Strengthen resilience with SIEM solutions and SOC

Security events such as data breaches impact compliance. Comprehensive SOC and SIEM solutions reduce risks.

November 29 2023Marcel Hoch

Keeping an eye on cybersecurity to support compliance

More than three billion euros in fines have been imposed since the European Union’s General Data Protection Regulation (GDPR) came into force in 2018. Failures of cybersecurity led to over 300 cases in which inadequate security measures were penalized - with significant financial losses.1 In addition to the GDPR, companies must comply with other regulations - such as NIS2 or KRITIS - in which cybersecurity plays an important role.

Why compliance affects every company

How do companies manage to comply with all legal requirements and guidelines, such as NIS2? And how can they embed resilience into their value creation? Compliance is everyone’s business, whether you are a medium-sized company, a large corporation, or a public administration. For example, every company that processes personal data and information must comply with the GDPR - regardless of industry or size. Other examples include the TISAX guidelines in the automotive industry and the insurance supervisory requirements for IT (VAIT) issued by the German Federal Financial Supervisory Authority (BaFin) for the financial sector. There are also industry-independent regulations for operators of critical infrastructures. Examples are KRITIS in Germany and its European equivalent, NIS2, which came into force in the EU in January 2023. The EU member states must transfer NIS2 into national law by October 2024. The goal: Ensure a uniform level of cyber protection across Europe to make life as difficult as possible for hackers.

IT security: Transparency is essential

Many compliance requirements are basically about companies needing to know what is happening in their digital infrastructure - especially in their networks and IT systems. They are often required to log all security events and retain the log data for a specific time. Companies must also ensure that their IT has not been infiltrated by malware - in other words, that everything is legally compliant and valid. The best way to meet these requirements is through special security technologies. This is where Managed Detection and Response (MDR), Security Information and Event Management (SIEM), and Security Operations Center (SOC) come into their own. But what is behind these IT security solutions?

How do MDR, SIEM, and SOC work?

As part of our Managed Detection and Response services, we continuously monitor our clients’ digital infrastructure, including networks, systems, and endpoints, to identify potential cyber threats. We use SIEM and SOC to detect and respond to suspicious activities and anomalies. The SIEM systems collect and analyze all data, while the SOC monitors, analyzes, responds, and improves security in real-time. At Telekom’s SOC in Bonn, for example, more than 200 security experts keep an eye on Telekom’s systems and those of its customers around the clock.

The lucrative business of cybercrime


The benefits: By using SIEM, SOC, and MDR solutions, companies can not only better comply with the necessary regulations – such as the NIS2 Directive – but also make themselves more resilient. This is because the security solutions help them identify cyber risks at an early stage and initiate appropriate security measures. This is particularly important as the threat landscape is rapidly evolving. The situation is unlikely to ease in the future; companies and authorities will always attract cybercriminals, and they will find increasingly inventive ways to breach their defenses. In the past, hackers were mainly interested in exposing organizations’ sensitive information to the public. Today, however, they are primarily interested in profiting. Cyberattacks are more lucrative than ever before. Ransomware attacks alone, in which hackers essential business systems and demand high ransoms, can earn millions of Bitcoins.

Compliance: Don’t delay action

Compliance affects almost all companies and organizations. Therefore, when developing our services for Managed Detection and Response, SIEM, and SOC, it was important for us to take into account as many requirements as possible.  Scalability was one of the most critical functions. Some companies are still navigating their compliance requirements, such as the NIS Directive, and have still to think about the “how”. They often fall into a vicious circle: They don’t meet the regulatory requirements for cybersecurity to start with, while the number of regulatory requirements keeps growing. The more complex the tasks become, the more likely they are to fall into a state of immobilization. Consequently, they postpone vital compliance actions indefinitely.

The solution is scalability: We start by implementing a small number of SIEM rules for our customers - to secure business-critical digital services and data and comply with regulatory requirements - and gradually create additional rules. True to the motto: Start small and grow solidly over time.

In-depth expertise in security issues

Another area of our Managed Security Services is practical consulting. Companies or public administrations often need help to answer important questions related to compliance. What should or must be secured? Are all devices, users, processes, and information systems being considered and protected in the best possible way? How should cloud security be managed? What to do in the event of a security incident? Our experienced security experts provide comprehensive advice to those responsible concerning security issues and regulations such as NIS2, KRITIS, or GDPR. In the event of a cyber incident, they know exactly what to do and which security technologies or principles, such as Zero Trust, provide optimum protection for infrastructure and applications. This allows companies and public administrations to increase their level of security and face future cyber threats with confidence.

1 GDPR Report, Proxyrack, 2023

Quick FAQs

What does a Security Operations Center do?

A Security Operation Center (SOC) is a team of IT security professionals that monitors an organization’s (or client organizations’) entire IT infrastructure, 24/7/365, to detect cybersecurity events in real-time and address them quickly and effectively. The security team also selects, operates, and maintains an organization's cybersecurity technologies and continually analyzes threat data to identify ways to improve its security posture.

What is the NIS2 Directive?

The Network and Information Security Directive (NIS2) Directive is EU-wide legislation on cybersecurity. It entered into force on January 16, 2023, and replaces the previous NIS Directive. NIS2 aims to achieve a standard level of cybersecurity across the Member States by imposing stricter risk management and incident reporting requirements, broader coverage of sectors, and more hard-hitting penalties

Who does NIS2 apply to?

NIS2 applies to companies, suppliers, and organizations that deliver essential services for the European economy and society, not only those in Member States. Qualifying thresholds apply – for example, important entities with over 50 employees or 10 million in annual revenue will be considered automatically.  

What is ISO 27001?

ISO 27001 is an international standard to manage information security. T-Systems is certified per the standard. Explore our certificates here

What is SOC 1?

SOC 1 is a report on controls relevant to a client’s internal control over financial reporting (ICFR). SOC 1 is required for outsourced systems covered by Sarbanes-Oxley (SOX).

What is SOC 2?

SOC 2 is a security framework that specifies how organizations should protect customer data from unauthorized access, security incidents, and other vulnerabilities. SOC 2 is part of the System and Organization Controls suite of services developed by the American Institute of Certified Public Accountants (AICPA).

What is the aim of SOC 2?

SOC 2 is designed to establish trust between service providers and their customers by providing auditors with guidance for evaluating the operating effectiveness of an organization’s security protocols.

What is a SOC 2 framework?

A SOC 2 framework is founded on five Trust Service Principles essential for securely managing customer data. These are Security, Availability, Processing Integrity, Confidentiality, and Privacy.

How do businesses achieve SOC 2 compliance?

To achieve SOC 2 compliance, businesses need to identify the type and scope of compliance, choose a compliance platform for automating processes, sign up a SOC 2 audit partner, conduct an internal risk assessment, and have a robust security stack.

What is a SOC 2 audit?

A SOC 2 audit is an independent third-party assessment that evaluates a cloud service provider’s or other service organization’s internal controls and practices that protect and secure customer data. It involves auditing the organization’s confidentiality and privacy controls based on the American Institute of Certified Public Accountants (AICPA) or Trust Service Criteria (TSC).

What is a SOC 2 report?

SOC 2 report is a report on a service organization’s IT controls. It is an attestation report in which the organization makes assertions about the design and implementation of those IT controls, and an independent Certified Public Accountant (CPA) firm audits those assertions. A SOC 2 Type 2 report also evaluates the operating effectiveness of the IT controls over a specified period.

What is a SIEM solution?

SIEM stands for Security Information and Event Management. It is a security solution that helps organizations detect, analyze, and respond to security threats before they harm business operations. A SIEM solution combines security information management (SIM) and security event management (SEM) into one security management system. SIEM technology collects event log data from various sources, identifies activity that deviates from the norm and takes appropriate action.

What is the difference between a SIEM solution and SIEM tools?

The difference between a SIEM solution and SIEM tools lies in their scope and functionality. SIEM tools are products you can purchase, which are essential components of a SIEM system. SIEM tools focus on the technical aspects, such as collecting, aggregating, and analyzing security-related data from various sources within an organization.

On the other hand, an SIEM solution encompasses not only the SIEM tools but also the people, processes, and other technologies to implement a comprehensive security or compliance strategy.

In summary, while SIEM tools provide the necessary technical capabilities, a SIEM solution is a broader concept that integrates these tools with the appropriate expertise and procedures to create a robust security defense system.

In a security context, what is the difference between event data and log data?

Both event data and log data are crucial for monitoring and analyzing system activities, but they serve different purposes and contain different types of information. In brief, event data refers to observable occurrences that happen at a specific point in time. Log data is a time-stamped record of events that occur within an organization’s systems and networks.  

About the author

Marcel Hoch

Teamlead Cyber Security Offense/Defense, operational services

Show profile and articles

Find out more about the latest trends in cybersecurity

Immerse yourself in the digital age with us!

Are you interested in how we support companies and institutions on their path to digitalization? Write to us or let us know your thoughts.
Do you visit t-systems.com outside of Germany? Visit the local website for more information and offers for your country.