From 18 October, many companies will be required to register with the authorities under the new NIS2 directive. But what exactly does NIS2 mean and how is it related to a SIEM system? In this blog, you will learn what the NIS2 directive requires and which measures need to be implemented.

What is the NIS2 directive?

The NIS2 Directive is aimed at improving cybersecurity in the EU and affects many companies – both directly and indirectly, as the supply chains of the affected sectors must also be protected. Above all, the strict requirements of the EU stipulate a response time to cybersecurity incidents that most companies cannot meet without preparation. You can find the directive on the EU website here. This EUwide directive is currently being incorporated into national law in all EU member states. What aspects of the NIS2 directive pose the greatest challenges in terms of implementation? In our opinion, they are as follows

  • Reporting Obligations: Within 24 Hours: Security incidents or near incidents must be reported to the authorities within 24 hours. This should also include an initial suspicion regarding the cause of the incident. Within 72 Hours: A detailed report is now required. This report should assess the severity of the incident, outline its impacts, and explain the indicators of compromise. Within One Month: A comprehensive final or progress report must be submitted within one month. This report should describe the nature of the threat, the causes, and the corrective measures taken. Additionally, it should address any potential cross-border impacts of the incident.

  • Audits: EU NIS2 directive require companies to conduct regular IT security reviews and assessments. The frequency of these audits depends on the company’s risk assessment. Security assessments and reports should be shared with senior management so that the necessary corrective action can be taken quickly if deficiencies are identified.

  • Employee Awareness: In the past, training helped companies protect themselves from espionage and ransomware attacks. Now, such training is mandatory to meet the NIS2 standards. This not only protects you from attacks, but also from penalties. Regular training and ongoing employee support are more important than ever to ensure a high level of security awareness and strengthen resilience to cyber threats.

You’re only as good as your tools. In our view, meeting today’s demanding requirements requires a new tool that can handle the load. This is precisely where SIEM comes into play.

What is SIEM?

SIEM stands for Security Informationt and Event Management. A SIEM system provides a comprehensive overview of your company’s IT security. It collects and analyses security data from various sources such as ERP systems, cloud services and IoT devices (e.g. smart TVs, cameras, etc.). By monitoring login attempts, system changes and other security-related events, the SIEM system detects suspicious behaviour. If anything looks suspicious, it triggers alerts and generates detailed logs to quickly identify and remediate threats.

What makes a SIEM system so powerful is its ability to harmonise log files from different sources. This provides a comprehensive overview of all network activity at a glance, even in large and complex IT environments that would otherwise be difficult to analyse.

NIS2 and SIEM – The Perfect Pair

The image illustrates how a SIEM system and the NIS2 Directive fit together perfectly like two puzzle pieces, creating an ideal pair.

A SIEM system is almost indispensable for meeting the requirements of the NIS2 directive because it offers several core functions that are crucial for compliance with the directive. Here are the main reasons:

  • NIS2 requirement: The directive requires companies to ensure a high level of IT security, including the monitoring and analysis of security-related events.
  • SIEM function: SIEM systems provide a centralized platform for monitoring the entire IT infrastructure and analyzing security-related data in real time. This helps companies quickly detect and respond to suspicious activities.

  • NIS2 requirement: Companies must be able to detect and respond to threats and security incidents as quickly as possible.
  • SIEM function: SIEM systems capture and analyze data streams in real time and can immediately detect anomalies or unusual activities, allowing for a swift response to potential security incidents.

  • NIS2 requirement: The directive stipulates that security incidents must be documented and reported to the relevant authorities within specified deadlines.
  • SIEM function: SIEM systems create detailed logs and reports of security-related events and incidents. They support the fulfilment of reporting obligations through automated reporting and documentation.

  • NIS2 requirement: The directive requires effective risk management to identify and mitigate potential security threats.
  • SIEM function: SIEM systems aggregate security data from various sources and analyze it to assess risks and identify vulnerabilities. This information is crucial for developing and adjusting risk management strategies.

Which SIEM System?

The market is flooded with providers of SIEM software. Which provider can you trust? As so often, it’s a matter of taste. We are happy to introduce you to three providers and compare them for you.

ManageEngine Log360 Microsoft Sentinel Splunk
Implementation Cloud and OnPremise Cloud-native (Azure) Cloud and OnPremise
Data Sources Broad Support, including AD Integrated with Azure Services and Other Data Sources Broad Support for Various Data Sources
Scalability Suitable for SMEs, limited scalability Highly scalable, particularly suitable for Azure users Very high scalability, suitable for large companies
Analysis and visualisation Detailed reports and dashboards, but limited powerful visualisations Comprehensive analysis functions, powerful dashboards
Machine Learning Basic threat detection and analysis AI-driven threat detection and automation Advanced machine learning models for anomaly detection
Realtime monitoring Yes Yes, AI supported. Yes.
Compliance Templates and reports for compliance Integrated compliance management for Azure services Provides comprehensive compliance reports
Automation Basic functions Strong automation through playbooks and integrations Extensive automation options
Integration Well integrated with ManageEngine products Tightly integrated with Azure services and Microsoft 365 Extensive third-party integration options
Cost €€ €€€

Important notice: It should be mentioned that there are many other providers in the SIEM space and the market landscape is currently changing very rapidly. Six months ago, Splunk was still considered the clear market leader. However, Microsoft Sentinel has since caught up strongly through numerous upgrades. Now it is more of a neckandneck race. There are also concerns about Splunk’s longterm business model, particularly due to its acquisition by Cisco, which could lead to possible changes in the licence structure.