Cloud Security Operations Center
Our reliable Managed Extended Detection and Response (MXDR) service offering with 24/7/365 proactive hunting, monitoring, and response capabilities, based on seamless integration with the Microsoft Security platform


24/7 highly qualified investigation & analysis
ISO 27001 certified service
The best experts in the industry with more than 25 years of experience in the infosec community
Covers OT/IoT, on-premises and various cloud environments
Personal contact to build a strong analyst-customer relationship
Threat Intelligence Research, Detection Engineering and Automation
glueckkanja CSOC Building Blocks


- Utilization of incident response functions in Defender for Endpoint, Defender for Cloud, and Defender for Identity, as well as other Microsoft IR functions to quickly contain all types of threats
- Regular development and deployment of new playbooks for Sentinel to ensure efficient defense for all systems

- In Purple Team events, we validate our use cases and the Microsoft products used
- Our threat experts search numerous sources for new threat scenarios and emerging trends in cyber attacks

- The results of our threat research and our analysts' experience feed into the Detection Engineering Group to develop new detections and optimize existing ones
- Alignment of detections with the MITRE Attack Framework

- Provision of the CSOC Foundation, where Analytic Rules, Watchlists, and Playbooks are maintained for our customers
- Comprehensive, regularly updated Use Case Repository
- Regular review of Analytic Rules for quality and adaptation to customer needs
- Enrichment of incidents through automated playbooks in Microsoft Sentinel to improve the quality of Security Analysts' decisions
- Optionally, we use Copilot for Security to improve and accelerate our SOC processes

- Our threat experts regularly hunt in customer tenants for new, emerging threats and new attack techniques discovered by our threat researchers
- This expands the view of our customers' threat landscape and thus increases the quality of protection

- We continuously improve the Analytic Rules in customer repositories, thereby increasing the security of customer environments
- Creation of monthly CSOC reports with recommendations for new settings and configurations based on our best practices (Blueprint)
- Access to online reports that provide a comprehensive description of the customer's individual security status

- Microsoft Defender monitoring for endpoint vulnerability management
- Ad-hoc notification of current threats and provision of daily updated lists of all affected systems
- Information about the most urgent threats in an easily understandable newsletter
This is how we protect your environment and data
Defender for Endpoint
Defender for Cloud
Defender for Office 365
Defender for Cloud Apps
Entra ID Identity Protection
Defender for Identity
Defender for IOT
Microsoft Sentinel
Microsoft Copilot for Security
What Microsoft says


Sponsored by Microsoft *
As one of the few MXDR partners worldwide, we offer a Microsoft-sponsored MXDR workshop: In your environment, we will conduct a time-limited proof-of-concept for our CSOC service. This includes among other things:

- 24/7 monitoring of all connected assets
- Detailed, qualified analysis, hunting and evaluation of incidents
- Incident Response based on Microsoft Sentinel Playbooks and IR capabilities in Defender products
- Monitoring of the threat landscape & development of use cases for new threats
* Note: The prerequisite for funded sponsorship is that Microsoft recognizes the company as qualified.
Step by Step to more IT Security
Initial Security Audit & Recommendations
Initial Security Audit & Recommendations
Roadmap Workshops
Roadmap Workshops
Implementation of Security Solutions
Implementation of Security Solutions
Use Case Planning & Implementation
Use Case Planning & Implementation
Blueprint Matching
Blueprint Matching
Connection of Data Sources
Connection of Data Sources
Initial Baselining
Initial Baselining
Technical Interface Integration & Management
Technical Interface Integration & Management
Technical Onboarding to CSOC
Technical Onboarding to CSOC
Start of Incident Response Service
Start of Incident Response Service
Process Optimization, Playbook Creation & Automation
Process Optimization, Playbook Creation & Automation
Connection of Additional Data Sources
Connection of Additional Data Sources
TI Management (incl. IoC Handling)
TI Management (incl. IoC Handling)
Use Case Improvements & Repository Additions
Use Case Improvements & Repository Additions
Extended Automation
Extended Automation



