Cyber News – SGBox Next Generation SIEM & SOAR

Cyber Security in Italy: analysis of the Clusit 2025 Report and solutions for protecting SMEs

SGBox — Wed, 03 Dec 2025 15:28:19 +0000

The new update of the Clusit 2025 Report paints a picture of rapid evolution. While the world battles financial cybercrime, Italy faces an unprecedented wave of geopolitical activism.

In this article, we analyze the main data and how SGBox technology can support Italian SMEs in defending themselves against the most prevalent threats.

Cber Security in 2025: a rapidly evolving landscape

2025 is proving to be a disruptive year for information security. While 2024 already signaled a worrying increase in incidents, the first half of 2025 confirms and aggravates this trend, bringing to light new dynamics that directly impact the operational continuity of companies and Italian institutions.

The latest update of the Clusit Report leaves no doubt: the frequency and severity of attacks are constantly increasing, making cybersecurity no longer an option, but a fundamental pillar for business survival.

The most significant data from the Clusit Report (H1 2025)

Globally, the situation is critical. In the first half of 2025, 2.755 severe incidents were recorded, the highest number ever logged for a single semester, marking an increase of 36% compared to the previous semester.

It is not just a matter of quantity, but of quality and impact: 82% of the incidents analyzed had consequences of “Critical” or “High” severity. This means that when an attack succeeds, the economic, reputational, and operational damages are almost always devastating.

Focus on Italy: a worrying anomaly

Italy continues to be in an uncomfortable position. Despite representing a minimal fraction of the world’s population, our country suffered 10.2% of the global attacks recorded in the first half of 2025.

However, what distinguishes Italy from the rest of the world is the nature of the attackers. While globally Cybercrime (driven by profit) dominates with 87% of incidents, in Italy, we are witnessing the overtake by Hacktivism. In our country, 54% of attacks are of activist/geopolitical matrix, versus 46% of cybercrime.

This peculiarity is reflected in the attack techniques:

DDoS (Distributed Denial of Service): this is the leading technique in Italy, used in 54% of cases (versus 9% globally), aimed at paralyzing services and creating visible disruptions.

Malware and Ransomware: although decreasing to 20% of the total in Italy, they remain a lethal threat to the integrity of company data.

Which sectors are most affected?

No sector can be considered safe, but 2025 has seen specific targeting of certain verticals:

Government & Military: this is the most affected sector in Italy (38% of the total), with a dizzying growth in incidents (+600% compared to the same period in 2024), driven by geopolitical tensions.

Transportation & Storage: rises to second place (17%), highlighting the fragility of supply chains and logistics.

Manufacturing: represents 13% of Italian incidents, confirming itself as a critical target due to the convergence between IT and OT and the value of intellectual property.

How SGBox responds to emerging threats

Faced with a scenario where DDoS attacks aim to halt operations and “Agentic” Artificial Intelligence begins to make threats more autonomous and sophisticated, Italian SMEs need total visibility into their infrastructure.

The SGBox platform offers a concrete and modular response to the critical issues highlighted by the Clusit Report:

Real-Time monitoring against DDoS: given the prevalence of DDoS attacks in Italy, SGBox’s ability to collect and correlate logs from different sources (firewalls, routers, servers) allows for real-time identification of traffic anomalies. This enables security teams to react promptly before the service is completely interrupted.

Defense against Malware and Ransomware: with 20% of Italian attacks still based on Malware, SGBox’s Event Correlation (SIEM) functionality is decisive. By analyzing suspicious patterns and correlating seemingly disconnected events, the platform can detect early signs of anomalies and automatically generate security alerts.

User Behavior Analytics (UEBA) for Agentic AI: the new threats based on Agentic AI operate autonomously and adaptively. The SGBox UEBA module analyzes the behavior of users and entities: if an account or a process begins to behave abnormally (e.g., accesses at strange hours, data exfiltration), the system signals it, regardless of whether the attacker is human or an AI-guided bot.

NIS2 Compliance and reporting: with the consolidation of the requirements imposed by the NIS2 Directive, risk management and incident notification become mandatory for many companies in the Supply Chain (Manufacturing, Transport). SGBox simplifies compliance by centralizing logs and generating advanced reporting ready for audits, reducing the bureaucratic burden.

Future prospects

The analysis of the Clusit 2025 report suggests that uncertainty is the “new normal”.

The gap between the offensive capability of attackers and the defense of companies is widening, and for the coming year, we expect the use of Artificial Intelligence in attacks to become increasingly pervasive and “underground,” making threats less evident but more insidious.

The challenge for Italian SMEs is not just technological but also cultural: it is necessary to move from a reactive approach to a proactive one, through well-defined security strategies and technologies capable of promptly detecting and responding to new cyber threats.

SGBox is committed to remaining at the forefront of cyber threat evolution, continuously developing new features and updating its solutions to guarantee the maximum level of protection to its customers.

To find out how SGBox can help your organization build a solid cybersecurity strategy, contact us for a personalized consultation.

PROTECT YOUR COMPANY>>

11 ways to optimize logging costs

SGBox — Mon, 17 Nov 2025 13:06:22 +0000

How can you optimize log-related costs?

In an increasingly data-driven world marked by constantly evolving threats, efficiently managing logs becomes a key strategic lever: it’s not just about controlling costs, but about ensuring operational visibility, security, and compliance without unnecessary expenses.

Adopting a Log Management platform allows you to achieve the right balance between visibility into security data across IT (Information Technology) and OT (Operational Technology) environments, while reducing overall costs.

Here’s how, together with SGBox, you can turn log management into an efficient process that creates a competitive advantage in terms of security and compliance.

1 – Define log retention policies

Keeping every generated event may seem like a cautious choice, but it often results in unnecessary expenses. Logs must be segmented by importance (critical / operational / less relevant) and assigned appropriate retention periods.

SGBox helps companies map log flows, define retention policies aligned with regulatory requirements (e.g., GDPR, NIS2), and automate archiving or deletion at the end of the useful lifecycle.

2 – Filter based on log level

Not all logs have the same value, meaning some are redundant and unnecessary for initiating security activities. Irrelevant, low-value logs should be reduced, as they can negatively impact SOC team operations.

SGBox supports the configuration and monitoring of log levels in complex environments, helping filter out priority alerts that are truly useful for security operations and audits.

3 – Use log compression

The volume of collected logs can grow quickly and disproportionately. Applying compression techniques reduces storage space and transfer costs without compromising accessibility.

SGBox offers integrated solutions for log compression and archiving, ensuring that data remains available for analysis while occupying fewer resources.

4 – Centralize Log Management

When logs originate from multiple applications, microservices, and regions, spreading them out makes analysis, correlation, and cost-control significantly harder. A centralized platform provides visibility, aggregation, and control.

SGBox delivers an advanced Log Management and SIEM platform that centralizes logs and security events, streamlines analysis procedures, and optimizes storage and access, reducing duplication and inefficiencies.

5 – Monitor and control log ingestion

Controlling which logs are ingested avoids allocating financial and technological resources to store unnecessary data. It’s important to set thresholds, control metrics, and anomaly alerts for log ingestion.

With SGBox, you can define automatic rules and alerts for log ingestion, exclude irrelevant traffic, and act quickly in the event of unexpected variations or spikes.

6 – Analyze data before archiving

Not all data deserves long-term storage. Enrichment and normalization at the point of entry allow filtering, aggregation, and transforming logs into more useful and compact formats, reducing costs and improving analysis quality.

SGBox supports data-enrichment pipelines, log transformation, and intelligent filtering so that only data truly needed for security, auditing, and actionable SIEM inputs is retained, optimizing threat detection performance.

7 – Use Tiered storage

Not all logs require the same level of accessibility: recent logs are consulted frequently, while historical logs are typically used only for audits or compliance. Using lower-cost storage tiers (cold, deep-archive) leads to significant savings.

With SGBox, you can define automatic policies that move logs across tiers (hot → warm → cold) based on usage, ensuring fast access where needed and more economical storage elsewhere.

8 – Automate Data Lifecycle Management

Manual interventions and sporadic actions lead to errors, hidden costs, or unnecessary data retained for too long. Automating the entire lifecycle, from collection, to tier transitions, to deletion, is essential.

SGBox integrates automation features for lifecycle management: automatic log transitions, scheduled expiration and deletion, all in line with internal policies and applicable regulations.

9 – Optimize indexing strategies

In log search engines indexing determines both cost and performance. Poor choices inflate costs.

SGBox supports companies in designing efficient log-search architectures: optimized mappings, shard/replica management, index rollover policies, and snapshot & archiving strategies that reduce costs and improve response times.

10 – Use cost governance tools

Understanding where money is spent, forecasting increases, and setting budget thresholds help maintain control over logging-related expenses. Dashboards, reports, and alerts are essential.

SGBox offers economic visibility across the entire log stack: dedicated reporting, cost driver analysis, alerts, and support for defining operational budgets, avoiding unexpected billing surprises.

11 – Apply log sampling

In high-volume environments (IoT, microservices, heavy traffic), recording every event can become prohibitive. Sampling consists of storing only a selected percentage of less-critical events while maintaining visibility into errors and anomalies.

SGBox helps define structured sampling policies: clear criteria (errors, security events, user behavior), dedicated flows for critical and non-critical events, and continuous monitoring of sampling effectiveness.

Discover SGBox Log Management >>

The role of SIEM in producing and managing security audits for regulatory compliance

SGBox — Wed, 15 Oct 2025 10:35:19 +0000

In a context where cybersecurity regulations are becoming increasingly stringent, ensuring compliance is no longer just a legal obligation, it’s a fundamental requirement for maintaining the trust of clients and partners.

Tools such as SIEM (Security Information and Event Management) play a crucial role in this process, enabling organizations to monitor, record, and analyze system activities to demonstrate their adherence to key regulations, including NIS2 and GDPR.

How SIEM enables regulatory compliance

Cybersecurity regulations like the NIS2 Directive, GDPR, and ISO 27001 standards require organizations to adopt appropriate technical and organizational measures to ensure data protection and effective incident management.

However, the real challenge for many companies lies in proving compliance, documenting every monitoring, analysis, and response activity.

This is where SIEM comes into play.

A SIEM system collects and correlates logs from all corporate devices and systems,such as firewalls, servers, endpoints, applications, and IoT devices, providing a comprehensive, real-time view of the organization’s security posture.

Thanks to its automated correlation and behavioral analysis capabilities, SIEM helps identify suspicious events, intrusion attempts, or data breaches.

More importantly, it records every activity in a structured and verifiable manner, ensuring the traceability required to meet audit and compliance obligations.

In practice, SIEM allows organizations to:

Centralize log collection and maintain logs in an unalterable format, as required by the GDPR.
Track and document access, changes, and security incidents.
Demonstrate the ability to promptly detect and respond to threats, as mandated by NIS2.
Automate the production of compliance reports according to predefined standards.

Security reports and audits

One of the main advantages of a Next-Generation SIEM system is its ability to automatically generate detailed and customizable security reports.

These reports are an essential resource for both internal and external audits, clearly demonstrating compliance with relevant regulations.

A security audit is an in-depth evaluation of an organization’s IT infrastructure and security practices, designed to identify existing vulnerabilities before they can be exploited by cybercriminals.

SIEM-generated reports may include:
Statistics on detected security events.
A timeline of incidents and corresponding responses.
Vulnerability analyses and attack trend assessments.
Comparisons between current security levels and regulatory requirements.

By automating reporting, SIEM reduces the workload of SOC teams, minimizes the risk of human error, and ensures the consistency and reliability of data over time.

During a security audit, having up-to-date and verifiable reports makes it easier to demonstrate to regulators that security controls are in place and that monitoring processes are actively maintained.

The importance of conducting periodic security audits

Performing periodic security audits is one of the best practices for maintaining compliance and ensuring an organization’s cyber resilience.

Audits help verify that security controls are effective, up to date, and aligned with current regulations.

Without appropriate tools, collecting and analyzing the data required for an audit can be a lengthy and complex process.

A SIEM system simplifies and accelerates this process by allowing organizations to:

Automatically analyze system logs and detect abnormal behavior.
Highlight potential risk or non-compliance areas.
Demonstrate continuous monitoring and timely corrective actions.

Conducting regular audits with the support of a SIEM transforms compliance from a mere obligation into an opportunity, enhancing not only security but also corporate transparency and governance.

SGBox and regulatory compliance

SGBox is a Next-Generation SIEM & SOAR platform designed to simplify security and compliance management for organizations of all sizes and industries.

Thanks to its modular architecture and advanced log management capabilities, SGBox enables organizations to:

Collect, normalize, and store security logs in full regulatory compliance.
Automate the generation of compliance reports for standards such as GDPR, NIS2, ISO 27001, and PCI-DSS.
Correlate security events and orchestrate incident responses (SOAR functionality).
Easily integrate new data sources and security modules to accommodate infrastructure growth.

In addition, SGBox offers intuitive, customizable dashboards that give IT Managers, CISOs, and DPOs a clear, real-time overview of security and compliance status, facilitating collaboration between technical teams and corporate management.

DISCOVER SGBOX SIEM>>

New threats (Ransomware and AI): defending with an advanced SIEM

SGBox — Tue, 02 Sep 2025 07:12:17 +0000

The current context: Ransomware and emerging AI threats

In recent years, Ransomware has become increasingly sophisticated and widespread. The rise of the Ransomware-as-a-Service model has enabled even criminals with limited skills to launch complex attacks.

In Italy, ransomware continues to rank among the most impactful threats during the first half of 2025, with a total of 91 attacks (compared to 92 in the first half of 2024). The most significant cases of the semester targeted a university, a hospital diagnostic lab, and several digital service providers for public administration. (Source: ACN Operational Summary).

The development of AI gives attackers new opportunities to create sophisticated threats that are becoming more frequent, adaptive, and difficult for traditional defense systems to detect.

This scenario makes intelligent and responsive security tools essential.

Challenges for SMEs, IT Managers, CISOs, and DPOs

Small and medium-sized businesses often lack dedicated security teams or large budgets. In this context, IT Managers, CISOs, DPOs, and Account Managers seek clear, effective, and ready-to-use solutions that ensure protection, business continuity, and regulatory compliance.

Why the adoption of an advanced SIEM is essential

A Next Generation SIEM leverages advanced contextual and behavioral data to detect subtle anomalies such as zero-day threats or unusual user behavior—issues that traditional defense systems often miss.

This enables the detection of silent attacks at their earliest stages, reducing response times and allowing the implementation of countermeasures to minimize damage.

Automation and Rapid Response

Modern SIEM solutions incorporate advanced correlation engines that proactively identify threat signals and trigger automated responses.

Centralization, continuous Monitoring, and Compliance

Advanced SIEMs centralize logs and events from multiple systems, enabling continuous monitoring and the creation of reports for security audits and compliance with GDPR, ISO 27001, or PCI DSS.

This streamlines operations and helps DPOs address regulatory requirements.

How SGBox’s Next Generation SIEM makes the difference

Modular, Scalable, and Cloud-Native Architecture

SGBox offers a Next Generation SIEM & SOAR Platform with a modular and distributed architecture, adaptable to the needs of both SMEs and large enterprises.

The Cloud SIEM version eliminates hardware and maintenance costs, offering automatic updates, customized integrations with existing infrastructures, and continuous monitoring.

In-Depth analysis, Threat Intelligence, and integrated SOAR

The SGBox platform includes a powerful correlation engine, Threat Intelligence capabilities for proactive analysis, and automated incident responses through its integrated SOAR component, which significantly reduces average detection and response times.

This allows IT Managers and CISOs to focus on priority threats, supported by intuitive dashboards and reports, achieving greater effectiveness in incident management.

Practical benefits of SGBox SIEM for businesses and Public Administration

Operational efficiency, thanks to automation that reduces workload and complexity.
Cost reduction, especially with the SaaS model, avoiding infrastructure investments.
Strategic support, with continuous monitoring, aggregated visibility, and compliance support.
Faster response times, powered by the SOAR engine, which shortens containment phases.

Explore the features of the Platform >>

SecureGate appoints Nusantara Asia Pacific as its Official Distributor in the ASEAN region

SGBox — Mon, 04 Aug 2025 07:52:53 +0000

Milan, August 4th – SecureGate, a leading provider of cybersecurity products and services, has officially appointed Nusantara Asia Pacific as its distributor across the ASEAN region.

The new partnership marks another step forward in the global expansion of SecureGate, that will enhance the availability of advanced cybersecurity solutions across the region through the 2 Business Unit: SGBox and CyberTrust 365.

SGBox’s Next generation SIEM & SOAR platform provides organizations with modular and scalable solutions to monitor, detect, and automatically respond to cyber threats effectively, while CyberTrust 365 offer tailored Managed Cyber Security Services for H24 security detection, prevention and response activities.

By partnering with Nusantara Asia Pacific, a leading value-added (VAD) technical distributor and authorized services, SecureGate aims to enhance the cyber security posture of SME’s and large enterprises with cutting-edge IT products and managed security services.

“We are delighted to announce Nusantara Asia Pacific as our official distributor for Indonesia and select regional markets,” said Patrick Ramseyer, Vice President of Sales for APAC and EMEA at SecureGate.

“This partnership marks a significant step forward in our regional expansion strategy. Nusantara’s strong local presence, deep market understanding, and proven track record in cybersecurity distribution make them an ideal partner to represent our solutions. We are confident that, together, we will bring greater value, visibility, and support to customers across Indonesia and beyond.”

The new distribution agreement represents a significant milestone for both companies, enabling them to support businesses in overcoming daily cybersecurity challenges in the Asia Pacific countries through continuous technical support and comprehensive pre- and post-sales assistance.

“We are pleased to be a part of this significant milestone with SecureGate”, said Susantari, Sales Director at Nusantara Asia Pacific.

“This partnership enhances our ability to provide businesses in the Asia Pacific region with the cutting-edge tools and comprehensive support they need to effectively address their daily cybersecurity challenges”.

SGBox Announces New Distribution Agreement with CIPS Informatica

SGBox — Thu, 19 Jun 2025 07:05:48 +0000

The new partnership will allow Italian companies to benefit from SGBox’s SIEM & SOAR platformand the related Manged Security Services to protect against cyber threats in compliance with regulations.

Milan, June 19, 2025 – SecureGate is pleased to announce a new partnership with the Italian distributor Cips Informatica for the supply of IT products included in the proprietary SIEM & SOAR platform, as well as the related managed security services provided through the CyberTrust 365 Business Unit.

Thanks to this collaboration, IT resellers, MSPs, and system integrators will have access to a modular and scalable platform for enterprise security monitoring, ideal for meeting the requirements of NIS2, ISO/IEC 27001, GDPR, and other European and national regulations.

SGBox is the Next Generation SIEM & SOAR platform — modular and scalable — entirely designed in Italy, developed to simplify and optimize ICT security management for companies of all sizes.

Its advanced log collection and management capabilities, correlation, analysis, and automated responses allow companies to protect themselves from all types of cyber attacks.

Thanks to intuitive reports and dashboards, the platform provides a comprehensive and real-time view of the IT infrastructure’s security status.

Based on these functionalities, Managed Cybersecurity Services are also provided through the CyberTrust 365 Business Unit, offering comprehensive management of security activities, compliance, and 24/7 monitoring of the IT infrastructure.

By partnering with CIPS Informatica—a provider of IT solutions with over 30 years of experience in the Italian market—SGBox aims to further expand its reach and equip local businesses with the necessary tools to overcome daily cybersecurity challenges.

We are excited to begin this collaboration with CIPS Informatica, a solid and well-established partner in the Italian IT distribution landscape.

Thanks to this agreement, we will be able to expand access to our SGBox SIEM & SOAR platform and related managed security services through a qualified and widespread sales network.

It’s a strategic step that allows us to respond even more effectively to the cybersecurity needs of Italian companies, providing scalable, reliable, and fully managed solutions,” said Massimo Turchetto, CEO of SGBox.

“We are proud to announce this partnership with SGBox, an Italian company that combines technical expertise, innovation, and strategic vision in the field of cybersecurity,” said Mario Menichetti, CEO of CIPS Informatica.

“With SGBox, we are further strengthening our offering to the channel, delivering concrete solutions to tackle the challenges posed by NIS2 and to support companies on their path to compliance and digital resilience.”

About SecureGate

SecureGate is a dynamic IT vendor providing advanced security solutions to protect companies from cyber threats, with high standards of support and technical assistance. SecureGate’s offerings are structured through two Business Units: SGBox and CyberTrust 365.

SGBox is the Business Unit focused on developing IT products. Through its “Next Generation SIEM & SOAR” platform, it offers a range of modular solutions for managing ICT security in compliance with regulatory requirements.

CyberTrust 365 is the Business Unit dedicated to Managed Cybersecurity Services. It provides full 24/7 protection by managing all activities related to an organization’s IT infrastructure security.

Website: https://www.securegate.it/

About CIPS Informatica

Since 1991, CIPS Informatica has been a reference point for the distribution of IT solutions in Italy, with a focus on cybersecurity, networking and data protection. Through a network of resellers and system integrators, CIPS supports companies in the digital transformation and protection of their IT infrastructures.

Website: www.cips.it

The most widespread cyberattacks in 2025

SGBox — Mon, 12 May 2025 09:05:25 +0000

Today’s digital landscape, marked by the proliferation of digital devices and new technologies, is seeing a rise in cyber threats that can compromise data integrity and operational security in organizations.

But which are the most common attacks? And how can you protect yourself?

We discuss this in the following article, analyzing the most prevalent attacks and emerging trends across key industries, and showing how SGBox can provide the tools needed to enhance organizational cybersecurity.

Cyberattacks in 2025

In 2025, the manufacturing, healthcare, and financial sectors, along with cloud and IoT technologies, are facing a proliferation of sophisticated cyberattacks.

The main threats confirm and intensify known trends: ransomware (often delivered as a service – Ransomware-as-a-Service), advanced phishing campaigns (sometimes AI-driven), software supply chain compromises, DDoS attacks (including ransom DDoS – RDoS), and zero-day vulnerabilities.

New technologies (generative AI, cloud microservices, IoT devices) and geopolitical tensions (e.g., international conflicts) have driven criminals to innovate: API attacks are on the rise, AI is being used to craft personalized phishing, and enhanced IoT botnets (Mirai/R2-D2) are powering mega DDoS attacks.

At the same time, there is a growing number of malware-free attacks, targeted social engineering, and cloud credential compromises.

From a regulatory perspective, directives like NIS2 in the EU, along with emerging laws on AI and healthcare data, have expanded the risk landscape for SMEs.

Summary of Key 2025 Attacks by Sector/Technology (Source: ENISA Europe):

Main trends in Cyberattacks

Ransomware on the rise: it remains the number one threat across all sectors. Victims range from major manufacturers to hospital networks; in 2024, 65% of industrial companies suffered ransomware attacks.

The ransomware-as-a-Service model continues to spread: new groups like RansomHub (active since 2024) allow even less skilled criminals to launch attacks. On the other hand, international law enforcement has struck major gangs, but the impact is limited due to the rapid emergence of replacements.

Malware-free and AI-driven attacks: advanced techniques are increasingly used, leaving no traditional payload. Cyber criminals leverage generative AI to create highly convincing phishing and custom exploits.

Supply Chain and third parties: attacks on the software and hardware supply chain are increasing. Vulnerable firmware and open-source libraries are preferred targets: in 2024, a backdoor was found in an open-source project, discovered only due to unusual CPU spikes. Organizations, including SMEs, must now treat third-party providers and software vendors as potential attack vectors.

Geopolitics and hacktivism: the Russia-Ukraine war and other conflicts have driven waves of DDoS attacks and disinformation campaigns. In finance, geopolitical events triggered DDoS surges (e.g., 58% of attacks targeted European banks). Manufacturing, with global supply chains, is also exposed to political tensions: state actors seek industrial data or aim to disrupt adversaries’ critical production.

Regulations and compliance: in Europe, new directives like NIS2 and DORA mandate cybersecurity measures in many sectors (including manufacturing and finance SMEs). Additionally, the EU’s AI Act imposes strict rules on AI use (e.g., in factories or financial services).

In healthcare, stricter data protection requirements (e.g., Health Information laws) are pushing SMEs to enhance internal controls. These regulations increase penalties in the event of an incident and raise the minimum standards for defense.

How SGBox protects organizations from Cyberattacks

Detects early signs of an attack

The SGBox Platform analyzes everything happening in IT systems in real time (logins, suspicious activity, intrusion attempts) and immediately alerts if something is wrong.

Aggregates and correlates data across technologies

Whether it’s an industrial machine, a healthcare app, or a financial system, SGBox connects the data, providing a comprehensive and up-to-date risk overview.

Responds automatically to limit impact

When it detects a real threat, SGBox can automatically trigger actions such as blocking suspicious access, isolating a device, or alerting IT staff.

Identifies unauthorized or unusual activity

It can detect when a user, even with valid credentials, does something unusual or risky—like accessing sensitive data at odd times or from unexpected locations.

Monitors Cloud services and secures digital identities

As more data moves online (e.g., Microsoft 365, SPID, digital healthcare services), SGBox checks for misconfigurations, unauthorized access, or credential theft risks.

Constantly monitors connected devices, even hidden ones

From medical tools to factory equipment and smart office devices, SGBox detects anomalies even in the hardest-to-monitor endpoints.

Supports regulatory compliance

SGBox generates automated reports and dashboards to help companies demonstrate compliance with increasingly strict regulations such as NIS2, GDPR and more.

Streamlines SOC team workflows

With SGBox, SOC teams have a powerful tool for monitoring, analyzing, and responding to critical events—all in one platform.

Thanks to its SIEM (Security Information & Event Management) functionality, all security information is centralized, offering clear and immediate insights into the most critical threats the SOC can act on without delay.

The SG-SOC Service by CyberTrust 365

Building on the SGBox SIEM & SOAR Platform, the SG-SOC managed service provides full cybersecurity activity management and 24/7 monitoring.

Here’s how CyberTrust 365’s SG-SOC as a Service helps organizations in manufacturing, healthcare, finance, cloud, IoT, and public administration address identified threats:

24/7/365 monitoring by a dedicated team

An external SOC department that’s always on, constantly monitoring your infrastructure and responding immediately to anomalies.

Early warning advisory

Continuous gathering and classification of threat intelligence sources to promptly alert you to emerging threats before they cause damage.

Automated Incident Response

Thanks to SOAR integration, SG-SOC can execute automated playbooks (system isolation, IP/domain blocking, IT team alerts) to quickly contain attacks like ransomware or credential compromises.

Centralized Log analysis (SIEM)

All events from networks, endpoints, cloud, and IoT feed into a single platform that correlates them in real time, allowing you to detect advanced phishing or malicious intent early.

Proactive Vulnerability Management

Regular scans and detailed reports on weaknesses (including OT/IoT devices and legacy software) to plan patches and reduce the attack surface.

Exposed surface mapping and protection (EASM)

Automated checks of external assets, cloud services, and public resources (e.g., SPID portals, PagoPA) to find insecure configurations or Dark Web leaks.

Advanced MITRE ATT&CK detection

Analysis of indicators of compromise and attacker TTPs (Tactics, Techniques & Procedures) to pre-empt APTs, supply chain attacks, and DDoS campaigns.

Incident handling & forensic analysis

In case of a breach, SG-SOC immediately initiates forensic investigations to trace the attack chain, eliminate residual threats, and support compliance processes.

Compliance Support

Ready-to-use reports and dashboards to help meet regulatory requirements (e.g., NIS2, GDPR, AdS), simplify audits, and reduce the risk of fines.

Scalability and Plug-and-Play Integration

SG-SOC adapts to the needs of both SMEs and large enterprises, requiring no extra infrastructure or in-house expertise. It integrates with existing IT tools, cutting down costs and implementation time.

SecureGate appoints Softprom as its official Distributor in CIS and Eastern Europe

SGBox — Wed, 23 Apr 2025 08:23:18 +0000

Milan, April 23, 2025 – SecureGate, a leading provider of cybersecurity products and services, has officially appointed Softprom as its distributor in CIS and Eastern European countries.

This strategic partnership will enhance the availability of SecureGate’s advanced cybersecurity solutions across the region through the 2 Business Unit, SGBox and CyberTrust 365.

SGBox’s Next generation SIEM & SOAR Platform provides organizations with modular and scalable solutions to monitor, detect, and respond to cyber threats effectively, while CyberTrust 365 offer tailored Managed Cyber Security Services for H24 security detection, prevention and response activities.

By partnering with Softprom, a trusted distributor with a strong regional presence, SecureGate aims to expand its reach and offer businesses reliable, cutting-edge security solutions tailored to their needs.

We are delighted to partner with Softprom to bring our cybersecurity solutions to a broader market in CIS and Eastern Europe,” said Patrick Ramseyer, VP Sales at SecureGate.
Their expertise and deep understanding of the cybersecurity landscape in the region make them the ideal partner to help businesses strengthen their security posture.

As a leading value-added distributor (VAD), Softprom will actively promote and support SecureGate’s solutions, ensuring a high level of service and expertise throughout every stage of our partnership.

“We are seeing strong demand for SIEM, SOAR, and managed cybersecurity services from companies looking to strengthen their resilience against cyber threats,” said Pavlo Zhdanovych, Managing Director of Softprom.

“SecureGate’s offerings, including the SGBox platform and CyberTrust 365 services, are a perfect addition to our portfolio. They help address critical customer needs — from incident monitoring to automated response. With our deep expertise and extensive partner network, we are confident in our ability to successfully support SecureGate’s expansion across Eastern Europe and Central Asia.”

This partnership marks a significant step for both companies, ensuring that businesses across Eastern Europe, as well as Ukraine, Moldova, Kazakhstan, Uzbekistan, Georgia, Armenia, Azerbaijan, Kyrgyzstan, and Serbia, have access to cutting-edge cybersecurity technologies to protect their digital assets.

Compliance with NIS2: essential tools for DPOs

SGBox — Wed, 02 Apr 2025 09:24:56 +0000

The NIS2 Directive marks a turning point for cyber security in Europe, imposing higher standards on companies regarding network and information system security.

For Data Protection Officers (DPOs), adapting to these new regulatory requirements is not just an obligation but also an opportunity to strengthen corporate resilience and foster a widespread security culture.

In this article, we will explore the strategic actions that a DPO must implement to ensure compliance with NIS2, illustrating how the SGBox platform can provide the necessary tools to effectively support this process.

Understanding and analyzing the regulatory framework

The first step for a DPO is to gain a deep understanding of the requirements imposed by the NIS2 Directive.

This regulation introduces stricter measures for managing cyber security risks and requires stronger collaboration between the public and private sectors.

A DPO must:

Analyze the gaps: conduct a detailed assessment of the company’s current security status, identifying gaps in relation to the directive’s standards and overlap with GDPR.

Stay updated: keep track of regulatory developments and international best practices, ensuring that internal policies are always aligned with new European directives.

Developing an Integrated action plan

Once the regulatory framework is understood, the DPO must develop a detailed action plan that includes:

Defining objectives: set clear and measurable security goals, such as adopting advanced monitoring systems and incident response procedures.

Identifying necessary resources: determine the human, technological, and financial resources required to meet the set objectives.

Implementing audit and control processes: schedule periodic audits to monitor the effectiveness of implemented measures and ensure continuous improvement.

Risk Assessment and Management

Risk assessment is a fundamental component of effective security management:

Mapping risks: Identify all potential threats and vulnerabilities that could compromise data security and IT infrastructures.

Classifying assets: Evaluate the relative importance of different company assets, prioritizing protection measures based on the potential impact of an attack.

Continuous monitoring: Implement incident detection systems and monitoring tools to respond quickly to anomalies.

The SGBox platform proves to be a valuable ally in this phase, offering advanced real-time monitoring features and risk analysis tools.

With SGBox, the DPO can configure customized dashboards that integrate data from multiple sources, facilitating constant risk assessment and the management of critical assets.

Implementing technical and organizational measures

To comply with NIS2, it is essential to implement a series of technical and organizational measures, including:

Adopting cybersecurity solutions: utilize antivirus, firewalls, intrusion detection/prevention systems, and encryption solutions to protect sensitive data.

Continuous training: organize training sessions and updates for staff, increasing awareness of cyber risks and proper incident management procedures.

Backup and disaster recovery procedures: implement business continuity plans and secure backup solutions to ensure rapid recovery in case of an attack.

SGBox provides integrated support in this area, enabling centralized management of security solutions in a single platform.

This not only allows real-time security event monitoring but also efficiently manages backup and disaster recovery activities, ensuring business continuity.

Collaboration and communication with stakeholders

Compliance with NIS2 is not an isolated task but requires collaboration across various business departments and engagement with external stakeholders.

A DPO must:

Create an internal support network: establish effective communication channels between IT, legal, risk management, and communication departments to ensure a coordinated response to incidents.

Engage with authorities and partners: maintain an open dialogue with regulatory authorities (such as ACN) and external partners, sharing useful information to improve defense and prevention strategies.

The SGBox platform facilitates this collaboration with its reporting and document-sharing functionalities.

With SGBox, the DPO can create detailed and easily shareable reports, streamlining both internal and external communication and ensuring that all stakeholders are constantly informed about the security status.

Ongoing monitoring and periodic review

Compliance is not achieved merely through the initial implementation of measures but requires continuous monitoring and review:

Periodic audits: schedule regular checks to verify the effectiveness of implemented measures and address any issues.

Updating action plans: periodically review the action plan, integrating new technologies and regulatory updates to maintain an adequate security level against emerging threats.

With SGBox, the DPO can set up automatic notifications and periodic reports that simplify the review process.

The platform’s predictive analysis and machine learning capabilities help identify trends and potential vulnerabilities before they become serious problems.

The evolution of DPO’s role

The role of the DPO has evolved significantly with the introduction of the NIS2 Directive, requiring a proactive and structured approach to cyber security.

Through in-depth regulatory analysis, the development of an integrated action plan, continuous risk assessment, the implementation of appropriate technical and organizational measures, and constant communication with stakeholders, the DPO can ensure corporate compliance and effectively protect IT infrastructures.

The SGBox platform serves as a fundamental support in this journey, providing essential monitoring, integrated management, and advanced reporting tools to tackle the challenges posed by NIS2.

Investing in these technologies means not only complying with regulations but also strengthening corporate resilience against cyber threats, ensuring a secure and reliable environment for the entire business ecosystem.

SGBox for the NIS2>>

Cyber Security in the Healthcare Sector

SGBox — Fri, 14 Mar 2025 11:03:06 +0000

Cyber Security in the Healthcare Sector: the situation

The healthcare sector is facing numerous challenges related to technological advancements and the maintenance of personal data privacy.

In this context, a determining factor is cyber security, which is increasingly important within this sector.

According to the latest Clusit Report 2025, it is estimated that the healthcare sector is on of the most affected by cyber attacks, with 810 cyber incidents recorded globally (30% more than the previous year).

This rapidly growing trend demonstrates the need for greater investment in cyber security, starting from the designation of personnel responsible for cyber security to the definition of robust defense strategies that ensure the operational continuity of healthcare platforms.

In Italy, cyber threats have shown a slight decline compared to 2023, with the increase from 15 to 13 public domain incidents.

The most used type of attack is the Ransomware, which proves to be the most effective tool to damage national health infrastructures.

Main threats in the Healthcare Sector

Data Breaches: Data breaches can lead to the loss or theft of patients’ personal information, such as health insurance details, social security numbers, medical test results, and other sensitive information.

Ransomware: Ransomware attacks have become increasingly common in the healthcare sector. Cyber criminals encrypt patient data and demand a ransom to unlock it, causing disruptions in healthcare services and putting patient safety at risk.

Unauthorized Access: hackers may attempt to gain unauthorized access to healthcare IT systems to steal information or patient data.

Connected Medical Devices: with the rise of networked medical devices, such as heart monitors and insulin pumps, the risk of cyber attacks that could compromise patient safety is increasing.

Lack of Security Training: healthcare personnel may not be adequately trained to recognize cybersecurity threats and take appropriate measures to prevent them.

Integrity of Medical Data: cyber attacks could compromise the integrity of health data, altering test results or treatment details.

Regulations and Compliance: the healthcare sector is subject to numerous data security regulations and standards, including GDPR and NIS2.

The impact of the NIS2 Directive on the Healthcare Sector

The healthcare sector is undergoing an unprecedented digital transformation, integrating advanced technologies aimed at improving care quality and operational efficiency.

Incidents in the healthcare field, mostly classified as high severity, threaten not only patient data and privacy but also the continuity of care and the security of medical devices.

The entry into force of the new NIS2 Directive, scheduled for October 17, 2024, will enforce greater cyber security regulation within EU member states, requiring the implementation of minimum measures to mitigate cyber risk.

The Directive will also have a significant impact on the healthcare sector, leading to the strengthening of measures and processes to defend against cyber threats and ensure the protection of patients’ personal data.

Overall, we can say that NIS2 is not just a mandate but a great opportunity to improve the approach to cyber security, in terms of risk management, governance, and operational continuity management of medical devices.

The role of Artificial Intelligence

The World Health Organization has issued a document providing specific guidelines, “Regulatory Considerations on Artificial Intelligence for Health”, which lists the main rules AI must adhere to ensure its safe, effective, and responsible use in healthcare.

The six main guidelines are:

Documentation and transparency
Risk management and lifecycle approach to AI systems development
Intended use and analytical and clinical validation
Data quality
Privacy and protection of personal and sensitive data
Involvement and collaboration

SGBox for the Healthcare Sector

The SGBox platform supports organizations in the healthcare sector in defending against cyber threats through advanced functionalities for data collection, management, analysis, and incident response, in compliance with privacy regulations.