From October 18, many companies will be obliged to register themselves with the authorities as part of the new NIS2 directive. But what exactly does NIS2 mean and how does it relate to SIEM? In this blog, you will find out what the NIS2 directive requires and what measures need to be implemented. At the end you will find a practical NIS2 directive self-test that you can use to check whether your company could be affected by the NIS2 directive

What is the NIS2 Directive?

The NIS2 Directive is intended to improve cyber security in the EU and affects many companies – both directly and indirectly, as the supply chains of the affected sectors must also be protected. Above all, the EU’s strict requirements demand a response time to cyber security incidents that most companies cannot meet without preparation. You can find the directive on the EU website here Since July 24, 2024, this EU-wide directive has also been enshrined in German national law. Which aspects of the NIS2 Directive pose the greatest challenges in terms of implementation? In our opinion, they are the following:

Reporting obligations:
Within 24 hours: Security incidents or near-incidents must be reported to the authorities within 24 hours. An initial suspicion as to the cause of the incident should also be reported.

Within 72 hours: A detailed report is now required. This report should assess the severity of the incident, outline the impact and explain the indicators of compromise.

Within one month: A comprehensive final or progress report must be submitted after one month. This report must describe the nature of the threat, the causes and the remedial measures taken. It should also address possible cross-border effects of the incident.
Audits:

According to the EU’s NIS2 guidelines, companies are obliged to carry out regular audits and assessments of their IT security. The frequency of these audits depends on the company’s risk assessment. Security assessments and reports should be forwarded to the management so that any necessary corrective measures can be initiated quickly if deficiencies are identified.
Sensitization of employees:

In the past, training courses helped companies to protect themselves against espionage and ransomware attacks. Now such training is mandatory in order to comply with the NIS2 standards. So you are not only protecting yourself from attacks, but also from penalties. Regular training and ongoing support for employees is more important than ever to ensure a high level of security awareness and strengthen resilience against cyber threats. Find out more in our blog on working securely in M365.

You are only as good as your tools. To meet the demanding requirements, we believe you need a new tool that can handle the load. This is exactly where SIEM comes into play.

What is SIEM?

SIEM stands for Security Information Event Management. E SIEM system provides a comprehensive overview of your company’s IT security. It collects and analyzes security data from various sources such as ERP systems, cloud services and IoT devices (e.g. smart TVs, cameras, etc.). By monitoring login attempts, system changes and other security-related events, the SIEM system detects suspicious behavior. In the event of anomalies, alarms are triggered and detailed logs are created to quickly identify and resolve threats.

What makes a SIEM system so powerful is its ability to harmonize log files from different sources. As a result, it provides a comprehensive overview of all activities in the network at a glance, even in large and complex IT environments that would otherwise be difficult to analyze.

NIS2 and SIEM – The Perfect Pair

The image illustrates how a SIEM system and the NIS2 Directive fit together perfectly like two puzzle pieces, creating an ideal pair.

A SIEM system is essential to meeting the requirements of the NIS2 directive because it provides several core functions that are critical to compliance. Here are the main reasons:

Centralized Monitoring and Analysis

NIS2 Requirement: The directive requires companies to ensure a high level of IT security, including the monitoring and analysis of security-related events.
SIEM function: SIEM systems provide a central platform for monitoring the entire IT infrastructure and analyzing security-relevant data in real time. This helps companies to quickly detect and react to suspicious activities.

Real-Time Threat Detection

NIS2 Requirement: Companies must be able to detect and respond to threats and security incidents as quickly as possible.
SIEM Function: SIEM systems capture and analyze data streams in real time and can immediately detect anomalies or unusual activities, allowing for a swift response to potential security incidents.

Incident Management and Reporting

NIS2 Requirement: The directive stipulates that security incidents must be documented and reported to the relevant authorities within specified deadlines.
SIEM function: SIEM systems create detailed logs and reports on security-relevant events and incidents. They support the fulfillment of reporting obligations through automated reporting and documentation.

Risk Management

NIS2 Requirement: The directive requires effective risk management to identify and mitigate potential security threats.
SIEM function: SIEM systems aggregate security data from various sources and analyze it to assess risks and identify vulnerabilities. This information is crucial for the development and adaptation of risk management strategies.

Which SIEM System?

The market is virtually flooded with providers of SIEM software. So which provider can you trust? As is so often the case, it’s a matter of taste and we are happy to introduce you to 3 providers and have drawn comparisons for you.

	ManageEngine Log360	Microsoft Sentinel	Splunk
Implementation	Cloud and on-premise	Cloud-native (Azure)	Cloud and OnPremise
Data Sources	Broad support, incl. AD	Integrated with Azure services and other data sources	Broad support for different data sources
Scalability	Suitable for SMEs, limited scalability	Highly scalable, particularly suitable for Azure users	Very high scalability, suitable for large companies
Analysis and visualization	Detailed reports and dashboards, but limited	Powerful visualizations	Comprehensive analysis functions, powerful dashboards
Machine learning	Basic threat detection and analytics	AI-driven threat detection and automation	Advanced machine learning models for anomaly detection
Real-time monitoring	Yes	Yes, AI supported	Yes
Compliance	Templates and reports for compliance	Integrates compliance management for Azure services	Provides comprehensive compliance reports
Automation	Basic functions	Strong automation through playbooks and integrations	Extensive automation options
Integration	Well integrated with ManageEngine products	Tightly integrated with Azure services and Microsoft 365	Extensive integration options with third-party providers
Costs	€	€€	€€€

Important note: It should be mentioned that there are many other providers in the SIEM sector and that the market landscape is currently changing very rapidly. Six months ago, Splunk was still considered the clear market leader. In the meantime, however, Microsoft Sentinel has caught up considerably thanks to numerous upgrades. Now it’s more of a neck-and-neck race. In addition, Splunk has concerns about its long-term business model, particularly due to the acquisition by Cisco, which could lead to possible changes in the license structure.

NIS2 Directive – FAQ

Where can I get help with the implementation of the NIS2 directive?Manuel Mayer2025-02-24T09:56:09+01:00

Where can I get help with the implementation of the NIS2 directive?

We are happy to support you with the technical implementation and show you how you can meet the standard. In a free initial consultation, we will discuss your current situation and your goals to determine whether a collaboration will provide the help you need. Our contact form opens the door to a NIS2-compliant future.

NIS2 Is Coming – Do You Need a SIEM System?

NIS2 Is Coming – Do You Need a SIEM System?

What is the NIS2 Directive?

What is SIEM?