EDR, SIEM, NIS-2, zero-trust — the terms that come up in every compliance audit, explained without marketing jargon.
EU directive for cybersecurity of critical sectors, in force since 17 Oct 2024.
The NIS-2 directive obligates essential and important entities to implement risk management, incident detection, patch management, and incident reporting within 24 hours. Fines up to €10M or 2 % of group revenue.
Security Information and Event Management — central collection and correlation of security logs.
A SIEM ingests logs from firewalls, endpoints, servers, and cloud services, normalizes them, and looks for patterns indicating attacks. Vyrex uses Wazuh as its open-source SIEM with over 1,700 prebuilt rules.
Endpoint Detection and Response — agent on each device detecting and reporting suspicious behaviour.
EDR agents monitor processes, file changes, registry entries, and network activity on workstations and servers. On suspicious behaviour they alert the SIEM. The Wazuh agent is EDR + FIM + vulnerability scanner combined.
Managed Detection and Response — EDR + 24/7 analysis by an external operations team.
MDR providers operate the SIEM, investigate alerts, and execute first-response actions. Often cheaper for mid-market than an in-house SOC. Vyrex offers MDR functionality from the Cyber Operations package with a 30-minute response time.
Extended Detection and Response — EDR plus correlated network and cloud telemetry.
XDR extends EDR with network IDS, DNS analysis, cloud workload protection, and email security in one platform. Vyrex realises XDR via Wazuh agents (endpoint) + Vyrex Edge (network) + Auto-Fix (response).
Intrusion Detection System — watches network traffic for attack patterns.
An IDS analyses packets in the network pipeline and alerts on known attack patterns (signatures) or anomalies. Vyrex Edge uses Suricata + Zeek as IDS, runs passively (out-of-band), does not slow down traffic.
Indicator of Compromise — technical sign that a system has been compromised.
IOCs are hashes, IP addresses, domains, file paths, or registry keys linked to known attacks. Vyrex continuously matches IOCs from threat-intel feeds against its own telemetry.
Multi-factor authentication — login with password plus second factor.
MFA blocks over 99 % of credential-based attacks (Microsoft 2024). Second factor: TOTP app, hardware token (FIDO2), push confirmation. Vyrex enforces MFA on all operator accounts.
GDPR — EU regulation for personal data.
GDPR regulates processing, storage, and transfer of personal data. Violations: up to €20M or 4 % of group revenue. Vyrex hosts exclusively in German data centres, no transfer to the US.
International standard for information security management systems (ISMS).
ISO 27001 defines over 90 control objectives and controls for information security. Certification via external auditor, annual re-audit. Vyrex roadmap: ISO 27001 certification in 2027.
Open-source SIEM and EDR platform with over 25,000 production deployments.
Wazuh combines log correlation, FIM, vulnerability detection, SCA audits, and MITRE ATT&CK mapping in a freely licensed platform. Vyrex hosts Wazuh as a managed service with multi-tenant isolation.
Security model with no trust in internal networks — every request is verified anew.
Instead of a 'safe' internal network, every connection is authenticated and authorised regardless of location. MFA, mTLS, and microsegmentation are mandatory. Vyrex implements zero-trust for all platform endpoints.
Security Operations Center — team monitoring security events around the clock.
A SOC consists of analysts in three tiers (Tier 1 triage, Tier 2 investigation, Tier 3 engineering). Mid-market companies usually outsource to MDR providers, since an in-house SOC becomes viable from 6 FTE onwards.
Standard of the German Federal Office for Information Security — modules and measures.
The BSI Grundschutz defines over 1,000 modules for IT security, from personnel security to container technology. Used modularly, compatible with ISO 27001. Mandatory for German public sector and CRITIS.
Penetration test — controlled attack by experts to find vulnerabilities.
Pentests probe real attack paths in an environment. Three types: black-box (no prior info), grey-box (partial info), white-box (full access). Recommended: annually plus after every major release.
