Threat Detection 
and Hunting

As part of our Managed Service Threat Detection & Hunting (TDH) service, we help you to reliably identify highly complex attacks. We keep you well informed thanks to superior sensors and comprehensive analysis by our SOC analysts.


Thanks to community insights, our own threat intelligence, and commercial and open sources of information, we know what to look for.


We work towards full, continuous visibility through network-based sensors installed at central points and the enrichment of relevant metadata.


Our analysts check, classify, evaluate, and eliminate false positives and keep you in-formed in the event of an incident.

Optimal recognition

Armed with a comprehensive set of indicators and rules, we recognise attacks at an early stage. We do not just rely on open source and commercial partners. Rather, we enrich that information with knowledge from our own threat intelligence and information provided by the DCSO community and our network.

Best possible visibility and transparency

Corporate networks are constantly the focus of professional attackers seeking to commit industrial espionage or sabotage. In order to defend your resources successfully, you need to ensure the visibility of your own data traffic and detect movement between infected systems (lateral movement). These are decisive factors.

We inform you in the case of an incident

Relieve strain on your SOC (Security Operations Centre) with our Managed Security Service and a superior sensor system installed at central nodes of the network infrastructure. We lay the groundwork to make sure that the relevant data traffic remains transparent. If an alarm is triggered, our analyst backend evaluates and filters false alarms, rates the criticality and urgency of the alarm, and generates a comprehensive report. That way, you can stay best informed about specific observations and affected systems and receive appropriate recommendations for action.

Managed Intelligence

  • Curated security content
  • Enrichment
  • Indicators and rules from various sources (e.g., DCSO threat intelligence, communities, OSINT, and federal)

Managed Visibility

  • Suricata-based sensors
  • Operation, monitoring, and maintenance
  • Assistance with deployment and baselining

Managed Analytics

  • Analysis and validation of alarms
  • Issuing of alerts, advice, and recommendations for checking and troubleshooting