In collaboration with Microsoft, CANCOM Austria has implemented the Cyber Defence Centre (CDC) based on the Microsoft Security Stack. This combination of an experienced security team, cloud-based technology and AI-powered analytics enables proactive threat detection and rapid response – round the clock, 365 days a year. The CDC is delivered as a product-based managed service with a defined onboarding process, standardised operational procedures, reusable detection scenarios and clearly defined service modules, which reduce the payback period for SME and C-level clients. Unlike point solutions or narrowly focused security providers, CANCOM combines consultancy, implementation, managed operations, Microsoft licensing and CSP administration, as well as long-term customer support, within an integrated delivery model.
Integration is multi-tenant via Azure Lighthouse, whilst customer data remains within the customer’s own tenant. Analysts work with clearly defined RBAC roles and zero-trust-compliant access models. Microsoft 365 Defender provides XDR signals, including those from Defender for Endpoint, Identity, Office 365 and Cloud Apps. These data sources are fed into Microsoft Sentinel via native connectors and correlated with additional sources such as firewalls and NSM.
The CDC utilises this information in the LOG (SIEM) and EDR modules to map an attack in full across the MITRE ATT&CK matrix. Analysts assess alerts based on standardised playbooks and escalate only verified incidents. Monthly dashboards and reports enhance transparency at executive level. Automation is achieved via Sentinel automation rules, Logic Apps and, optionally, via an integrated SOAR platform such as XSOAR. AI-powered analytics and the purple team approach ensure that use cases and processes are continuously improved. The operating model is guided by ‘secure-by-design’ principles and the responsible use of AI in security operations.