Central security monitoring and incident management for IT and OT infrastructures — around the clock. Our analysts detect, validate and respond to threats in your environment so your team can focus on the business. Vendor-independent, ISO 27001-aligned, with data residency you control.
Central security monitoring and incident management for IT and OT infrastructures — around the clock. Our analysts detect, validate and respond to threats in your environment so your team can focus on the business. Vendor-independent, ISO 27001-aligned, with data residency you control.
Real-time detection and correlation of security events
Alert validation and prioritisation by experienced SOC analysts
Incident analysis, escalation and SLA-based response
Modern SIEM and threat-intelligence technologies
Regular reporting and continuous security improvement
Six managed capabilities plugging directly into your SOC environment — each vendor-validated, MITRE-mapped, and operated by our analysts around the clock.
24/7 endpoint monitoring with automated detection and isolation of compromised systems, plus threat hunting mapped to MITRE ATT&CK.
Microsoft Defender · SentinelOne · CrowdStrike
AI-driven analysis of network traffic that surfaces lateral movement, zero-day activity and command-and-control — including OT/ICS protocols.
Passive · OT/ICS: Modbus, S7, OPC-UA
Continuous, risk-based scanning correlated by SOC analysts so you fix what actually matters, in the right order.
Qualys · Tenable · CVSS / EPSS
Detection of stolen credentials, leaked data and exposed domains across the dark web, with actionable alerts and optional executive monitoring.
Cyble Threat Intelligence Platform
Centralised control of access to critical systems, with session recording, just-in-time access and MFA — closing the door on insider threats and privilege misuse.
Session recording · JIT · MFA
AI-based detection and blocking before encryption occurs, with automated file rollback and self-healing for affected systems.
Halcyon-powered · NIS2 / DORA / TISAX
When an incident lands, speed is everything. Our response capabilities are designed to contain, analyse and recover — measured in minutes, not hours.
Aligned with NIST & ISO 27035
24/7 access to experienced IR specialists for rapid assessment, containment, forensic analysis and recovery — with documented lessons learned.
Containment in minutes, not hours
Playbook-driven immediate actions for P1/P2 incidents — endpoint isolation, account lockout and firewall activation — seamlessly integrated into the Managed SOC.
No single vendor owns your security. Choose the stack that fits your budget, your existing estate and your data-residency requirements — we operate them all.
All models run on infrastructure managed by Ciberseg, with full EU data residency and zero dependency on a single technology vendor.
A fully open-source stack (Wazuh SIEM, Shuffle SOAR, DFIR-IRIS, MISP) self-hosted by Ciberseg — zero licensing cost, complete data control.
For clients already invested in Microsoft Sentinel and Defender. We operate within your Azure tenant via Lighthouse — you keep ownership of the SIEM.
SIEM and endpoint governance bundled as one service — combining Wazuh detection with NinjaOne RMM for Windows-centric mid-market organisations.
High-availability detection at scale: a clustered Wazuh deployment with Suricata NDR and Velociraptor DFIR for complex hybrid environments.
Three tiers designed for the scale you are today and the ambition you have tomorrow. All tiers include 24×7 shift operations and a dedicated Security Delivery Manager.
+ €3 / user / month
+ €3 / user / month
+ €3 / user / month
Reference end-customer rates. Add-ons: First Response (+€2/user/mo), German-language operation (+€500/mo), additional log sources on request. Volume discounts apply.
Our SLAs are contractually binding. Every priority class has a defined response window and an escalation path — no ambiguity, no excuses.
| Priority | Meaning | Basic | Professional | Enterprise |
|---|---|---|---|---|
| P1 — Critical | Active breach / business-critical impact | 60 min | 30 min | 15 min |
| P2 — High | Confirmed threat, contained scope | 4 h | 2 h | 1 h |
| P3 — Medium | Suspicious activity, needs analysis | 8 h | 4 h | 2 h |
| P4 — Low | Informational / hygiene findings | Next business day | 8 h | 4 h |
MTTR = Mean Time To Respond · SLAs measured from alert validation to first analyst action
From initial scoping to continuous operations, every engagement follows a clear, repeatable lifecycle — so you know exactly where you are at every stage.
Define assets, threat model and rules of engagement together with your team.
Automated scanning and manual reconnaissance to map the real attack surface.
Controlled attack simulation to confirm which vulnerabilities are genuinely exploitable.
Prioritised findings with CVSS scores, business impact and clear remediation steps.
Guided fix support and re-testing to confirm every issue is closed for good.
Our onboarding team can have you live in the SOC within days. No long procurement cycles, no complex setup. Book a consultation and we will scope your environment the same day.
Always watching. Always protecting. Always ahead.