SGBox Next Generation SIEM & SOAR

Cyber Security in Italy: analysis of the Clusit 2025 Report and solutions for protecting SMEs

SGBox — Wed, 03 Dec 2025 15:28:19 +0000

The new update of the Clusit 2025 Report paints a picture of rapid evolution. While the world battles financial cybercrime, Italy faces an unprecedented wave of geopolitical activism.

In this article, we analyze the main data and how SGBox technology can support Italian SMEs in defending themselves against the most prevalent threats.

Cber Security in 2025: a rapidly evolving landscape

2025 is proving to be a disruptive year for information security. While 2024 already signaled a worrying increase in incidents, the first half of 2025 confirms and aggravates this trend, bringing to light new dynamics that directly impact the operational continuity of companies and Italian institutions.

The latest update of the Clusit Report leaves no doubt: the frequency and severity of attacks are constantly increasing, making cybersecurity no longer an option, but a fundamental pillar for business survival.

The most significant data from the Clusit Report (H1 2025)

Globally, the situation is critical. In the first half of 2025, 2.755 severe incidents were recorded, the highest number ever logged for a single semester, marking an increase of 36% compared to the previous semester.

It is not just a matter of quantity, but of quality and impact: 82% of the incidents analyzed had consequences of “Critical” or “High” severity. This means that when an attack succeeds, the economic, reputational, and operational damages are almost always devastating.

Focus on Italy: a worrying anomaly

Italy continues to be in an uncomfortable position. Despite representing a minimal fraction of the world’s population, our country suffered 10.2% of the global attacks recorded in the first half of 2025.

However, what distinguishes Italy from the rest of the world is the nature of the attackers. While globally Cybercrime (driven by profit) dominates with 87% of incidents, in Italy, we are witnessing the overtake by Hacktivism. In our country, 54% of attacks are of activist/geopolitical matrix, versus 46% of cybercrime.

This peculiarity is reflected in the attack techniques:

DDoS (Distributed Denial of Service): this is the leading technique in Italy, used in 54% of cases (versus 9% globally), aimed at paralyzing services and creating visible disruptions.

Malware and Ransomware: although decreasing to 20% of the total in Italy, they remain a lethal threat to the integrity of company data.

Which sectors are most affected?

No sector can be considered safe, but 2025 has seen specific targeting of certain verticals:

Government & Military: this is the most affected sector in Italy (38% of the total), with a dizzying growth in incidents (+600% compared to the same period in 2024), driven by geopolitical tensions.

Transportation & Storage: rises to second place (17%), highlighting the fragility of supply chains and logistics.

Manufacturing: represents 13% of Italian incidents, confirming itself as a critical target due to the convergence between IT and OT and the value of intellectual property.

How SGBox responds to emerging threats

Faced with a scenario where DDoS attacks aim to halt operations and “Agentic” Artificial Intelligence begins to make threats more autonomous and sophisticated, Italian SMEs need total visibility into their infrastructure.

The SGBox platform offers a concrete and modular response to the critical issues highlighted by the Clusit Report:

Real-Time monitoring against DDoS: given the prevalence of DDoS attacks in Italy, SGBox’s ability to collect and correlate logs from different sources (firewalls, routers, servers) allows for real-time identification of traffic anomalies. This enables security teams to react promptly before the service is completely interrupted.

Defense against Malware and Ransomware: with 20% of Italian attacks still based on Malware, SGBox’s Event Correlation (SIEM) functionality is decisive. By analyzing suspicious patterns and correlating seemingly disconnected events, the platform can detect early signs of anomalies and automatically generate security alerts.

User Behavior Analytics (UEBA) for Agentic AI: the new threats based on Agentic AI operate autonomously and adaptively. The SGBox UEBA module analyzes the behavior of users and entities: if an account or a process begins to behave abnormally (e.g., accesses at strange hours, data exfiltration), the system signals it, regardless of whether the attacker is human or an AI-guided bot.

NIS2 Compliance and reporting: with the consolidation of the requirements imposed by the NIS2 Directive, risk management and incident notification become mandatory for many companies in the Supply Chain (Manufacturing, Transport). SGBox simplifies compliance by centralizing logs and generating advanced reporting ready for audits, reducing the bureaucratic burden.

Future prospects

The analysis of the Clusit 2025 report suggests that uncertainty is the “new normal”.

The gap between the offensive capability of attackers and the defense of companies is widening, and for the coming year, we expect the use of Artificial Intelligence in attacks to become increasingly pervasive and “underground,” making threats less evident but more insidious.

The challenge for Italian SMEs is not just technological but also cultural: it is necessary to move from a reactive approach to a proactive one, through well-defined security strategies and technologies capable of promptly detecting and responding to new cyber threats.

SGBox is committed to remaining at the forefront of cyber threat evolution, continuously developing new features and updating its solutions to guarantee the maximum level of protection to its customers.

To find out how SGBox can help your organization build a solid cybersecurity strategy, contact us for a personalized consultation.

PROTECT YOUR COMPANY>>

11 ways to optimize logging costs

SGBox — Mon, 17 Nov 2025 13:06:22 +0000

How can you optimize log-related costs?

In an increasingly data-driven world marked by constantly evolving threats, efficiently managing logs becomes a key strategic lever: it’s not just about controlling costs, but about ensuring operational visibility, security, and compliance without unnecessary expenses.

Adopting a Log Management platform allows you to achieve the right balance between visibility into security data across IT (Information Technology) and OT (Operational Technology) environments, while reducing overall costs.

Here’s how, together with SGBox, you can turn log management into an efficient process that creates a competitive advantage in terms of security and compliance.

1 – Define log retention policies

Keeping every generated event may seem like a cautious choice, but it often results in unnecessary expenses. Logs must be segmented by importance (critical / operational / less relevant) and assigned appropriate retention periods.

SGBox helps companies map log flows, define retention policies aligned with regulatory requirements (e.g., GDPR, NIS2), and automate archiving or deletion at the end of the useful lifecycle.

2 – Filter based on log level

Not all logs have the same value, meaning some are redundant and unnecessary for initiating security activities. Irrelevant, low-value logs should be reduced, as they can negatively impact SOC team operations.

SGBox supports the configuration and monitoring of log levels in complex environments, helping filter out priority alerts that are truly useful for security operations and audits.

3 – Use log compression

The volume of collected logs can grow quickly and disproportionately. Applying compression techniques reduces storage space and transfer costs without compromising accessibility.

SGBox offers integrated solutions for log compression and archiving, ensuring that data remains available for analysis while occupying fewer resources.

4 – Centralize Log Management

When logs originate from multiple applications, microservices, and regions, spreading them out makes analysis, correlation, and cost-control significantly harder. A centralized platform provides visibility, aggregation, and control.

SGBox delivers an advanced Log Management and SIEM platform that centralizes logs and security events, streamlines analysis procedures, and optimizes storage and access, reducing duplication and inefficiencies.

5 – Monitor and control log ingestion

Controlling which logs are ingested avoids allocating financial and technological resources to store unnecessary data. It’s important to set thresholds, control metrics, and anomaly alerts for log ingestion.

With SGBox, you can define automatic rules and alerts for log ingestion, exclude irrelevant traffic, and act quickly in the event of unexpected variations or spikes.

6 – Analyze data before archiving

Not all data deserves long-term storage. Enrichment and normalization at the point of entry allow filtering, aggregation, and transforming logs into more useful and compact formats, reducing costs and improving analysis quality.

SGBox supports data-enrichment pipelines, log transformation, and intelligent filtering so that only data truly needed for security, auditing, and actionable SIEM inputs is retained, optimizing threat detection performance.

7 – Use Tiered storage

Not all logs require the same level of accessibility: recent logs are consulted frequently, while historical logs are typically used only for audits or compliance. Using lower-cost storage tiers (cold, deep-archive) leads to significant savings.

With SGBox, you can define automatic policies that move logs across tiers (hot → warm → cold) based on usage, ensuring fast access where needed and more economical storage elsewhere.

8 – Automate Data Lifecycle Management

Manual interventions and sporadic actions lead to errors, hidden costs, or unnecessary data retained for too long. Automating the entire lifecycle, from collection, to tier transitions, to deletion, is essential.

SGBox integrates automation features for lifecycle management: automatic log transitions, scheduled expiration and deletion, all in line with internal policies and applicable regulations.

9 – Optimize indexing strategies

In log search engines indexing determines both cost and performance. Poor choices inflate costs.

SGBox supports companies in designing efficient log-search architectures: optimized mappings, shard/replica management, index rollover policies, and snapshot & archiving strategies that reduce costs and improve response times.

10 – Use cost governance tools

Understanding where money is spent, forecasting increases, and setting budget thresholds help maintain control over logging-related expenses. Dashboards, reports, and alerts are essential.

SGBox offers economic visibility across the entire log stack: dedicated reporting, cost driver analysis, alerts, and support for defining operational budgets, avoiding unexpected billing surprises.

11 – Apply log sampling

In high-volume environments (IoT, microservices, heavy traffic), recording every event can become prohibitive. Sampling consists of storing only a selected percentage of less-critical events while maintaining visibility into errors and anomalies.

SGBox helps define structured sampling policies: clear criteria (errors, security events, user behavior), dedicated flows for critical and non-critical events, and continuous monitoring of sampling effectiveness.

Discover SGBox Log Management >>

What is Cyber Threat Intelligence? An introductory guide

SGBox — Mon, 03 Nov 2025 10:32:00 +0000

The cybersecurity landscape is constantly evolving, marked by the growth and unpredictability of threats.

Never before have hackers had the ability to design threats that are increasingly complex and targeted, capable of remaining hidden within corporate IT infrastructures.

Organizations must adapt their defense strategies to the fluid nature of cybercrime, employing tools that can detect signs of compromise and anomalies before they escalate into full-blown attacks.

This is where the technique of Cyber Threat Intelligence comes into play.

What is Cyber Threat Intelligence?

Cyber Threat Intelligence (CTI) is the process through which an organization collects, processes, analyzes, and uses information related to potential or existing threats.

Its goal is to anticipate, detect, and respond effectively to attacks through a proactive approach.

For an SME or a mid-sized company, adopting CTI means shifting from a reactive posture (“we only notice the attack when it’s underway”) to a more proactive one (“we know what can happen, who might attack us, and how to defend ourselves”).

In this sense, CTI is a strategic pillar of modern cybersecurity.

The difference between Threat Data and Threat Intelligence

Threat Data and Threat Intelligence are two fundamental factors in threat detection, but they represent two different concepts:

Threat Data consists of raw threat-related data: for example, malicious IP addresses, file hashes, suspicious domains, or network logs. Without further context, they are merely “alerts” but do not explain the “who,” the “why,” or the “how”.

Threat Intelligence is the result of analyzing, contextualizing, and enriching this data. It involves transforming raw data into useful knowledge, complete with context, priority, and actionable recommendations.

For example: knowing that a certain hash is associated with malware is not enough. Knowing that this malware is used by an APT (Advanced Persistent Threat) group operating in your sector, which has similar targets to yours, and that exploits an undetected vulnerability in your infrastructure—that is intelligence.

This transition is crucial to avoid being overwhelmed by low-priority alerts and to focus on what truly matters.

What are the 4 Types of Cyber Threat Intelligence?

In a practical context, the main types of CTI are primarily distinguished by their recipients, depth, level of detail, and time horizon. The 4 categories of Cyber Threat Intelligence are as follows:

Technical Intelligence

This is the most “micro” from a technical perspective. It includes detailed information on malware, exploits, vulnerabilities, signatures, hashes, and command-and-control domains. It is useful for SOC teams for immediate intervention.

Tactical Intelligence

This concerns Indicators of Compromise (IoCs), and the Tactics, Techniques, and Procedures (TTPs) of attackers. It aims to improve detection and response in the short term.

Operational Intelligence

This analyzes active campaigns, the attackers’ modus operandi, the vulnerabilities they are exploiting in the specific context of the organization or sector, and probable attack vectors.

Strategic Intelligence

This is aimed at decision-makers, management, and the board. It provides an overview of threats, long-term trends, business impact, global scenarios, and security investments.

What are the 5 Stages of Cyber Threat Intelligence?

The management of CTI can be viewed as a cycle, a sequence of phases that leads from defining requirements to action and continuous improvement:

Planning / Direction: defining what we want to understand: which assets are critical, which threats concern us, and which questions we need to answer.

Collection: acquiring data from internal and external sources: logs, threat feeds, the dark web, OSINT, and known vulnerabilities.

Processing: organizing and normalizing the data, filtering out noise, enriching it with context, and structuring the elements for analysis.

Analysis: transforming the processed data into intelligence. This involves evaluating the “who,” “why,” and “how,” the implications for the organization, and defining recommendations.

Dissemination / Use & Feedback: dstributing the intelligence to the appropriate stakeholders (SOC, management, IT team), implementing the suggested actions, and collecting feedback to refine the program.

What types of Threat Information exist?

Within CTI, the information collected and processed can be classified into several categories useful for protecting the company:

Indicators of Compromise (IoCs): IP addresses, domains, file hashes, URLs, malware signatures, useful for technical detection.

Attacker tactics, techniques, and procedures (TTPs): how they operate, which vulnerabilities they exploit, and which infrastructures they use.

Attacker profiling: APT groups, cybercriminals, insider threats, their motivations, capabilities, and objectives.

Vulnerabilities and exploits: which flaws are actively being exploited, and which business contexts are most at risk.

Threat trends and scenarios: evolution of campaigns, most affected sectors, and emerging vectors (ransomware, supply-chain, IoT, Cloud).

Business/Organizational context: which company assets are critical, what reputational or operational risk is being run, and which business processes are targets.

By integrating these types of information, CTI becomes a tool that connects the technical world to the business dimension.

It’s not just about “blocking a malicious IP,” but about understanding that “this threat could damage the continuity of our service X and the company image”.

The benefits of Cyber Threat Intelligence

Why invest in CTI? Here are some of the most significant advantages for SMEs and mid-to-large organizations:

Threat Anticipation: by knowing the attackers’ techniques and preferred vectors, it is possible to prepare preventively, reducing reaction time.

Better Risk prioritization: thanks to intelligence, resources can be focused on what truly matters (critical assets, probable attacks) instead of dispersing efforts.

SOC operational efficiency: reduction of false positives, better alert triage, and more targeted interventions.

Support for management decisions: by providing a strategic view of cyber risk, CTI helps CISOs/DPOs/Account Managers define budgets, processes, and investments.

Integration and synergy with other security processes: Vulnerability management, incident response, and threat hunting all benefit from intelligence.

Greater Corporate Resilience: In the event of a real attack, an organization well-prepared with CTI can limit the impact, recover more quickly, and reduce reputational and operational damage.

Cyber Threat Intelligence vs. Threat Hunting

It is helpful to clarify how CTI differs from and integrates with an often-confused activity: Threat Hunting.

Cyber Threat Intelligence primarily deals with the collection, analysis, and dissemination of information about external or incoming threats: “What’s out there? Who might attack us? What vectors do they use?”

Threat Hunting, on the other hand, is a proactive activity within the organization. Analysts actively search for signs of compromise, anomalies, and suspicious behaviors that might evade automated tools.

CTI provides the “map” (who, what, where, how), and threat hunting does the “field research” (checking if someone is already inside, hidden).

The two work together: good intelligence feeds threat hunting with context, TTPs, and known situations; threat hunting returns internal data that enriches the intelligence.

Cyber Threat Intelligence Feeds by SGBox

Within the SGBox SIEM module, a distinctive component lies in the Threat Intelligence Feeds.

These feeds are curated data and analysis streams, specifically geared toward the needs of SMEs and the Italian markets, which include:

Timely indications on IoCs, TTPs, and attacker groups relevant to the client company’s sector.

Contextualization in the regulatory sphere (e.g., GDPR, NIS2), useful for compliance with regulations.

Strategic reports that support management in viewing cyber risk and planning investments.

Integration with SOC/MSPs managed by SGBox, to translate intelligence into operational action.

Usable formats (reports, alerts, dashboards) designed to facilitate understanding by non-specialist IT Managers and Account Managers.

Thanks to this solution, SGBox allows small and medium-sized enterprises to proactively access CTI that would otherwise be difficult to implement internally, due to both cost and expertise.

SGBOX CYBER THREAT INTELLIGENCE>>

The role of SIEM in producing and managing security audits for regulatory compliance

SGBox — Wed, 15 Oct 2025 10:35:19 +0000

In a context where cybersecurity regulations are becoming increasingly stringent, ensuring compliance is no longer just a legal obligation, it’s a fundamental requirement for maintaining the trust of clients and partners.

Tools such as SIEM (Security Information and Event Management) play a crucial role in this process, enabling organizations to monitor, record, and analyze system activities to demonstrate their adherence to key regulations, including NIS2 and GDPR.

How SIEM enables regulatory compliance

Cybersecurity regulations like the NIS2 Directive, GDPR, and ISO 27001 standards require organizations to adopt appropriate technical and organizational measures to ensure data protection and effective incident management.

However, the real challenge for many companies lies in proving compliance, documenting every monitoring, analysis, and response activity.

This is where SIEM comes into play.

A SIEM system collects and correlates logs from all corporate devices and systems,such as firewalls, servers, endpoints, applications, and IoT devices, providing a comprehensive, real-time view of the organization’s security posture.

Thanks to its automated correlation and behavioral analysis capabilities, SIEM helps identify suspicious events, intrusion attempts, or data breaches.

More importantly, it records every activity in a structured and verifiable manner, ensuring the traceability required to meet audit and compliance obligations.

In practice, SIEM allows organizations to:

Centralize log collection and maintain logs in an unalterable format, as required by the GDPR.
Track and document access, changes, and security incidents.
Demonstrate the ability to promptly detect and respond to threats, as mandated by NIS2.
Automate the production of compliance reports according to predefined standards.

Security reports and audits

One of the main advantages of a Next-Generation SIEM system is its ability to automatically generate detailed and customizable security reports.

These reports are an essential resource for both internal and external audits, clearly demonstrating compliance with relevant regulations.

A security audit is an in-depth evaluation of an organization’s IT infrastructure and security practices, designed to identify existing vulnerabilities before they can be exploited by cybercriminals.

SIEM-generated reports may include:
Statistics on detected security events.
A timeline of incidents and corresponding responses.
Vulnerability analyses and attack trend assessments.
Comparisons between current security levels and regulatory requirements.

By automating reporting, SIEM reduces the workload of SOC teams, minimizes the risk of human error, and ensures the consistency and reliability of data over time.

During a security audit, having up-to-date and verifiable reports makes it easier to demonstrate to regulators that security controls are in place and that monitoring processes are actively maintained.

The importance of conducting periodic security audits

Performing periodic security audits is one of the best practices for maintaining compliance and ensuring an organization’s cyber resilience.

Audits help verify that security controls are effective, up to date, and aligned with current regulations.

Without appropriate tools, collecting and analyzing the data required for an audit can be a lengthy and complex process.

A SIEM system simplifies and accelerates this process by allowing organizations to:

Automatically analyze system logs and detect abnormal behavior.
Highlight potential risk or non-compliance areas.
Demonstrate continuous monitoring and timely corrective actions.

Conducting regular audits with the support of a SIEM transforms compliance from a mere obligation into an opportunity, enhancing not only security but also corporate transparency and governance.

SGBox and regulatory compliance

SGBox is a Next-Generation SIEM & SOAR platform designed to simplify security and compliance management for organizations of all sizes and industries.

Thanks to its modular architecture and advanced log management capabilities, SGBox enables organizations to:

Collect, normalize, and store security logs in full regulatory compliance.
Automate the generation of compliance reports for standards such as GDPR, NIS2, ISO 27001, and PCI-DSS.
Correlate security events and orchestrate incident responses (SOAR functionality).
Easily integrate new data sources and security modules to accommodate infrastructure growth.

In addition, SGBox offers intuitive, customizable dashboards that give IT Managers, CISOs, and DPOs a clear, real-time overview of security and compliance status, facilitating collaboration between technical teams and corporate management.

DISCOVER SGBOX SIEM>>

SGBox for CGNAT: features and benefits

SGBox — Tue, 07 Oct 2025 08:24:25 +0000

Understanding Carrier-Grade NAT (CGNAT)

Carrier-Grade NAT (CGNAT) is a large-scale network address translation technology used by Internet Service Providers (ISPs) to manage the scarcity of IPv4 addresses.

It allows multiple customers to share a single public IPv4 address, effectively extending the lifespan of the IPv4 protocol by creating a private network within the ISP’s infrastructure, where each customer’s device is assigned a private IP address.

The CGNAT device then translates these private IP addresses to a limited pool of public IPv4 addresses when connecting to the internet.

Why CGNAT Log Management is essential

Managing CGNAT logs is not just a technical requirement: it’s a critical component of responsible network operation.

The sheer volume of data generated by CGNAT requires a robust and scalable solution for several key reasons:

Regulatory compliance: many countries have laws that require ISPs to store and provide access to network traffic data for a specific period. This is crucial for law enforcement and legal investigations. Without proper CGNAT logging, it’s impossible to trace user activity back to a specific public IP address and timestamp, leading to compliance failures and potential legal repercussions.

Problem solving: when customers experience connectivity issues, CGNAT logs are the first place to look. They provide the necessary information to diagnose network problems, identify bottlenecks, and resolve service-related complaints efficiently. By mapping internal IP addresses to their corresponding public IPs and ports, network administrators can pinpoint the source of a problem and quickly restore service.

Enhanced security: CGNAT logs are vital for network security. They help in identifying and investigating malicious activities such as DDoS attacks, spam campaigns, and other forms of cybercrime. By correlating log data, security teams can trace the origin of an attack back to the specific private IP address on the internal network, enabling them to take appropriate action.

How SGBox manages CGNAT Logs

SGBox offers a comprehensive and efficient solution for CGNAT Log Management, designed to handle the massive data volumes and unique requirements of ISP networks.

Connection logging: SGBox captures detailed information about every connection, including the source private IP address and port, the translated public IP address and port, the destination IP address and port, and the connection’s timestamp. This data provides a complete record of network activity.

Mapping and dynamic assignment: the SGBox platform intelligently handles the dynamic nature of CGNAT. It accurately maps the dynamically assigned private IP addresses to the shared public IPs, ensuring that a clear and verifiable link exists between each user and their internet traffic.

Log collection and analysis: SGBox collects logs from multiple CGNAT sources, centralizing them in a single, scalable repository. Its powerful analytics engine processes this data, enabling quick searches, correlation of events, and generation of reports for compliance and troubleshooting.

Data Export: the system supports various data export formats, making it easy to share log data with law enforcement agencies or other authorized parties, in compliance with regulatory requirements.

Key advantages of SGBox for CGNAT

SGBox stands out as an ideal solution for CGNAT Log Management due to its focus on performance, efficiency, and cost-effectiveness.

High-Volume Data Management: built to handle the immense volume of data generated by modern ISP networks, SGBox is a high-performance solution that ensures no data is lost or delayed.

Efficiency & reduced complexity: the platform simplifies the complex task of log management through an intuitive interface and automated processes, freeing up valuable IT resources.

Affordable cost: SGBox provides a high-value solution at a competitive price, making it accessible for ISPs of all sizes.

Technical architecture: clustering model

The SGBox technical architecture is built on a clustering model, which provides virtually unlimited data ingestion and management capacity.

This distributed approach ensures scalability and resilience, guaranteeing that the system can grow with your network without performance degradation.

As an EU technology, SGBox ensures data residency and compliance with European data protection regulations.

CONTACT US FOR FURTHER INFORMATION>>

New threats (Ransomware and AI): defending with an advanced SIEM

SGBox — Tue, 02 Sep 2025 07:12:17 +0000

The current context: Ransomware and emerging AI threats

In recent years, Ransomware has become increasingly sophisticated and widespread. The rise of the Ransomware-as-a-Service model has enabled even criminals with limited skills to launch complex attacks.

In Italy, ransomware continues to rank among the most impactful threats during the first half of 2025, with a total of 91 attacks (compared to 92 in the first half of 2024). The most significant cases of the semester targeted a university, a hospital diagnostic lab, and several digital service providers for public administration. (Source: ACN Operational Summary).

The development of AI gives attackers new opportunities to create sophisticated threats that are becoming more frequent, adaptive, and difficult for traditional defense systems to detect.

This scenario makes intelligent and responsive security tools essential.

Challenges for SMEs, IT Managers, CISOs, and DPOs

Small and medium-sized businesses often lack dedicated security teams or large budgets. In this context, IT Managers, CISOs, DPOs, and Account Managers seek clear, effective, and ready-to-use solutions that ensure protection, business continuity, and regulatory compliance.

Why the adoption of an advanced SIEM is essential

A Next Generation SIEM leverages advanced contextual and behavioral data to detect subtle anomalies such as zero-day threats or unusual user behavior—issues that traditional defense systems often miss.

This enables the detection of silent attacks at their earliest stages, reducing response times and allowing the implementation of countermeasures to minimize damage.

Automation and Rapid Response

Modern SIEM solutions incorporate advanced correlation engines that proactively identify threat signals and trigger automated responses.

Centralization, continuous Monitoring, and Compliance

Advanced SIEMs centralize logs and events from multiple systems, enabling continuous monitoring and the creation of reports for security audits and compliance with GDPR, ISO 27001, or PCI DSS.

This streamlines operations and helps DPOs address regulatory requirements.

How SGBox’s Next Generation SIEM makes the difference

Modular, Scalable, and Cloud-Native Architecture

SGBox offers a Next Generation SIEM & SOAR Platform with a modular and distributed architecture, adaptable to the needs of both SMEs and large enterprises.

The Cloud SIEM version eliminates hardware and maintenance costs, offering automatic updates, customized integrations with existing infrastructures, and continuous monitoring.

In-Depth analysis, Threat Intelligence, and integrated SOAR

The SGBox platform includes a powerful correlation engine, Threat Intelligence capabilities for proactive analysis, and automated incident responses through its integrated SOAR component, which significantly reduces average detection and response times.

This allows IT Managers and CISOs to focus on priority threats, supported by intuitive dashboards and reports, achieving greater effectiveness in incident management.

Practical benefits of SGBox SIEM for businesses and Public Administration

Operational efficiency, thanks to automation that reduces workload and complexity.
Cost reduction, especially with the SaaS model, avoiding infrastructure investments.
Strategic support, with continuous monitoring, aggregated visibility, and compliance support.
Faster response times, powered by the SOAR engine, which shortens containment phases.

Explore the features of the Platform >>

SecureGate appoints Nusantara Asia Pacific as its Official Distributor in the ASEAN region

SGBox — Mon, 04 Aug 2025 07:52:53 +0000

Milan, August 4th – SecureGate, a leading provider of cybersecurity products and services, has officially appointed Nusantara Asia Pacific as its distributor across the ASEAN region.

The new partnership marks another step forward in the global expansion of SecureGate, that will enhance the availability of advanced cybersecurity solutions across the region through the 2 Business Unit: SGBox and CyberTrust 365.

SGBox’s Next generation SIEM & SOAR platform provides organizations with modular and scalable solutions to monitor, detect, and automatically respond to cyber threats effectively, while CyberTrust 365 offer tailored Managed Cyber Security Services for H24 security detection, prevention and response activities.

By partnering with Nusantara Asia Pacific, a leading value-added (VAD) technical distributor and authorized services, SecureGate aims to enhance the cyber security posture of SME’s and large enterprises with cutting-edge IT products and managed security services.

“We are delighted to announce Nusantara Asia Pacific as our official distributor for Indonesia and select regional markets,” said Patrick Ramseyer, Vice President of Sales for APAC and EMEA at SecureGate.

“This partnership marks a significant step forward in our regional expansion strategy. Nusantara’s strong local presence, deep market understanding, and proven track record in cybersecurity distribution make them an ideal partner to represent our solutions. We are confident that, together, we will bring greater value, visibility, and support to customers across Indonesia and beyond.”

The new distribution agreement represents a significant milestone for both companies, enabling them to support businesses in overcoming daily cybersecurity challenges in the Asia Pacific countries through continuous technical support and comprehensive pre- and post-sales assistance.

“We are pleased to be a part of this significant milestone with SecureGate”, said Susantari, Sales Director at Nusantara Asia Pacific.

“This partnership enhances our ability to provide businesses in the Asia Pacific region with the cutting-edge tools and comprehensive support they need to effectively address their daily cybersecurity challenges”.

SGBox SOAR: the ally that simplifies SOC operations

SGBox — Mon, 07 Jul 2025 10:10:31 +0000

What is SGBox SOAR and how does it work?

To address the growing challenges of cybersecurity, it is essential to implement automated countermeasures capable of reducing the average response time to an attack and quickly handling potential incidents.

This is where SOAR (Security Orchestration, Automation and Response) comes into play—the feature included in the SGBox Platform that enables orchestration, automation, and automated incident response capabilities.

SGBox’s SOAR system integrates seamlessly with all the platform’s functionalities.

Based on logs and security events collected by the SIEM, it allows for the activation of intelligent automations to promptly tackle threats and enrich incidents with additional information.

Using predefined correlation rules and playbooks, SOAR can:

Identify real incidents and filter out false positives;
Automatically trigger containment, mitigation, or notification actions;
Provide security teams with a centralized and simplified view of events.

The benefits of automation for the SOC

Implementing a SOAR system lightens the daily workload of SOC teams, as demonstrated by our SG-SOC as a Service, provided through the dedicated CyberTrust 365 Business Unit.

SG-SOC integrates the features of the SGBox SIEM & SOAR Platform and leverages them to automate incident response and activate remediation activities.

Here’s how SOAR empowers the SG-SOC team:

Reduced average analysis time: Threats are handled in seconds, without downtime or delays caused by manual intervention.

Reduced stress for analysts: Repetitive, low-value tasks are automated, allowing SOC professionals to focus on more strategic analysis.

Process standardization: Thanks to predefined playbooks, every incident response follows a consistent pattern, reducing human errors.

Better alert management: The system helps prioritize real incidents, preventing the team from being overwhelmed by false positives.

For Italian SMEs, which often lack internal SOC teams, outsourcing cybersecurity management and monitoring to an external SOC service that integrates SOAR functionalities is a strategic move to mitigate risks and safeguard business operations without disproportionate investments.

SGBox SOAR: practical cases of automated response

The SGBox SOAR module is designed to offer intelligent and flexible automation, fully integrated with the platform’s other modules.

With simple and customizable configuration, it allows for the creation of automated playbooks for various security scenarios.

Reducing false positives and optimizing resources

A concrete example is the management of alerts from firewalls or endpoints. These systems often generate large numbers of alerts, many of which turn out to be false alarms.

SGBox SOAR streamlines the security operations workflow by:
Analyzing logs and cross-referencing them with up-to-date threat feeds;
Applying priority rules to distinguish actual attack attempts;

Automatically triggering isolation or notification actions only when truly necessary.

The result? A drastic reduction in false positives and more efficient incident management, allowing the SOC to focus on priority threats and respond more quickly and effectively.

How much time and resources can you save?

Thanks to process automation, SOC teams can:

Save up to 70% of the time spent managing repetitive alerts;
Reduce average incident response time from hours to minutes;
Lower operational costs related to IT security.

Want to learn more about SGBox’s SOAR technology?

Book a free demo >>

SGBox Announces New Distribution Agreement with CIPS Informatica

SGBox — Thu, 19 Jun 2025 07:05:48 +0000

The new partnership will allow Italian companies to benefit from SGBox’s SIEM & SOAR platformand the related Manged Security Services to protect against cyber threats in compliance with regulations.

Milan, June 19, 2025 – SecureGate is pleased to announce a new partnership with the Italian distributor Cips Informatica for the supply of IT products included in the proprietary SIEM & SOAR platform, as well as the related managed security services provided through the CyberTrust 365 Business Unit.

Thanks to this collaboration, IT resellers, MSPs, and system integrators will have access to a modular and scalable platform for enterprise security monitoring, ideal for meeting the requirements of NIS2, ISO/IEC 27001, GDPR, and other European and national regulations.

SGBox is the Next Generation SIEM & SOAR platform — modular and scalable — entirely designed in Italy, developed to simplify and optimize ICT security management for companies of all sizes.

Its advanced log collection and management capabilities, correlation, analysis, and automated responses allow companies to protect themselves from all types of cyber attacks.

Thanks to intuitive reports and dashboards, the platform provides a comprehensive and real-time view of the IT infrastructure’s security status.

Based on these functionalities, Managed Cybersecurity Services are also provided through the CyberTrust 365 Business Unit, offering comprehensive management of security activities, compliance, and 24/7 monitoring of the IT infrastructure.

By partnering with CIPS Informatica—a provider of IT solutions with over 30 years of experience in the Italian market—SGBox aims to further expand its reach and equip local businesses with the necessary tools to overcome daily cybersecurity challenges.

We are excited to begin this collaboration with CIPS Informatica, a solid and well-established partner in the Italian IT distribution landscape.

Thanks to this agreement, we will be able to expand access to our SGBox SIEM & SOAR platform and related managed security services through a qualified and widespread sales network.

It’s a strategic step that allows us to respond even more effectively to the cybersecurity needs of Italian companies, providing scalable, reliable, and fully managed solutions,” said Massimo Turchetto, CEO of SGBox.

“We are proud to announce this partnership with SGBox, an Italian company that combines technical expertise, innovation, and strategic vision in the field of cybersecurity,” said Mario Menichetti, CEO of CIPS Informatica.

“With SGBox, we are further strengthening our offering to the channel, delivering concrete solutions to tackle the challenges posed by NIS2 and to support companies on their path to compliance and digital resilience.”

About SecureGate

SecureGate is a dynamic IT vendor providing advanced security solutions to protect companies from cyber threats, with high standards of support and technical assistance. SecureGate’s offerings are structured through two Business Units: SGBox and CyberTrust 365.

SGBox is the Business Unit focused on developing IT products. Through its “Next Generation SIEM & SOAR” platform, it offers a range of modular solutions for managing ICT security in compliance with regulatory requirements.

CyberTrust 365 is the Business Unit dedicated to Managed Cybersecurity Services. It provides full 24/7 protection by managing all activities related to an organization’s IT infrastructure security.

Website: https://www.securegate.it/

About CIPS Informatica

Since 1991, CIPS Informatica has been a reference point for the distribution of IT solutions in Italy, with a focus on cybersecurity, networking and data protection. Through a network of resellers and system integrators, CIPS supports companies in the digital transformation and protection of their IT infrastructures.

Website: www.cips.it

Cloud SIEM and transparent costs: SGBox’s solution for SMEs

SGBox — Mon, 09 Jun 2025 07:28:14 +0000

The myths about SIEM costs

When it comes to cybersecurity, one of the most common misconceptions among many Italian small and medium-sized enterprises (SMEs) is that a SIEM solution is expensive and suitable only for large companies with structured IT teams.

This belief is now outdated. Cyber threats do not discriminate based on company size: ransomware, targeted phishing, and unauthorized access affect SMEs just as much as large organizations—and SMEs are often more vulnerable precisely because they lack dedicated internal resources and cutting-edge technologies.

Thanks to SGBox, even SMEs can access advanced SIEM capabilities through a flexible, scalable cloud model with transparent costs.

SGBox: SaaS model with tailored licensing

Unlike traditional SIEMs that rely on licensing models based on log volume (which is difficult to estimate and often very expensive), SGBox adopts a licensing model based on the number of devices to be monitored.

This approach brings three key advantages:

Predictable costs: clear licensing model ensures full budget control.
Ease of activation: get started immediately without managing complex infrastructures.
Scalability: add new devices and modules as the business grows.

SGBox offers a full SaaS (Software as a Service) experience, where the entire infrastructure is managed within SGBox’s Cloud. Customers can focus on their core business while security is ensured by the proprietary Next Generation SIEM & SOAR platform, which is continuously updated with the latest features.

All the benefits of Cloud SIEM for SMEs

Choosing a Cloud SIEM means equipping your business with a tool that can:

Collect and analyze system, firewall, server, and application logs, identifying suspicious behavior.

Automatically detect threats and generate real-time alerts.
Correlate events across different devices, even if they are spread across multiple locations or used by remote workers.
Trigger automation workflows (SOAR) for rapid incident response.

Provide comprehensive reports for audits and manage compliance with privacy regulations such as GDPR and NIS2.

All of this is possible without hardware investments, without dedicated technical staff, and with updates included in the service.

Scalability and ease of use even without an internal IT team

One of SGBox’s standout features is its ease of use: the intuitive interface allows even small or non-specialized teams to monitor events and respond quickly.

In addition, guided onboarding and continuous support ensure a stress-free start and effective use of the system from day one.

The modular platform allows SGBox to adapt to specific security needs thanks to its scalable offering.

The progressive licensing model allows you to choose from four different bundles and start with essential features (Security Log Collection and Management), expanding over time based on evolving needs.

This is a fundamental requirement that enables SMEs to implement the solution precisely and gradually.

Below is a comparison between SGBox Cloud SIEM and other market solutions:

SGBox is the SIEM for italian SMEs that want to protect themselves without wasting resources

Investing in cybersecurity is no longer optional; it is a necessity—even (and especially) for SMEs.

SGBox makes this possible with a ready-to-use, cost-effective solution that can adapt to any business environment.