Martin Krick is the IT security coordinator for the town of Sundern in the Sauerland region of North Rhine-Westphalia. He has worked for the local authority for many years and has extensive experience with municipal IT systems.
Why did you opt for a managed SOC solution?
Martin Krick: We have been a G DATA customer for over 20 years. We started with smaller solutions, which we have gradually expanded over time. A key factor in our decision to choose G DATA Managed SOC was a major security incident at one of our service providers. This incident also became public knowledge. In this situation, it became clear that whilst we were able to react quickly by protecting our clients, we also had a key weakness: our IT department is typically staffed between 7 am and 4 pm. So what happens outside these hours? We realised that we had a critical gap there. Of course, you can work with on-call arrangements and alert plans, but this is difficult to implement in the day-to-day operations of a local authority with limited resources. Added to this is the fact that alerts are not always clear-cut and, in case of doubt, staff may need to respond even at night. Against this backdrop, we looked closely at solutions that enable continuous monitoring. This is how we came across a Managed Security Operations Centre. As we had already had many years of positive experience with G DATA, it made sense for us to continue down this path together.
Are there any specific criteria that are important to you when selecting a service provider?
Martin Krick: Our own experience was the primary factor for us. After working together for over 20 years, we were able to assess very clearly just how reliable and effective G DATA is. External reviews are of secondary importance to us. Of course, things don’t always run perfectly, but what matters is how such issues are handled. In that regard, our experience has been consistently positive.
Another key point is the issue of data protection and compliance. It was essential for us to choose a provider based in Germany whose infrastructure is also operated here. Requirements such as GDPR compliance and security standards play a major role, particularly in the public sector. It was important to us that the data is not scattered across the globe, but is processed under clearly defined, transparent conditions. This combination of trust, location and security standards was ultimately decisive in our decision.
How did the onboarding and implementation phases go?
Martin Krick: We had several coordination meetings with the project team. One initial challenge for us was the amount of preparatory work involved. We had to fill in a detailed spreadsheet beforehand to provide information about our IT systems. After that, the actual implementation went very quickly – in some cases faster than we could keep up with internally. Things were therefore a bit bumpy in places during this phase. There were also initial difficulties with individual components such as the dashboard. A parallel internal server migration probably played a role here too. This further complicated the coordination and led to occasional delays and additional consultations. However, the important thing is that all issues were addressed and resolved. There were no outstanding issues. Since the implementation was completed, the system has been running stably and reliably.
To be fair, it wasn’t a ‘press a button and everything works straight away’ project, but a process with individual hurdles – which were ultimately overcome successfully.
How has Managed SOC changed the day-to-day work of your IT team?
Martin Krick: Our monitoring has been significantly stepped up thanks to Managed SOC. We were already keeping an eye on our clients before, but now the monitoring is more comprehensive and continuous.
In day-to-day terms, this mainly means that we regularly check the dashboard and keep an eye on activities. It is particularly interesting to see that work is constantly being carried out in the background – when an analyst reviews and resolves an incident without us having to intervene actively.
At the same time, we are glad when things remain quiet and no major incidents occur. At present, we are in a situation where we are not confronted with a multitude of attacks on a daily basis – and we would be happy for it to stay that way.
Are there any specific examples where the SOC team has detected an incident at an early stage or prevented damage?
Martin Krick: Fortunately, we haven’t had any serious incidents so far that would have resulted in significant damage or even required us to switch to emergency operations.
However, we regularly receive alerts and recommendations for action from the analyst team. These include, for example, anomalies where we are asked to investigate specific issues. We look into these cases, clarify the cause and usually resolve them quickly.
One specific example was a file that initially appeared suspicious but ultimately turned out to be non-critical. It was an internal copy created as part of a process. After checking it, we were able to close the case. Overall, the G DATA team helps us to identify potential anomalies at an early stage and deal with them in a structured manner before they develop into a major problem.
Do you use the G DATA web console to find out more about incidents or to see what the analysts are doing?
Martin Krick: I check the web console several times a day to see what the G DATA team is up to. That feeling that ‘someone is keeping an eye on things’ is a huge benefit for us.
Are there any features or services you would like to see in G DATA Managed SOC in the future?
Martin Krick: I’d like a bit more clarity in the client list. Personally, I think the Managed Security Operations Centre could have included more additional services, even if that meant a higher price.
Imagine you had to describe G DATA Managed SOC in one sentence. What would it be?
Martin Krick: G DATA Managed SOC does exactly what it’s supposed to do. It protects us from attacks and takes the pressure off us in our day-to-day work.
Would you recommend G DATA to others? What would you highlight?
Martin Krick: I have already recommended G DATA and will continue to do so. For me, communicating on an equal footing is a crucial factor. It’s important to have a contact person with whom you can speak openly and clearly. The German-speaking support service is very important to me.
Added to this are clear selling points such as the German server location and data storage in Germany. Linked to this are compliance with the General Data Protection Regulation and the reliable quality of the Managed SOC solution. However, I would particularly like to highlight the confidential working relationship. For us, trust is the main reason for recommending the service.
In this interview, I have shared with you the customer’s perspective on G DATA Managed SOC. Our blog series “The minds behind G DATA Managed SOC” has already featured the following articles:
Andy Felbinger offers insights into the topic “Managed SOC & Sales – What questions do customers have?”.
- Andy Felbinger offers insights into the topic “Managed SOC & Sales – What questions do customers have?”.
- “People who speak up can be helped” – Tobias Misse talks about the Managed SOC onboarding process for new customers.
- “We react quickly, but not rashly” – in this interview, Christoph Schulze explains how the Managed SOC analyst team detects and stops cyberattacks.
- Dirk Zurawski works for Oberberg-Online, a long-standing partner of G DATA CyberDefense. In “G DATA CyberDefense’s Managed SOC is expert protection for everyone, round the clock from Germany”, he explains his role as the link between the customer and the G DATA Managed SOC.
