Mission Statement –
IT-Security & CSIRT Services
MH Security Framework
Our mission is to sustainably protect companies from cyber threats through our IT security and CSIRT services, and to respond quickly and effectively in the event of an incident. By combining preventive security measures, proactive threat detection, and professional incident response, we strengthen our customers’ digital resilience.
We identify and close security gaps, detect and analyze advanced threats such as APTs, attacks on web services and OT systems, and ensure that attacks do not go unnoticed. In the event of a cyber incident, our CSIRT (Computer Security Incident Response Team) is ready to take swift and targeted action using specialized experts, state-of-the-art forensic technology, and proven processes.
Our goal is to minimize damage, restore IT infrastructure, and implement lasting security improvements.
Through continuous optimization, knowledge transfer, and collaborative partnerships, we ensure that our customers stay one step ahead – secure, resilient, and well-prepared for the challenges of the digital threat landscape.
Analyze
Hunt for New Attack Vectors & Assess Existing Security Postures
Our mission in the Analyze domain is to proactively identify both emerging attack methods and existing security vulnerabilities. Through in-depth analysis of customer infrastructures – from Active Directory and firewalls to endpoint and cloud security – we uncover weaknesses and assess potential attack surfaces.
With a forensic perspective on current threat landscapes and innovative research methods, we ensure that security risks are detected early and addressed in a targeted manner. Our goal is to enhance organizational resilience against future cyber threats and to derive effective protective measures.
Cyber Security Check
The Cyber Security Check offers a structured analysis of a company's IT security situation along the entire value chain. In an interactive 5-hour format, organizational, infrastructural, and technical aspects are examined and evaluated using a traffic light system. The aim is to identify specific vulnerabilities and derive prioritized measures—pragmatically, comprehensibly, and effectively.
Protect
Implement Countermeasures for Well-Known Attacks or Malware
Our mission in the Protect domain is to strategically enhance and adapt established security measures to provide organizations with optimal protection against known threats. By implementing robust defense mechanisms across areas such as Active Directory, firewalls, endpoint security, and cloud environments, we minimize attack surfaces and strengthen our customers’ resilience against cyberattacks.
We rely on automated defense strategies, continuous optimization, and industry best practices to proactively counter threats. Our goal is to establish a resilient security architecture that withstands ever-evolving threats and ensures sustainable protection for businesses.
Co-Managed Firewall Service
The product bridges the gap between unmanaged firewalls and comprehensive security services such as
- MDR: The goal is to ensure transparent, audit-proof firewall operation with predictable performance.
- Managed model: Full operation by us
- Co-managed model: Shared responsibility with customer IT (access approval & change coordination)
DARKNET MONITORING SERVICE
The Darknet Monitoring Service offers customers external, keyword-based monitoring of relevant sources on the clearnet, deep web, and darknet. The aim is to detect leaks or signs of planned attacks at an early stage before operational damage occurs. Results are provided in the form of alerts and monthly status reports. The product is technically passive (no connection to customer systems) and fully GDPR-compliant.
NAC WITH PACKETFENCE
This solution provides a centralized, platform-independent network access control system that protects networks from unauthorized devices and ensures compliance-compliant access management. PacketFence is a proven open-source NAC platform with extensive features for network segmentation, device onboarding, BYOD handling, and integration with existing directory services.
Secureldent
SecureIdent is a highly secure authentication solution based on certificate-based two-factor authentication (2FA) in combination with privileged identity management (PIM). The solution was developed to meet the highest security requirements and is suitable for security-critical environments in business, government, and defense. As a provider, we support companies and government agencies in setting up a multi-level enterprise public key infrastructure (PKI), integrating YubiKey smart cards, and introducing a PIM system.
Thread
Find threats, generate incidents
Our mission in the Thread domain is to detect cyber threats in real time and accurately identify security incidents — ranging from traditional attacks to highly sophisticated Advanced Persistent Threats (APTs). Using cutting-edge threat intelligence, anomaly detection, and proactive security analytics, we monitor the entire corporate infrastructure, including Active Directory, firewalls, endpoint security, cloud environments, web services, and OT systems.
Our goal is to reliably detect attack attempts, minimize false positives, and classify critical security incidents with maximum accuracy to enable a fast and effective response. In doing so, we ensure a transparent, resilient, and robust security posture that protects organizations from complex threats.
SOC Readiness – Consulting & Support for Your Own Security Operations Center
The SOC Readiness Service supports companies in setting up their own Security Operations Center (SOC) – professionally, organizationally, and technically. The aim is to accompany customers on their journey from project launch to stable SOC operation: practical, adaptable, and aligned with standards such as ISO 27001, BSI IT-Grundschutz, or NIST.
MDR Service
Our MDR (Managed Detection & Response) service offers comprehensive protection through continuous threat detection, analysis, and rapid response to security incidents. There are two service levels to choose from—Essential and Advanced—tailored to different protection needs.
SOC Service
The SOC service provides our customers with a fully operated Security Operations Center (SOC) – focusing on continuous monitoring of security-related events via a central SIEM system. Based on our MDR service and linked to proven detection use cases, we take care of the operation, analysis, prioritization, and – depending on the agreement – escalation of incidents.
Enterprise log management with Graylog & OpenSearch
This solution provides a scalable and powerful enterprise logging platform that enables centralized log collection, analysis, normalization, alerting, and storage. The system relies on proven open-source technologies:
- Graylog for processing and analyzing log data
- OpenSearch as a high-performance search and storage solution
- Ingress proxy for secure and redundant log acceptance
Respond
Remediate Incident
Our mission in the Respond domain is to support organizations quickly, effectively, and precisely in the event of a security incident. With our mobile response teams, specialized hardware, deep expertise, and established processes, we can respond promptly on-site and professionally handle cyberattacks of any kind — from ransomware and APTs to attacks on web services and OT systems.
Our focus is on rapid containment, forensic analysis, and sustainable remediation of the incident to minimize operational disruptions and prevent future attacks. By working closely with the customer, we develop tailored recovery strategies, optimize security measures, and ensure that the organization emerges stronger from the incident. Our goal is to restore critical business processes as quickly as possible and enhance resilience against future threats.
Expert Forensic Service
Expert Forensic Service provides IT forensic support for public authorities with a focus on speed, reliability, and legally compliant evidence preservation. Whether you need specific IT forensic measures, technical advice on IT security, or technical support in the context of investigations, Expert Forensic Service offers fast, professional assistance. Remotely or directly on site. The service is available throughout Germany—24/7, remotely or on-site, and fully GDPR-compliant.
