Saturn DLP VM SIEM MDR

Your dedicated team

Humans are critical to interpreting and acting on technology’s advice, which is why they’re a huge part of what we do for you. Your SOC team includes:

Security Engineer

Ensures your systems seamlessly integrate with ours so everything works as it should.

Security Analyst

Your eyes and ears. Monitors, analyses and investigates your IT estate 24×7.

Service Delivery Manager

Oversees every element of your service from internal response process to coordination of different teams.

Security Assurance Consultant

Answers the difficult question and provides valuable guidance that supports your decisions.

Threat Intelligence Specialist

Looks beyond your perimeter to seek and stop cyber threats before they cause harm.

Protective services overview

Technology

Our SOC-driven, action-based, and real-time policy and risk-based alerting and prevention service delivers data exfiltration events. Lightweight agents can also be deployed at speed to desktops and laptops as required to provide unified coverage to the user base, wherever they may be. A Cloud Management Portal ensures we effectively manage and monitor all on-premise and mobile users in real-time, with the option to set customisable and granular DLP policies and rulesets on the fly.

People

Expert Security Engineers configure and manage your DLP deployments, ensuring the service is fully functional, optimised and ready to deliver real-time alerts to the SOC to protect your business.

Process

By deploying DLP rulesets to track and trace data at rest, in motion and in use, all tailored to the unique demands of your business, plus ongoing ruleset tuning, we ensure that your DLP service is always ready and optimised to keep you secure. We maintain a forensically sound log system for persistent offenders should internal HR or disciplinary procedures be required.

Technology

MDR software agents provide real-time, risk-based prevention of malware and potential network attacks. The MDR service is frequently deployed East-West within a client to support any other complementary North-South IDS/IPS service. Our intuitive Cloud Management Portal enables the management and monitoring of on-premise and mobile users in real-time, as well the granular customisation of alerts and defensive rulesets.

People

Highly-skilled Threat Hunters proactively seek out anomalies in user and software behaviour to discover zero-day threats as part of 24x7x365 threat monitoring and incident response. A Security Assurance Consultant provides guidance on best practice for monitoring and incident response, while a dedicated Service Delivery Manager ensures expectations and obligations are met.

Process

On-going threat hunting and cyber intelligence monitoring across the internet ensures round the clock threat monitoring, analysis and remediation. The SOC team apply emerging indicators of compromise (IoC’s) rules to transpose the anatomy of attacks into the MDR system to help simultaneously prevent entry and any negative impact. This advanced incident analytics, including malware reversal, keep you protected against any emerging threats, Full insights are also shared as part of a monthly Risk Indicator Report.

Technology

The LogSecure SIEM delivers a correlated view of security risks across everything running on your network and in the cloud. A tightly-integrated and extensive Global Threat Intelligence Network (GTIN) and I3 Security Incident Management Portal identify potential compromise and provide real-time security alerts to enhance our detection and auto-remediation capability while expediting root cause analysis.

People

An expert security team underpins our SIEM services with 24x7x365 threat monitoring, internet-based threat hunting and a customised log monitoring approach to support your systems and bespoke applications. A Security Assurance Consultant ensures best practice is enforced at all times, with a dedicated Service Delivery Manager in place to ensure all commitments and expectations are met.

Process

24x7x365 monitoring from a UK-based Security Operations Centre ensures that your business is protected around the clock. Early warning threat intelligence updates help ensure reinforced protections are in-situ ahead of an attack, while ongoing tuning of alert rules see that your service evolves in line with your business. We’ll also provide monthly Key Risk Indicator (KRI) reports, the ‘metrics that matter’, and threat intelligence summaries. When an incident arises, we’ll take the lead in working with your internal teams and relevant 3rd parties to action quick and effective resolutions.

Technology

Our always-on virtual scanners perform host discovery, vulnerability detection and compliance scanning to identify potential security risks for further SOC action. This includes Web Application Scanning, Real-time Scanning Agents, PCI Compliance Scanning and a live Threat Intelligence feed for newly disclosed vulnerabilities and emerging threats. Vulnerability insights are also used to inform tailored client reports and correlated within the SOC’s SIEM service.

People

A skilled security team supports and interprets every element of Vulnerability Management, providing real-time analysis and linkage with the SIEM system to ensure all risks are assessed in the round. Singularly, the SOC delivers regular vulnerability reports, configuring virtual scanner tools for ongoing optimised performance and integration with other SOC services. A Security Assurance Consultant is always on hand to ensure best practice is upheld, while a dedicated Service Delivery Manager ensures all service expectations are met.

Process

Once deployed, your scanning and management service works in conjunction with relevant and supporting SOC services and is continually optimised to ensure assets are hardened and patched to the latest level. Additionally, tailored, ad-hoc scans can also be actioned on request by a client via the i3 portal, or on notification of a zero-day vulnerability.

Key benefits

Rapid remote deployment of monitoring and protection software through cloud management.

Protect key data, intellectual property and client data from theft and accidental leakage.

Detect targeted and sophisticated network attacks.

Reduce employee overhead and improve speed of response through automated defence and remediation.

Joined up overview of security incidents in the event of a breach – slashing the time it takes to respond.

Key Risk Indicator and security maturity improvements delivered within 4 weeks of SOC deployment.

Harden networks and systems to common network intrusion attacks and malware.

Help protect against zero day malware.

Faster root-cause analysis via multiple security logs including network, firewall, server, active directory, database and cloud systems.

Flexibility to evolve your service using our ‘Roll Out Roll In’ SOC protections.

Take the next step

Found the SOC for you? Take advantage of our 3-month free pilot and discover the Zepko difference risk-free. Or if you’d simply like to know more about our services, get in touch with our expert team.

Get in touch

Insurance company protects their Microsoft Exchange servers against the Hafnium group.

60 K

organisations attacked by the Hafnium group

12 hrs

to apply IoC blocking rules after notification

99.9 %

of customers protected

21 %

average amount of IT budget spent on security

The insurance company was using MS Exchange and were in the process of commencing migration to Office 365. The SOC team notified the client that state sponsored threat actor Hafnium started targeting zero day (previously unknown) vulnerabilities on Exchange servers.

The SOC team applied specific Hafnium Indicator of Compromise (IoC) detection rules to the MDR system. The IoCs covered Hafnium suspicious file creation, Hafnium process spawning and China Chopper. The IoC rules were configured to both detect and prevent execution of the malicious processes.

This gave the organisation protection whilst they commenced a critical patching exercise with guidance from the SOC team. The SOC team used our SIEM to monitor logs from the other systems such as the firewalls to identify any inbound or outbound traffic from malicious IP addresses related to Hafnium (as detected by our GTIN threat intelligence platform).

60,000+ organisations attacked by the Hafnium group

IoC blocking rules applied within 12 hours of notification, whilst clients started the patching process

99.9% of customers protected

The average firm now devotes 21% of its IT budget to cyber security – a jump of 63%

Our customer pledge

We’re confident in the services we provide, and we want you to be too. That’s why we offer the following pledge to every business considering onboarding us as their managed security service provider:

1

3-month pilot
free of charge

Put us to the test and let us run your 24×7 Security Operation Centre for free for the first 3 months. You can benchmark our performance against pre-agreed success criteria – and if you’re not convinced after the pilot, it won’t cost you a penny.

2

Lowest price
guarantee

Our mission is to make high-quality, tailored managed security services affordable to the mid-market – and we stand by our word. If you find another provider who can offer a like-for-like SOC service for a lower cost, we will refund the difference.

3

No half
measures

When you take part in our pilot you can expect the full Zepko service, not a trimmed down version. We’ll run a full 24×7 SOC operation, providing access to our specialist SOC team, process models and procedures, at the same level as our existing customers.

Deploy this SOC from £9,789 per month

The above cost has been calculated based on an organisation of 250 users. Larger organisation? As our services are scaled up, your SOC solution becomes more cost effective per user. Speak to us for an accurate quote for your business.

Get in touch