By loading the video, you agree to YouTube's privacy policy.
Learn more
We use a standardized process in order to provide all customers with the best quality
Your added value
Every day, new threats to your IT appear on the horizon. It isn’t easy to retain an overview and react in time. To ensure that your company is protected as completely as possible 24/7, we have developed the Skaylink Cyber Security Center.
Based on Microsoft solutions, our CSC takes care of monitoring for you. The Skaylink CSC immediately defends against many attacks via automated reaction. Further, we inform you of escalations as required and suggest countermeasures. As an option, our security experts will also implement the recommended actions.
- Operated by a MISA (Microsoft Intelligent Security Association) member
- Automation for a high, consistent quality standard
- Data remain in the customer tenant
- Significant increase in the number of predefined alert rules
- Cyber Security Center operation by Skaylink
- You get detailed, prepared recommended actions
- Automated reports
- All customers benefit from new best practices/process optimization
We are there for you 24/7
Why the Skaylink Cyber Security Center is the best SOC for you
- 5 days of onboarding in 4 weeks
- Technical basis: Microsoft Sentinel (SIEM solution)
- Tier 0: Playbook catalog for automated reaction
- Tier 1: Handled by cybersecurity analysts
- Tier 2: If required, escalation and measures with integration of security consultants
- Tier 3: Continuous optimization of the automation layer through all incidents that cannot be solved directly
- Operation by Microsoft Gold Partner with many years of experience
- Skaylink will become familiar with your environment in an intensive ramp-up phase while we are already monitoring your environment
Technology
Microsoft 365 services provide the basis for the Skaylink Cyber Security Center:
Microsoft Defender for Endpoint
The optimal enterprise endpoint security platform for Windows clients and servers, Linux, macOS and Android (iOS/iPadOS coming soon)
Microsoft Defender for Identity
Hybrid is the best. Signals from your on-premises active directory also help to defend against threats.
Microsoft Defender for Office 365
Protection against threats from emails, links and malware
Microsoft Defender for Cloud Apps
Shadow IT detection and (multi-)cloud app governance are no problem for this cloud access security broker.
Azure AD Identity Protection
Detects identity-based risks while supporting the zero-trust approach of the Azure Active Directory.
Microsoft Information Protection
Classifies and/or encrypts files and emails in order to prevent uncontrolled data drain.
Our service is directed towards:
Target groups
- Customer-side support to clarify the context of alerts as quickly as possible
- Customers who say: “It simply has to work!”
- Customers who want to ensure higher productivity
- Customers who want to react to security incidents 24/7
- With an existing Microsoft tenant, onboarding is even faster
- Customers who require security monitoring for their environment
Insight into our solution
Example of our security report (CSC SecOps Report)
Dashboard in Microsoft Sentinel
Information to download
Cyber Security Center – Managed Service 24/7
We have compiled all the facts on the Skaylink Cyber Security Center and its benefits here in a clearly arranged overview.
Use cases – detecting and eliminating vulnerabilities
Here are a few example of how the Skaylink Cyber Security Center can help you.
Incident: Data leak to a cloud app that isn’t used
Use case: True positive
Without the Skaylink CSC
- Cloud App Security detects the incident
- An alert is generated
- No further actions are triggered
→ Data leak continues
With the Skaylink CSC
- CSC detects the incident
- An automatic runbook activates to acquire information and check whether or not the cloud app is enabled
- As it is not enabled, the client of the user is isolated and/or the user account is blocked
- A customer notification demands a reaction (note incident, unblock user, check cloud app)
- After customer feedback, the CSC configuration is automatically adjusted (here: blacklisting of app or app + specific user)
→ Other data leaks are prevented
Incident: An account generates an “Impossible Travel” incident
Use case: False positive
Without the Skaylink CSC
- Microsoft 365 detects the incident & alerts are generated
- The login risk level is raised
- Depending on the configuration, multi-factor authentication (MFA) is requested for the login
→ Incident will occur again and again
With the Skaylink CSC
- Initial sequence same as without the Skaylink CSC
But then:
- The CSC checks the other activities of the user to assess the incident
- The customer notification demands a reaction (assessment of IP address: belongs to company yes/no)
- After customer feedback, the CSC configuration is automatically adjusted (here: add the IP address to the CSC configuration and other systems)
→ Future alerts are suppressed
Plans
We have developed a pricing model for the service that is based on the scope of the package.
In all cases, the fees for the Skaylink Cyber Security Center are billed per user per month.
For your individual price calculation, please contact us.
Essential service package – scope of service
Services
-
Availability of the Skaylink Cyber Security Center
-
24/7 technical incident monitoring and alerting
-
Endpoint security monitoring – MS Defender for Endpoint*
-
Endpoint security monitoring – Bitdefender GravityZone**
-
Login security monitoring – MS Azure Active Directory (AD)***
-
Reaction time to critical incidents
-
Cyber Security Center analyst assessment
-
Email alerting
-
Security operations report
Endpoint
-
Availability of the Skaylink Cyber Security Center
-
24/7 technical incident monitoring and alerting
-
Endpoint security monitoring – MS Defender for Endpoint*
-
Endpoint security monitoring – Bitdefender GravityZone**
-
Login security monitoring – MS Azure AD***
-
Reaction time to critical incidents
-
Cyber Security Center analyst assessment
-
Email alerting
-
Security operations report
Identity
-
Availability of the Skaylink Cyber Security Center
-
24/7 technical incident monitoring and alerting
-
Endpoint security monitoring – MS Defender for Endpoint*
-
Endpoint security monitoring – Bitdefender GravityZone**
-
Login security monitoring – MS Azure AD***
-
Reaction time to critical incidents
-
Cyber Security Center analyst assessment
-
Email alerting
-
Security operations report
Notes
* License & customer Log Analytics work areas required, acquisition based on licensing capabilities
** Event Collector instance, license & customer Log Analytics work areas required
*** Azure AD license & customer Log Analytics work areas required, Azure AD Identity Protection Detection depending on Azure AD license
Professional service packages – scope of service
Services
-
Availability of the Skaylink Cyber Security Center
-
24/7 technical incident monitoring and alerting
-
Login monitoring*
-
Cloud App monitoring*
-
Endpoint security monitoring*
-
Reaction time to critical incidents
-
Cyber Security Center analyst assessment
-
Call management
-
Email alerting
-
Cloud security workshop
-
Attack simulation*,**
-
Cyber Security Center jour fixe
-
Security configuration recommendations
-
Ticketing system API integration***
-
Security threat report
-
Security operations report
-
Security posture report
-
Managed device status report*
-
Network security report (firewall)****
Silver
-
Availability of the Skaylink Cyber Security Center
-
24/7 technical incident monitoring and alerting
-
Login monitoring*
-
Cloud App monitoring*
-
Endpoint security monitoring*
-
Reaction time to critical incidents
-
Cyber Security Center analyst assessment
-
Call management
-
Email alerting
-
Cloud security workshop
-
Attack simulation*,**
-
Cyber Security Center jour fixe
-
Security configuration recommendations
-
Ticketing system API integration***
-
Security threat report
-
Security operations report
-
Security posture report
-
Managed device status report*
-
Network security report (firewall)****
Gold
-
Availability of the Skaylink Cyber Security Center
-
24/7 technical incident monitoring and alerting
-
Login monitoring*
-
Cloud App monitoring*
-
Endpoint security monitoring*
-
Reaction time to critical incidents
-
Cyber Security Center analyst assessment
-
Call management
-
Email alerting
-
Cloud security workshop
-
Attack simulation*,**
-
Cyber Security Center jour fixe
-
Security configuration recommendations
-
Ticketing system API integration***
-
Security threat report
-
Security operations report
-
Security posture report
-
Managed device status report*
-
Network security report (firewall)****
Platinum
-
Availability of the Skaylink Cyber Security Center
-
24/7 technical incident monitoring and alerting
-
Login monitoring*
-
Cloud App monitoring*
-
Endpoint security monitoring*
-
Reaction time to critical incidents
-
Cyber Security Center analyst assessment
-
Call management
-
Email alerting
-
Cloud security workshop
-
Attack simulation*,**
-
Cyber Security Center jour fixe
-
Security configuration recommendations
-
Ticketing system API integration***
-
Security threat report
-
Security operations report
-
Security posture report
-
Managed device status report*
-
Network security report (firewall)****
Notes
Included, automated service. Processing by humans in the booked service period only
* If covered by the software license of the customer
** Attack simulation sends phishing emails to employees of the customer with the goal of acquiring access data
*** Prerequisite: Interface to ticket system of customer supported by SIEM system
**** If firewall monitored
In addition to the costs of the Skaylink Cyber Security Center, costs may accrue for Azure Sentinel and Azure Monitor, if used.
FAQ
The Cyber Security Center is a cloud-native security operations center.
- Login from an atypical country (can also just be the end of a VPN tunnel)
- Fast switch of login location (Europe, and then Asia 10 min. later)
- Repeated creation and deletion of accounts
- Assignment of administrative rights to standard accounts
- Discovery of software for criminal data encryption (ransomware)
- Components that can be infiltrated based on open source (Log4J)
- Unusual data transfer
There are two service packages: Essential and Professional.
Essential:
- Microsoft Defender for Endpoint (MDE) Plan 1 or Plan 2
- GravityZone Bitdefender
- Azure AD Premium P1 / P2
Professional:
- MDE Plan 1 or Plan 2
- GravityZone Bitdefender
- + 1 additional Defender product
Onboarding, ramp-up → Active operations
Active operations
No! Response, increased IT security via workshops, attack simulation, reports and more are included in our product.
Depending on the size, different products can be used. The service can basically be used starting with one seat.
The price is calculated per user per month, depending on which plan meets the customer’s needs and the dedicated infrastructure instances (firewalls).
We’d be happy to advise you on all security issues. Click here for our offer: Security & Compliance Assessments.
- Microsoft 365 Traffic
- Azure Activity Logs (VM, storage, network, etc.)
- Amazon Web Services
- Log ingestion via Syslog, etc.
- Defender for Cloud (also for on-premises infrastructure)
- DNS logs
- Event logs
- Threat intelligence/TAXI
You might also be interested in
Case study “Rent an AWS Cloud Engineer”
Cloud-Based CRM System for Dr. Klein
AWS Control Tower – secure multi-account setup at the push of a button
IoT solution for airport self-boarding
Let’s start the future together
Unsure where the digital journey should take you? Our experts will be happy to answer your questions without obligation!
Simply fill out the form on the right and we will get back to you as soon as possible.
