Contact
AREAS OF ACTIVITY

Cyber Security

Projects Delivered
1000 +
Active Managed Services Contracts
100 +
Client Satisfaction
98.9 %
SOC

The Security Operation Center

Comprehensive monitoring and protection of IT environments The Security Operations Center (SOC) is a central component of the services provided by the Cyber Defence Center — a specialized brand of net-o-logy focused on ensuring continuous monitoring of the security of our clients’ IT systems.

 

Our SOC operates on an “as a Service” model, which means we provide a complete set of tools and expertise under the Managed Security Service Provider (MSSP) model — without requiring the client to invest in any infrastructure.

 

By combining advanced technologies (XDR/EDR, integration with SIEM, SOAR, NDR, and Active Directory systems) with the expertise of our L1 – L3 analyst team, we ensure year-round effective monitoring, detection, and response to security incidents – 24/7.

Comprehensive monitoring and protection of IT environments The Security Operations Center (SOC) is a central component of the services provided by the Cyber Defence Center—a specialized brand of net-o-logy focused on ensuring continuous monitoring of the security of our clients’ IT systems.

 

Our SOC operates on an “as a Service” model, which means we provide a complete set of tools and expertise under the Managed Security Service Provider (MSSP) model—without requiring the client to invest in any infrastructure.

By combining advanced technologies (XDR/EDR, integration with SIEM, SOAR, NDR, and Active Directory systems) with the expertise of our L1–L3 analyst team, we ensure year-round effective monitoring, detection, and response to security incidents  – 24/7.

Team Expertise

The Cyber Defence Center  team consists of experienced analysts, administrators, auditors and security engineers, operating within a cohesive SOC ecosystem.

Depending on the nature of the incident, we engage specialists from various fields

– from the Blue Team and Compliance to the Red Team responsible for penetration testing.

Monitoring
24/7/365

Constant monitoring of the client’s environment by a team of L1–L3 analysts. Correlation and classification of alerts from EDR and SIEM systems within the organizational context, automatic and manual validation of events, detection of anomalies and unusual behaviour.

Security Incident Response

Host isolation, file quarantine, blocking of processes or network connections, implementation of recommended security policies, execution of remote scripts and automated response playbooks.

EDR environment management

Configuration and administration of security policies, device control (e.g., USB, d disc encryption), agent updates, and defining trusted zones for applications and processes.

SIEM environment management

Integration of log sources (systems, servers, networks, public clouds), design and tuning of correlation rules, the monitoring of telemetry data integrity – as well as testing the effectiveness of detection mechanisms.

Reporting and analysis

Periodic incident reports, dashboards for administrators and management, statistics on trends and response effectiveness. Reports tailored to regulatory requirements (NIS2, GDPR, ISO/IEC 27001)

Cyber Threat Intelligence (CTI)

Monitoring of the dark web and deep web to detect data leaks, credentials – while offering to sell access. Automatic alerts regarding breaches related to the organization’s domain.

Monitoring
24/7/365

Constant monitoring of the client’s environment by a team of L1–L3 analysts. Correlation and classification of alerts from EDR and SIEM systems within the organizational context, automatic and manual validation of events, detection of anomalies and unusual behaviour.

Security Incident Response

Host isolation, file quarantine, blocking of processes or network connections, implementation of recommended security policies, execution of remote scripts and automated response playbooks.

EDR environment management

Configuration and administration of security policies, device control (e.g., USB, d disc encryption), agent updates, and defining trusted zones for applications and processes.

SIEM environment management

Integration of log sources (systems, servers, networks, public clouds), design and tuning of correlation rules, the monitoring of telemetry data integrity – as well as testing the effectiveness of detection mechanisms.

Reporting and analysis

Periodic incident reports, dashboards for administrators and management, statistics on trends and response effectiveness. Reports tailored to regulatory requirements (NIS2, GDPR, ISO/IEC 27001)

Cyber Threat Intelligence (CTI)

Monitoring of the dark web and deep web to detect data leaks, credentials – while offering to sell access. Automatic alerts regarding breaches related to the organization’s domain.

Scope of Services
  • Incident Response (IR)
  • Identification and classification of the incident, analysis of the source and attack vector,
  • Isolation of infected hosts and systems,
  • Preventing the spread of the attack within the infrastructure (network, AD, servers, workstations),
  • Securing artefacts and logs for further analysis,
  • Incident report describing the events, consequences, and recommendations for corrective actions.
  • Forensic Analysis
  • Analysis of digital traces (logs, memory, disks, registry),
  • Reconstruction of the incident timeline and identification of the source of the breach,
  • Assessment of the extent of data loss and verification of whether data exfiltration has occurred,
  • Ransomware & Malware Recovery
  • Analysis and neutralisation of malware,
  • Recovery of encrypted data from backups or DR systems,
  • Validation of system integrity after restoration,
  • Implementation of preventive policies and new security rules
  • Disaster Recovery Assistance
  • Support in activating backup environments (DR / DRC),
  • Consulting on prioritising the restoration of critical systems,
  • Reconfiguration and validation of backup, replication, and data recovery mechanisms,
  • Post-incident environment restoration testing.
EMERGENCY

Emergency Rescue Team

Support during crises and after security incidents.

 

The Emergency Rescue Team (ERT) is a specialised crisis response team operating within the Cyber Defence Center. Its mission is to rapidly restore business continuity following security incidents, IT system failures or ransomware attacks. The ERT combines technical, analytical, and organizational expertise, offering support from the moment an incident is detected through to the full restoration and securing the environment.

 

Our goal is to limit the impact of an attack, minimise downtime – and restore full system functionality in the shortest possible time — while maintaining compliance with applicable security standards and procedures.

 

SECURITY VULNERABILITIES

Vulnerabilities

Comprehensive management of an organization’s vulnerabilities and resilience

 

The Cyber Defence Center supports organizations in building resilience against cyber threats by combining three key services:

 

• Vulnerability Management,
• penetration testing (Pentests)
• threat monitoring (Cyber Threat Intelligence – CTI).

 

The goal is to ensure a full cycle of detection, analysis, and elimination of weaknesses in the IT environment—from early detection, through verification of security effectiveness, to proactive identification of data breaches

1

Vulnerability
Management

Systematic detection and mitigation of risks in the IT infrastructure

 

Over a hundred new vulnerabilities (CVEs) are published every day, some of which are immediately exploited through attacks. The lack of an effective vulnerability management process leads to data loss, system downtime, and breaches of compliance with regulations such as GDPR or NIS2.

Scope of services
  • Scanning of IT infrastructure using commercial tools (including Tenable, Qualys, Rapid7)
  • Identification and classification of vulnerabilities based on CVE and CVSS metrics
  • Risk analysis in the organizational and environmental context
  • Periodic reports with trends, statistics - with recommendations for improvements
  • Support for integrating scan results with SIEM/SOAR systems and SOC processes
2

Penetration tests

Attack simulations to verify the effectiveness of security measures

 

Penetration tests are a key element in assessing the resilience of an IT environment. They enable the identification of real vulnerabilities which could be exploited by cybercriminals before an incident occurs. At the Cyber Defence Center, we conduct penetration tests using various models and scenarios—from external infrastructure testing to a detailed analysis of web and mobile applications.

Scope of service
  • Black-Box, Grey-Box, and White-Box testing – varying levels of knowledge about the environment, from full external attack simulation to tests with administrative access
  • Web application and API analysis – verification of errors in logic, authorisation, and session management
  • Website testing
  • Network infrastructure testing – analysis of systems, servers, firewalls and endpoints
  • Reporting and remediation – a detailed technical report including a risk analysis and a list of recommended corrective actions
3

Cyber Threat Intelligence (CTI)

Proactive detection of data leaks and threats on the dark web

 

Over 80% of security incidents begin with the use of previously stolen credentials. Our Cyber Threat Intelligence (CTI) system enables monitoring of the dark web, deep web, and external sources to detect information related to your organization —  prior to use in an attack.

Scope of service
  • Monitoring of corporate email domains and identification of login data leaks
  • Analysis of hundreds of sources (forums, paste-bins, auctions, black markets, databases)
  • Early alerts about new leaks and breaches
  • Option of monitoring private email addresses of management
COMPLIANCE

Compliance – NIS2 & ISO/IEC 27001

Organizational compliance, security, and resilience Regulatory requirements regarding cybersecurity, such as the NIS2 Directive, DORA and the ISO/IEC 27001 standard all require organizations to implement effective mechanisms for information protection, incident management, and business continuity.

 

Cyber Defence Center supports companies and institutions in the process of compliance assessment, implementation of information security systems, and preparation for audits and certification.

 

Our goal is to provide  authentic, practical knowledge and tools that not only meet formal requirements but actually enhance an organization’s security.

Zakres usług
  • Security and Compliance Audits (Gap Analysis)
  • Assessment of the current state in the context of NIS2, ISO 27001, and DORA requirements,
  • Identification of gaps in the information security system, IT processes,
  • Operational areas,
  • Organizational Maturity Assessment,
  • Report with recommendations for corrective actions and a compliance plan.
  • Development and implementation of security documentation
  • Creation or update of the Information Security Policy, Risk Management Policy, Incident Response Procedures, Business Continuity Plans (BCP/DRP),
  • Alignment of documentation with NIS2 and ISO 27001:2022 requirements,
  • Support in establishing roles and responsibilities (e.g., CISO, IRT, asset owners).
  • Preparation for ISO/IEC 27001 certification
  • Workshops and consultations with the client’s team,
  • Review and analysis of risks in accordance with ISO 27005,
  • Preparation of documentation for the certification audit,
  • Support during the external audit and implementation of post-audit recommendations.
  • NIS2 Readiness Assessment
  • Assessment of the organization’s readiness to implement the NIS2 Directive,
  • Mapping legal requirements vs. organizational processes,
  • Assistance in developing incident management policies, reporting to CSIRT, and ensuring operational resilience,
  • Recommendations regarding registration as a critical service operator or digital service provider
Scope of Services
  • Security and Compliance Audits (Gap Analysis)
  • Assessment of the current state in the context of NIS2, ISO 27001, and DORA requirements,
  • Identification of gaps in the information security system, IT processes,
  • Operational areas,
  • Organizational Maturity Assessment,
  • Report with recommendations for corrective actions and a compliance plan.
  • Development and implementation of security documentation
  • Creation or update of the Information Security Policy, Risk Management Policy, Incident Response Procedures, Business Continuity Plans (BCP/DRP),
  • Alignment of documentation with NIS2 and ISO 27001:2022 requirements,
  • Support in establishing roles and responsibilities (e.g., CISO, IRT, asset owners).
  • NIS2 Readiness Assessment
  • Assessment of the organization’s readiness to implement the NIS2 Directive,
  • Mapping legal requirements vs. organizational processes,
  • Assistance in developing incident management policies, reporting to CSIRT, and ensuring operational resilience,
  • Recommendations regarding registration as a critical service operator or digital service provider
  • Preparation for ISO/IEC 27001 certification
  • Workshops and consultations with the client’s team,
  • Review and analysis of risks in accordance with ISO 27005,
  • Preparation of documentation for the certification audit,
  • Support during the external audit and implementation of post-audit recommendations.
Scope of services
  • Phishing campaigns – simulated social engineering attacks in the users’ environment; effectiveness analysis, reporting, and recommendations.
  • Security Awareness Training – online training and workshops on the secure use of IT systems, recognising phishing attempts, and incident response procedures.
  • Security Awareness Report – assessment of employees’ knowledge and attitudes following the training campaign.
SA

Security Awareness & phishing simulation

Human factors remain one of the primary attack vectors. That is why we support organizations in building a security culture through educational and testing initiatives.

Czynniki ludzkie wciąż stanowią jeden z głównych wektorów ataku. Dlatego wspieramy organizacje w budowaniu kultury bezpieczeństwa poprzez działania edukacyjne i testowe.

CDC

Cyber Defence Center

The Cyber Defence Center(CDC) is a specialised brand of net-o-logy, bringing together the expertise and resources necessary to build real cyber resilience for organizations.

The CDC has been established in response to rapidly growing threats—in a world where the question “if” has been replaced by “when,” and traditional security models are no longer sufficient.

 

The CDC is home to a multidisciplinary team consisting of security analysts, engineers, architects, auditors, Blue/Red Team specialists, business continuity experts and incident response teams. They combine their expertise to provide a full spectrum of services: from monitoring and detection, through incident response, to compliance audits, security architecture and post-attack environment recovery with the support of onsite engineers.

The Cyber Defence Center(CDC) is a specialised brand of net-o-logy, bringing together the expertise and resources necessary to build real cyber resilience for organizations.

The CDC has been established in response to rapidly growing threats—in a world where the question “if” has been replaced by “when,” and traditional security models are no longer sufficient.

The CDC is home to a multidisciplinary team consisting of security analysts, engineers, architects, auditors, Blue/Red Team specialists, business continuity experts and incident response teams. They combine their expertise to provide a full spectrum of services: from monitoring and detection, through incident response, to compliance audits, security architecture and post-attack environment recovery with the support of onsite engineers.

Why was the Cyber Defence Center established?

In recent years, Poland has been among the most cyber- targeted countries in Europe, with a particular surge in ransomware campaigns. Modern criminal groups operate methodically, often with financial

and technological resources comparable to those of legitimate companies. At the same time, regulations such as NIS2, DORA, and ISO 27001:2022 require organizations to implement processes and mechanisms that enhance operational resilience.

 

Our data shows that organizations today employ two dominant strategies:

1. Building internal security teams

Effective on a day-to-day basis, however requiring external support in critical situations—especially during ransomware attacks. This is when our Emergency Rescue Team takes steps to restore the environment, stabilise the operational situation, and support the decision-making process.

2. Partnership with a cybersecurity specialist

A model chosen by organizations that do not choose to or are unable to maintain a full SOC, IR, forensics, and business continuity planning structure. CDC provides them with full 24/7 operational capability, engineering expertise, and regulatory support. This combination of experience from both models led to the establishment of the Cyber Defence Center. It is a place where technology, processes, and organizational expertise converge into a single, cohesive security ecosystem.

PHILOSOPHY

Our operating philosophy

Human factors remain one of the primary attack vectors. This is why we support organizations in building a security culture through educational and testing initiatives.

Security as an organizational capability, not just a set of tools

In accordance with the NIST and ISO 27001 frameworks—effective security encompasses not only detection and response, but also organizational processes, training, communication and business continuity.

The security triad: people, processes, technology

Effective resilience is a balance between: 

  • increasing the cost of an attack,
  • minimising the risk of business continuity disruption,
  • 24/7 operational capability (SOC, ERT, monitoring, detection, response).

Resilience instead of ‘a hindsight reaction ’

The CDC’s goal is to transition from an incident-based model to a resilience-based model in which the organization is prepared both for an attack and for rapid action under pressure.

SCOPE

Scope of the Cyber Defence Center’s Competencies

The CDC brings all key security areas  together:

01

Security Operations Center (SOC)

24/7/365 monitoring, detection, response, and operational management of the EDR, SIEM, and CTI environments.

03

Vulnerability Management and Penetration Testing

Vulnerability scanning, risk analysis, remediation recommendations, penetration testing, and resilience testing.

05

Compliance & Governance

Compliance audits for NIS2, ISO/IEC 27001, DORA; documentation, policies, processes, awareness training & phishing.

02

Emergency Rescue Team (ERT)

Rapid crisis support: ransomware, malware, forensics, data recovery, AD restoration, DR.

04

Cyber Threat Intelligence (CTI)

Data breach detection, dark web analysis, threat alerts specific to the organization.

01

Security Operations Center (SOC)

24/7/365 monitoring, detection, response, and operational management of the EDR, SIEM, and CTI environments.

02

Emergency Rescue Team (ERT)

Rapid crisis support: ransomware, malware, forensics, data recovery, AD restoration, DR.

03

Vulnerability Management i Pentesty

Vulnerability scanning, risk analysis, remediation recommendations, penetration testing, and resilience testing.

04

Cyber Threat Intelligence (CTI)

Data breach detection, dark web analysis, threat alerts specific to the organization.

05

Compliance & Governance

Compliance audits for NIS2, ISO/IEC 27001, DORA; documentation, policies, processes, awareness training & phishing.

WHY US

Why CDC?

Over 20 years of net-o-logy experience in 24/7 services and IT infrastructure

A team of over a hundred security experts

Combining SOC, IR, forensics, audits and training in one center*

Real support in critical moments — more than just consulting

Full compliance with ISO/IEC 27001:2022 and ISO 9001:2015

Industrial Security Certificate

MISSION

Our mission

We are creating the Cyber Defence  Center* to support organizations in building lasting resilience—one that encompasses people, processes, and technology, and that enables them to operate efficiently both on a daily basis and in crisis situations; this in a world of growing uncertainty, where cybersecurity must be a shared responsibility, not a one-time  fix.

Cookies preferences

Others
Other uncategorized cookies are those that are being analyzed and have not been classified into a category as yet.

Necessary

 Necessary
Necessary cookies are absolutely essential for the website to function properly. These cookies ensure basic functionalities and security features of the website, anonymously.

Advertisement
Advertisement cookies are used to provide visitors with relevant ads and marketing campaigns. These cookies track visitors across websites and collect information to provide customized ads.

Analytics
Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics the number of visitors, bounce rate, traffic source, etc.

Functional
Functional cookies help to perform certain functionalities like sharing the content of the website on social media platforms, collect feedbacks, and other third-party features.

Performance
Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.