Managed Security Services

SOC-in-a-Box

:Zone 3 |  Premium

For end users who need a comprehensive service to proactively monitor, detect and defend live data breaches and indicators of compromise in real-time. Suitable for users who require assurance to meet audit standards and regulatory regimes.

Your Virtual Team

Security Engineer


Security Analyst


Service Delivery Manager


Service Assurance Consultant


Threat Intelligence Specialist

Threat Hunter

The Gold standard, for end users who want to take the service to the next level with the ultimate in Protective monitoring and Incident Response replete with appropriate policy and process creation and maintenance to assist with the demonstration of due diligence to the ICO


For end users who need a comprehensive service to proactively monitor and hunt for threats laterally across all internal network environments to defend against live breaches and indicators of compromise.


The Premium service is also relevant for those industries requiring enhanced levels of regulatory alignment and detailed reporting of risks for their internal audit and external regulatory regimes. 


The 2019 Cyber Security Breach Survey says 63% of disruptive breaches were discovered by people not technology.

 

With in excess of 15 years of combined research and application into machine learning, automated cyber response, working with leading automated machine learning and behavioural profiling technologies, while running a Security Operations Centre  – we know what works in real terms and beyond the hype.

 

In simple terms, our SOC analysts are still our number one asset when it comes to effective incident qualification and response.

 

It is true that the machine is very powerful at discovering possible indicators of compromise, the “cyber needles in a haystack”. Afterall, we ingest into our monitoring service on average 80M log events per day from each of our clients. Without the machine it would be impossible for our analysts to identify security risks and threats from this much data.

 

But the human analyst is unmatched at understanding nuance and context behind security alerts. For example, Were those suspicious logins due to a misspelled logon account, was the firewall change approved as part of your CAB process, did Jenny login to her Office 365 account from the Maldives to turn on her out-of-office reply as she is now on holiday and forgot to do it beforehand?

 

With the human touch, our expert team can quickly close out false positives through correlation with threat intelligence, understanding clearly the context of the log events, putting into focus how your network and business singularly operates, and even reaching out to users directly to confirm irregular behaviour patterns.

 

Naturally, we don’t stop at detection – fire alarms don’t put out fires , we have a suite of technologies that with analyst oversight, support automated defensive actions from network intrusion prevention to managed detection and response (MDR).


Victim Scenario

LogSecure

  • 100% managed SIEM Services
  • Dedicated capture, threat analysis and incident response
  • Adapts to your IT environment – custom integrations included
  • Scales 10,000 EPS and unlimited correlations

Security Assurance

  • On-call breach crisis management team
  • Digital forensics investigation and recovery
  • MDR and EDR for lateral movement and endpoint protection
  • Best practice security guidance for IT projects
  • Quarterly cyber-security briefings and maturity review
  • Security policy and process creation and maintenance

Security Operation Center

  • Real-time incident management – collection, correlation, triage, investigation, remediation and reporting
  • Delivered by trained, accredited (ISO27001) and vetted staff
  • End to end platform and services management
  • Integrated workflow with your organisation
  • 24x7 vigilance

Global Threat Intelligence

  • Honeypots deployed across 7 continents
  • Malware analysis, quarantine and removal
  • Cyber threat research facility – high quality, relevant, reliable data
  • Constant visibility - faster response time keep you safe
  • Over 100,000 indicators of compromise

List of Services

You will additionally receive an on-call Breach crisis management team to help orchestrate and liaise with various internal and external parties and supply chains to rapidly remediate any outbreak and neutralise the negative impact this may have across the organisation.


Intrinsic within the Premium service is a digital forensics investigation and recovery function should evidence be required for any post-mortem analysis or legal requirement. 

Security Engineer


End to end responsibility for your architecture and platform roll-out, health and management to ensure maximum availability

Threat Intelligence Specialist


Using our Cyber threat reseach facility and accessing over 100,000 indicators of compromise containing high quality, relevant and reliable data, the TIS is externally focused  focused on inbound malware analysis, quarantine and removal


The largest virtual team comprising of:

Virtual Team

Threat Hunter


Using the latest EDR and MDR technology integrated into i3  our Threat Hunters proactively hunt down and contain internal lateral movement of active and emerging threats

Security Achitect


highly-skilled with experience gained from working with major SIEM vendors. Responsibility lies with delivering integrated service components for maximum speed to resolution ”find to fix”

Possesses a macro and micro mindset when utilising Threat Intelligence awareness of what can impact customers

Security Assurance Consultant


Provides the best practice security guidance for IT projects as a part of your evolutionary journey  right advice at the right time that incorporates quarterly cyber-security briefings and maturity reviews.

Hold overall responsibility for security policy and process creation and maintenance

Security Delivery Manage


Leads both technical and operational co-ordination and launch of breach and crisis management resources collaboratively leading up-to 15+ client-side teams as a virtual resolver group



Security Analyst


Real-time incident management – collection, correlation, triage, investigation, remediation and reporting, delivered by our trained, accredited (ISO27001) and vetted (NPPV3 and SC cleared) staff

The approach

Step #1:

Service implementation prep

Our tried and tested implementation methodology enables rapid deployment of our service whilst mitigating project risks.

 

Leverage our experience in delivering global security projects collaborating with multiple third parties.

Step #3:

Targeted alert use cases


By tailoring our extensive alert correlation rulesets, we reduce the noise from false positives and enhance detection rates of genuine cyber threats.

 

In addition, we deploy threat intelligence tripwires to detect external risks and threats to your organisation.

Step #5:

Costomised incident response plan


We tailor our mature incident detection and response processes to work effectively with your organisation and assigned third parties.

 

We support local and global security deployments engaged with numerous outsourced resolver teams.

Step #7:

Continued cyber due diligence


Achieving cyber due diligence doesn't stop once your SOC service is in operation. As best practice, we schedule regular reviews to ensure your service meets all existing and emerging security requirements as your business evolves.

Step #2:

Intergrate Log Feeds


We support log collection from on- premise network infrastructure, virtual infrastructure, security technologies and cloud systems.

 

We can also integrate with your custom applications by engaging our in-house development and integration team.

Step #4:

Security health check and threat reconnaissance


We perform a security health check and assist you in remediating existing security risks prior to going live.

 

  1. Detect existing risks and threats within your networks
  2. Perform passive reconnaissance of previously leaked data and cyber risk exposure analysis
  3. Present security posture report with actionable findings

Step #6:

SOC go live!


Your SOC service helps you achieve cyber due diligence through:

 

  1. Real-time threat monitoring, incident triage and
  2. 24x7x365 service delivered by UK cyber security
  3. Cyber intelligence monitoring and passive reconnaissance helps you to stay protected ahead of an
  4. Key Risk Indicator

KRI Reports

Zone 3 - Premium Key Risk Indicator Report


On either a weekly or monthly basis we provide a data-driven report of the Key Risk Indicators across your estate.


These are presented in an easy-to-digest series of graphical summary dashboards.


Additionally, we continue to track and trace existing incidents in progress where strategic, longer term solutions may be required together with a wider-ranging collaboration of IT teams and stakeholders.


The report also shown where we have considered Threat Intelligence advisories and how they may impact your IT operation.


The KRI report will also detail all investigated security risks within their specific cyber classifications. 

To receive your free example report complete your details today

 
 
 
 
 

Addresses:

London Office

2nd Floor

31 Chertsey Street

Guildford

Surrey

GU1 4HD

Zepko

11th Floor Centre City Tower

5-7 Hill Street

Birmingham

B5 4UA