Children and young people deserve our comprehensive protection - especially in educational institutions such as schools, boarding schools, kindergartens, daycare centres or competence centres. Many institutions are already prepared for external threats and use firewalls, virus scanners or access restrictions. Nevertheless, a sensitive gap arises as soon as potential Threats within emerge within the organisation: Assaults by employees, radicalisation, cyberbullying or the unauthorised consumption of illegal content often remain undetected for a long time.

As the father of a three-year-old son, I can only imagine what it means when your own child gets into such a situation. The number of unreported cases is still high and many cases go undetected. Based on the conviction that we all have a responsibility to protect our children in the best possible way, we at the Swissmakers GmbH decided to utilise our technological expertise in the field of cyber security and Elasticsearch and use it specifically for child protection. In this blog post, we would therefore like to provide an initial overview, like a classic SIEM system through minimal adjustments to the school and childcare environment, be used efficiently to protect children can.

What is a SIEM system and why is it ideal for child protection?

A SIEM system (Security Information and Event Management System) collects and analyses in real time the log data of all applications and end devices within an organisation. In contrast to seamless monitoring of all content, a SIEM primarily processes metadata (e.g. time of a communication, deviations from usual usage behaviour) in order to Recognising anomalies at an early stage. This offers teachers and social pedagogues an opportunity to identify the first warning signs of problematic behaviour before anything worse happens - and without unnecessarily violating the privacy of children and young people.

Especially in an educational context, the topic of "digital surveillance" understandably causes scepticism. However, a modern SIEM concept can effectively allay fears of total control because it does not carry out a complete check of all chats or documents. Instead, the system monitors basic parameters (such as the frequency with which files are exchanged) and only triggers an alarm if certain previously defined patterns occur. This keeps the Personal communication largely protectedwhile potentially critical events come to light in good time.

How a SIEM can help: practical examples

Schools, boarding schools and other childcare facilities combine a wide range of digital activities: chats, emails, online learning platforms, learning apps, network storage and much more. What's more, many children and young people are already surfing the internet independently at a very young age - sometimes on private devices, sometimes on school tablets or computers in the school network. Especially in this complex environment, it is crucial, Recognising early warning signalsbefore abuse takes place.

A SIEM system helps to register these incidents at an early stage. Instead of only being able to react after serious incidents, the school management or a dedicated security team can intervene preventively and hold clarifying discussions as soon as Conspicuous anomalies appear in behaviour.

Recognising bullying at an early stage
If offensive terms or an unusually high number of negative keywords repeatedly appear in chat messages, the system can register this accumulation and inform those responsible. Educational professionals can then take timely countermeasures and help those affected.
Prevention of abuse
If there is a sudden and atypically intensive exchange of data between employees and individual students (e.g. a large number of private messages or an above-average number of images or files), the SIEM sounds the alarm. This enables line managers or a crisis team to quickly find out whether there is a harmless explanation or a real threat of abuse.
Calling up illegal content or content harmful to minors
A group of pupils repeatedly access websites during the breaks that are linked to drug offences or depictions of violence. The SIEM reports this and informs the responsible office of the exact devices from which the content was accessed and which student or teacher account was involved. In this way, a dialogue can be held promptly before further problematic actions can arise.
Radicalisation tendencies
A young person researches extremist content conspicuously often and communicates with radical groups in forums. The system recognises repeated access to listed sites, informs the school social work department and thus enables early action to be taken - e.g. educational or counselling services.

Metadata instead of full monitoringContent details such as chat histories or video recordings are not recorded by default. As a rule, only key data (time, users involved, number of files sent) is saved.
Strict access controlsOnly a small, authorised team (school management, IT officer, school social worker if applicable) has access in the event of an alarm. Every access is logged to prevent misuse.
Legal protectionAnyone using a SIEM system must fulfil legal data protection requirements (e.g. the DSG in Switzerland or the GDPR in the EU) as well as guidelines for the protection of children and young people.

Less uncertaintyA SIEM system recognises risks before they develop into tangible problems. Educational professionals gain security and can focus their energy on the essentials: looking after and supporting the children.
Early intervention instead of crisis managementInstead of only reacting when it is already too late, SIEM offers points of reference for early discussions or counselling services.
Simple reasoningIf incidents do occur, the logging provides structured information that enables a transparent and fair approach.

Why many schools are still lagging behind

Although IT equipment in schools is constantly growing, the Security infrastructure often outdated. Firewalls and virus scanners are relatively easy to set up, but analysing internal data flows is more complex. A lack of specialised personnel, unclear responsibilities and a reluctance to carry out supposed monitoring mean that a large proportion of problems remain undetected. This is precisely where SIEM solutions come in: They analyse data automatically, sound the alarm reliably and make it possible to intervene in good time. In this way, technology becomes a valuable aid for more security in everyday educational work. In other words: When danger doesn't call out loudly, you need systems that recognise quiet signals.

Why Swissmakers GmbH?

The Swissmakers GmbH has been a reliable Swiss partner for years. Partner of Elasticsearch and has Extensive experience in the area of cyber security and SIEM implementations. Our primary goal in this project is to support the well-being of the children while respecting the privacy of pupils and staff.

Technical expertiseWe have many years of experience in the technical implementation of SIEM solutions and IT security concepts - even in sensitive areas of application.
Customised solutionsEvery institution is unique. We develop customised concepts that seamlessly complement your existing processes.
Data protection expertiseThanks to our many years of experience, we can integrate the applicable requirements of the Data Protection Act and child protection regulations to ensure safe and legally compliant operation.
Holistic approachFrom design, implementation and training to operation and ongoing audits - we support you throughout.

Conclusion: Technology to protect our children

The idea that our children are victims of abuse is almost unbearable for many parents. Nevertheless, it is important to face up to this reality and actively do something about it. Through the targeted use of a SIEM Systems based on Elasticsearch can be eye-catching patternsrecognise risky interactions and dangerous online activities at an early stage - without to disclose all data indiscriminately or the Privacy of the pupils to injure.

No technological tool can guarantee 100 per cent protection or completely replace the human eye and face-to-face dialogue. But the better we use our digital tools, the sooner we can recognise potential dangers before irreparable damage is done.

If you learn more about it If you would like to know how such a SIEM solution can be implemented technically and organisationally in your institution, we will be happy to help. Our experts will advise you on the topics of data security, data protection and process integration - so that together we can take an important step towards Protecting our children can go.

Michael Reber

Years of experience in Linux, security, SIEM and private cloud