Skip to navigation Skip to search Skip to content

Leuchter IT Cyber Security
Operations Center

Detect cyber threats in advance and eliminate them before they pose a threat to your business.

To the offers

Why do we need a
Security Operations Center (SOC)?

The number of cyber attacks worldwide has increased rapidly in recent years. Ransomware extortion, data theft, and the failure of digital services and processes can have devastating economic consequences. Hardly a day goes by without reports of hacker attacks, data breaches or IT security vulnerabilities at large companies and organizations. But how do you get comprehensive protection for your corporate network? How do you improve cyber security when it is not even possible to find appropriate IT security experts on the job market? And how is risk management supposed to assess the potential threats if it doesn't even know what they are?

For this reason, Leuchter IT has built up a SOC that detects and eliminates a wide range of cyber threats in advance - even before they pose a threat to your company.

Why choose the SOC
from Leuchter?

The Leuchter IT Cyber Security Operations Center expands your IT security department and supports you in meeting your legal responsibilities, documented in a security reporting. The service has been ideally tailored to SMEs, with the aim of providing optimum support in matters of cyber security. The services include:


Customer-specific processes can be monitored individually

24/7 Support (First- und Second-Level-Support)

Timely detection and elimination of malware

Proactive monitoring of your IT infrastructure

Regular security audits

IT security consulting on known security leaks

Monthly security reporting

The special

Leuchter IT Solutions AG operates the SOC in-house around the clock. Your IT infrastructure is continuously monitored, analyzed and evaluated by our IT security experts. Thanks to the knowledge gained during the detection and prevention process, cyber security is improved in the long term. The benefit: cyber threats against your company can be stopped and eliminated even faster in the future.


The advantages of Leuchter IT Cyber Security Operations Center


Benefit from our IT security knowledge and improve your IT security situation in the long term.

Already over 1,500 monitored end devices

Ideal and tailored to SMEs

IT security experts are made available to you

More security for your data

Immediate notification, handling and remediation of security incidents

Comprehensive IT monitoring around the clock

Proactive action on malware and vulnerabilities

Additional IT security experts as needed

On the pulse of time
with Microsoft Azure Sentinel


The Leuchter IT Cyber Security Audit uses Azure Sentinel technology. It is a cloud-based SIEM (Security Information & Event Management) solution from Microsoft for automated security threat detection, which allows combining activity data from different sources in a common workspace. Artificial intelligence (AI) and machine learning (ML) are used for security analysis.

This supports and helps our cyber specialists to quickly detect and avert attack scenarios.


You make the rules!

The Leuchter IT Cyber Security Operations Center offers the option of defining customer- and device-specific rules. This means that individual needs and processes can be addressed to ensure the highest level of security. You also benefit from a default set of over 200 rules

Depending on the rule, these are checked every 15 minutes or at intervals up to daily. The rules are defined and evaluated specifically for the customer. Leuchter IT Cyber Security Operations Center Silver and higher can run advanced queries thanks to Microsoft Sentinel.


The basis of the Leuchter IT
Cyber Security Operations Center


Our Leuchter IT Cyber Security Operations Center is based on the four pillars:

  • Prevent

  • Detect

  • Investigate

  • Respond

The latest technologies and processes are used for proactive monitoring. Algorithms immediately detect and isolate known attack scenarios. Artificial intelligence ensures that suspicious applications and processes are identified and stopped.

As soon as an alarm is triggered, our cyber security team takes over the analysis and immediately initiates all necessary measures to protect your corporate network.

Büro_mit Grafik_620x382

1. Prevent

All potential risks to your company are identified and transparently listed through a series of assessments. The residual risk is reduced by introducing structured recurring measures, which are listed below. Fully in line with our motto: Prevention is more effective than reaction.

  • Antivirus protection and attack surface reduction
  • Dedicated protection and product updates
  • Threat and security risk management
  • Leuchter IT Security Compliance Checker
  • Leuchter IT Cyber Security Audits
  • Protect Active Directory Security

2. Detect

The service records security events across all relevant data sources, providing comprehensive visibility and transparency. Advanced attack detection, in near real-time, allows security analysts to effectively analyze notifications, prioritize and isolate endpoints centrally, providing visibility into the full scope of an incident to take action to remediate threats.

At this stage, customer-tailored rules also take effect and individually block traffic on the network. Suspicious domains, files, URLs and IP addresses from own analyses and third-party suppliers are blocked immediately by default.


3. Investigate

Once an alert is triggered, the SOC manager reviews the alert using a proven and standardized process. Experienced analysts ensure confident decision making and continuous development throughout the detection and analysis process. These include:

  • Evaluation by the SOC analyst
  • Malware analysis, which includes isolating malware in a compartmentalized area and understanding the functionality and capabilities of a compiled program (reverse engineering)
  • Reading out the threat information
  • Assessment by experienced IT security analysts as well as interdisciplinary knowledge exchange

4. Respond

In the event of an incident, our IT security analysts initiate immediate defensive measures and isolate the malware. A coordinated approach according to the defined process steps enables a particularly fast response. After successful defense, the incident is handed over to the responsible recovery team. The measures include:

  • Development of complex, multi-layered incident response plans (playbooks, runbooks, ...)
  • Multi-step process (containment - remediation - handover to recovery team)
  • SOC analysts initiate defensive measures
  • Crisis management and crisis communication
  • Integrated management on responses (Incident Response Management)

Our packages

The measures listed above (Prevent, Detect, Investigate, Response) are carried out in all our packages.
The packages differ only according to the scope of services.

Decide for yourself how much cyber security you need for your company. Choose between our SOC packages Bronze, Silver and Gold.

  • Cyber Security Operations Center


    • Annual audit
    • Leuchter Custom Rules Basic
    • Semiannual review of the defined technical security requirements
    • Service availability from Mo - Fr, 12 h
    • 1 case and damage limitation per month/device
  • Cyber Security Operations Center


    • Device determination
    • Custom detection rules
    • Semiannual audit
    • Leuchter Custom Rules Advanced
    • Quarterly review of the defined technical security requirements
    • Continuous logging of changes in AD with weekly monitoring
    • User based behavior analysis
    • Sandbox analysis
    • Service availability from Mon - Fri 12h
    • 5 cases and damage limitation per month/device
  • Cyber Security Operations Center


    • Device determination
    • Custom detection rules
    • Semiannual audit
    • Leuchter Custom Rules Advanced
    • Monthly review of the defined technical security requirements
    • Continuous logging of changes in AD with daily monitoring
    • User based behavior analysis
    • Access to Microsoft experts on demand sandbox analysis
    • Service availability from Mon - Sun 24h
    • 10 cases and damage limitation per month/device


Do you need more information?


Do you have questions about the services of our Security Operations Center? Or would you like advice on the subject of IT security? We look forward to getting to know you.

contact us

Articles on the topic of IT security

Knowledge is power! Especially in the prevention of cyber attacks. Therefore, inform yourself in our blog.