The customer is one established IT service provider in healthcarethe business model of which is based on the safe processing of highly sensitive data. In view of increasing regulatory requirements (UA §75b SGB V) and increasing cyber threats, the company decided to set up a modern cloud security architecture with SIEM integration and SoC operation by Protos Technologie GmbH.
Regulation & threats in step
From the beginning, the project was faced with the task of building up a powerful Siem and SOC architecture that both the increasing cyber threats as well as the high regulatory requirements does justice. The focus was on the challenge of reliably protecting sensitive health data and at the same time ensuring the proof obligations and revision -proof protocol.
In addition to the technical protection, the requirements of ISO 27001, BSI-Critis, NIS2 and GDPR had to be fully met and to integrate into the security architecture. Another goal was to significantly shorten the reaction times in the incident response and to establish a hybrid operating model according to the principle of “shared responsibility”, in which clear escalation paths and communication chains are defined.
Since the customer's employees had different previous knowledge in the area of cybersecurity, also had to Comprehensive Awareness and Change Management Program be developed. In this way, both technical resilience and organizational security should be strengthened sustainably.
Project begins: From the actual analysis to roadmap for security
As part of the project start, Protos carried out a comprehensive analysis of the technological and organizational conditions. An actual analysis of IT security architecture, compliance processes and existing tools was carried out.
“We initially mapped the existing infrastructure together with the customer and recorded all safety-relevant systems-from Firewalls to Entra ID to the M365 environments., Jan ReimersVice SOC Manager & Analyst at Protos.
From correlation to automation – security that grows with
Following the inventory, a cloud-based Siem solution based on Microsoft Sentinel designed and implemented and implemented Protos.
Central steps summarized:
- Connection of all safety -relevant systems (Azure Tenants, Firewalls, Entra ID, M365, Microsoft Defender)
- Building a CMDB for asset, service and organizational modeling
- Development of a hybrid SoC operating model including escalation chains and SLAS
- Implementation of over 200 new or adapted recognition rules (KQL) and automated Soar playbooks
- Building a vulnerability management system with Qualys VMDR and Defender VM
Kevin JägleSOC analyst at Protos, reports from practice: “The structure of the API integrations and CI/CD pipelines was particularly important to automate security workflows. We set early infrastructure-as code so that adjustments to policies and compliance checks remain reproducible and scalable. We were able to create the basis for a modern Secdevops model.”
In operation: reaction in minutes instead of hours
After the successful implementation The Protos SOC took over the 24/7 operation. Through continuous monitoring, threat hunting and automated reaction processes, security incidents are recognized and treated at an early stage.
“We were able to identify a suspicious access via compromised registration data in the Azure environment just a few weeks after the go-live. Thanks to Sentinel correlation and automated Soar playbooks, the account was immediately blocked and the attack was contained. Within minutes, the incident was under control-without a data drainage”, Erik driversSoc analyst bei protos.
In addition to the operational defense, Protos accompanies the customer when building his own SOC team as part of a “Cloud Center of Excellence” and leads Awareness-Trainings through to sensitize employees to current cyber dangers.
With Protos: future-proof cloud security for criticism environments
With the support of Protos technology, the customer was able to establish high-safe, regulatory and future-proof cloud security architecture. The combination of strategic advice, technical implementation and operational SOC mode ensures that critical infrastructures are protected and the Resilience compared to cyber attacks increased sustainably became.
“It was crucial for us not only to implement a project, but also to set the course for a long-term security and cloud strategy. Today, the customer benefits from an architecture that is both technologically and organizationally scalable, and can permanently meet regulatory requirements and not only grow with future threats. regulatory security go hand in hand “, Karsten QuellecCTO & SOC Manager Bei PROTOS.
The project shows an example of how Protos accompanies customers in highly regulated industries in the implementation of complex cybersecurity requirements as a vendor-independent partner-from planning to technical implementation to long-term operation.
Do you have any questions about our range of services related to cybersecurity and our report?
Write our expert Robert Hackenfort.
Secure free initial advice
Source: https://www.protos-technologie.de/2025/04/02/gesundheitsdaten-im-fokus-it-sicherheit-als-lebensader/
