyberattacks and threat intelligence feeds to support our teams of analysts. The swarm intelligence gathered from hundreds of customers, thousands of security events and hundreds of IR cases every day guarantees the best possible protection and the fastest possible response.

The platform offers comprehensive transparency and works seamlessly with your existing technology stack. This minimises onboarding and eliminates vendor-dependency. It also ensures that sensitive customer data is protected at all times and stored exclusively in our data centre in Switzerland.

infoguard-cyber-defence-platform