Managed Security Services

SOC-in-a-Box

:Zone 2  |  Essential


For end users who need a lightweight service to monitor and respond to live security events and indicators of compromise in real-time” add line break then “Remote install and remote operation


Your Virtual team

Security Engineer


Security Analyst


Service Delivery Manager


Service Assurance Consultant


Threat Intelligence Specialist

The essential service for end users needing a cost-effective, comprehensive and fully extensible Protective monitoring and Incident Response service to evidence audit and regulatory due diligence 


For end users who need a comprehensive service to defend against live breaches and indicators of compromise that would have adverse and often long-lasting negative impacts on the company brand, customer retention and image. 


The Essential service is also relevant for those industries requiring enhanced levels of regulatory alignment and detailed reporting of risks for their internal audit and external regulatory regimes, often to investment boards. 


The 2019 Cyber Security Breach Survey says 63% of disruptive breaches were discovered by people not technology.

 

With in excess of 15 years of combined research and application into machine learning, automated cyber response, working with leading automated machine learning and behavioural profiling technologies, while running a Security Operations Centre  – we know what works in real terms and beyond the hype.

 

In simple terms, our SOC analysts are still our number one asset when it comes to effective incident qualification and response.

 

It is true that the machine is very powerful at discovering possible indicators of compromise, the “cyber needles in a haystack”. Afterall, we ingest into our monitoring service on average 80M log events per day from each of our clients. Without the machine it would be impossible for our analysts to identify security risks and threats from this much data.

 

But the human analyst is unmatched at understanding nuance and context behind security alerts. For example, Were those suspicious logins due to a misspelled logon account, was the firewall change approved as part of your CAB process, did Jenny login to her Office 365 account from the Maldives to turn on her out-of-office reply as she is now on holiday and forgot to do it beforehand?

 

With the human touch, our expert team can quickly close out false positives through correlation with threat intelligence, understanding clearly the context of the log events, putting into focus how your network and business singularly operates, and even reaching out to users directly to confirm irregular behaviour patterns.

 

Victim Scenario

What’s important to the Board


Taking cyber risk seriously like they would any other business-related risk.


Protecting our reputation from impacting the acquisition and retention of new projects, investment  and customers.


An insurance policy – to reduce the likelihood of a breach occurring – especially with COVID-19 and home-working set to continue for the foreseeable future.


Avoiding continued systemic failure of our IT operations leading to loss of business.


To mitigate potential legal action and ICO fines from GDPR.


Minimising the cost of security incident clean-ups.

LogSecure

  • 100% managed SIEM Services
  • Dedicated log capture, threat analysis and incident response
  • Adapts to your IT environment – custom integrations included
  • Scales to 10,000 EPS

Security Assurance

  • On-call breach crisis management team
  • Digital forensics investigation and recovery
  • Best practice security guidance for IT projects
  • Quarterly cyber-security briefings and maturity review
  • Security policy and process creation and maintenance

Security Operation Center

  • Real-time incident management – collection, correlation, triage, investigation, remediation and reporting
  • Delivered by trained, accredited (ISO27001) and vetted staff
  • End to end platform and services management
  • Integrated workflow with your organisation
  • 12x5 and 24x7 vigilance

Global Threat Intelligence

  • Honeypots deployed across 7 continents
  • Malware analysis, quarantine and removal
  • Cyber threat research facility – high quality, relevant, reliable data
  • Constant visibility - faster response time keep you safe
  • Over 100,000 indicators of compromise

DLP - Data Loss Prevention 

  • Ensuring no data loss or leakage of sensitive corporate information that may be contained on local laptops
  • Visibility of end to end employee actions and behaviors – integrity of your specific technology chains

List of Services

Security Engineer


End to end responsibility for your architecture and platform roll-out, health and management to ensure maximum availability

Threat Intelligence Specialist


Using our Cyber threat reseach facility and accessing over 100,000 indicators of compromise containing high quality, relevant and reliable data, the TIS is externally focused  focused on inbound malware analysis, quarantine and removal


Meet your virtual team comprising of:

Virtual Team

The approach

Step #1:

Service implementation prep

Our tried and tested implementation methodology enables rapid deployment of our service whilst mitigating project risks.

 

Leverage our experience in delivering global security projects collaborating with multiple third parties.

Step #3:

Targeted alert use cases


By tailoring our extensive alert correlation rulesets, we reduce the noise from false positives and enhance detection rates of genuine cyber threats.

 

In addition, we deploy threat intelligence tripwires to detect external risks and threats to your organisation.

Step #5:

Costomised incident response plan


We tailor our mature incident detection and response processes to work effectively with your organisation and assigned third parties.

 

We support local and global security deployments engaged with numerous outsourced resolver teams.

Step #7:

Continued cyber due diligence


Achieving cyber due diligence doesn't stop once your SOC service is in operation. As best practice, we schedule regular reviews to ensure your service meets all existing and emerging security requirements as your business evolves.

Step #2:

Intergrate Log Feeds


We support log collection from on- premise network infrastructure, virtual infrastructure, security technologies and cloud systems.

 

We can also integrate with your custom applications by engaging our in-house development and integration team.

Step #4:

Security health check and threat reconnaissance


We perform a security health check and assist you in remediating existing security risks prior to going live.

 

  1. Detect existing risks and threats within your networks
  2. Perform passive reconnaissance of previously leaked data and cyber risk exposure analysis
  3. Present security posture report with actionable findings

Step #6:

SOC go live!


Your SOC service helps you achieve cyber due diligence through:

 

  1. Real-time threat monitoring, incident triage and
  2. 24x7x365 service delivered by UK cyber security
  3. Cyber intelligence monitoring and passive reconnaissance helps you to stay protected ahead of an
  4. Key Risk Indicator

KRI Reports

Threat Hunter


Using the latest EDR and MDR technology integrated into i3  our Threat Hunters proactively hunt down and contain internal lateral movement of active and emerging threats

Security Achitect


highly-skilled with experience gained from working with major SIEM vendors. Responsibility lies with delivering integrated service components for maximum speed to resolution ”find to fix”

Possesses a macro and micro mindset when utilising Threat Intelligence awareness of what can impact customers

Security Assurance Consultant


Provides the best practice security guidance for IT projects as a part of your evolutionary journey  right advice at the right time that incorporates quarterly cyber-security briefings and maturity reviews.

Hold overall responsibility for security policy and process creation and maintenance

Security Delivery Manage


Leads both technical and operational co-ordination and launch of breach and crisis management resources collaboratively leading up-to 15+ client-side teams as a virtual resolver group



Security Analyst


Real-time incident management – collection, correlation, triage, investigation, remediation and reporting, delivered by our trained, accredited (ISO27001) and vetted (NPPV3 and SC cleared) staff

Zone 2 – Essential ”Key Risk Indicator Report


On either a weekly or monthly basis we provide a data-driven report of the Key Risk Indicators across your estate.


These are presented in an easy-to-digest series of graphical summary dashboards. Additionally, we continue to track and trace existing incidents in progress where strategic, longer term solutions may be required together with a wider-ranging collaboration of IT teams and stakeholders.


The report also shown where we have considered Threat Intelligence advisories and how they may impact your IT operation. The KRI report will also detail all investigated security risks within their specific cyber classifications. 

To receive your free example report complete your details today

 
 
 
 
 

Addresses:

London Office

2nd Floor

31 Chertsey Street

Guildford

Surrey

GU1 4HD

Zepko

11th Floor Centre City Tower

5-7 Hill Street

Birmingham

B5 4UA