Microsoft SOC service

Your dedicated team

Humans are critical to interpreting and acting on technology’s advice, which is why they’re a huge part of what we do for you. Your SOC team includes:

Security Engineer

Ensures your systems seamlessly integrate with ours so everything works as it should.

Security Analyst

Your eyes and ears. Monitors, analyses and investigates your IT estate 24×7.

Service Delivery Manager

Oversees every element of your service from internal response process to coordination of different teams.

Security Assurance Consultant

Answers the difficult question and provides valuable guidance that supports your decisions.

Threat Intelligence Specialist

Looks beyond your perimeter to seek and stop cyber threats before they cause harm.

Threat Hunter

Harnesses endpoint data response technologies to hunt down and quarantine suspicious internal threats.

Protective services overview


The Sentinel SIEM delivers a correlated view of security risks across everything running on your network and in the cloud. A tightly integrated and extensive Global Threat Intelligence Network (GTIN) and i3 Security Incident Management Portal, including SOAR, identify potential compromises and provide real-time security alerts to enhance our detection and auto-remediation capability while expediting root cause analysis.


An expert security team underpins our SIEM services with 24x7x365 threat monitoring, internet-based threat hunting and a customised log monitoring approach to support your systems and bespoke applications. A Security Assurance Consultant ensures best practice is enforced at all times, with a dedicated Service Delivery Manager in place to ensure all commitments and expectations are met.


24x7x365 monitoring from a UK-based Security Operations Centre ensures that your business is protected around the clock. Early warning threat intelligence updates help ensure reinforced protections are in-situ ahead of an attack, while ongoing tuning of alert rules see that your service evolves in line with your business. We’ll also provide monthly Key Risk Indicator (KRI) reports, the ‘metrics that matter’, and threat intelligence summaries. When an incident arises, we’ll take the lead in working with your internal teams and relevant 3rd parties to action quick and effective resolutions – all incidents are recorded in our i3 portal, and feature in the monthly Key Risks and Remediations Report.


Azure Information Protection and Governance inspects and analyses all data that is being accessed or transferred within your network – whether between devices inside your organisation, or externally. Detailed policies can be configured based on conditional actions such as the type of information shared, the information source, the destination of the data, and who is performing the activity.


As part of a 24x7x365 service, our expert SOC analysts monitor security alerts to ensure ongoing protection, with ad-hoc reporting available on request. A dedicated Security Assurance Consultant helps identify the customised policies best suited to your needs, with a Security Engineer on hand to quickly and easily apply IPG policy changes as required, alleviating the need to train your in-house teams.


With a client-server architecture, the agent software runs on user devices no matter where they are, with all IPG policies managed centrally within the SOC. This protects every user, including office-based teams and remote workers, to ensure they are always secured with up-to-date policies that are synchronised in seconds. Should alerts from IPG develop into incidents, they’re recorded in our i3 portal and feature in a monthly Key Risks and Remediations Report, provided as part of the service.


Our Defender for Identity service supports the detection of advanced attacks across your networks to prevent infiltration and lateral attack movements. By leveraging your existing on-premises Active Directory signals, Defender for Identity identifies, detects and investigates advanced threats, compromised credentials and malicious insider actions through the kill chain. Proprietary sensors continually monitor organisational domain controllers to provide a comprehensive view of all user activity from across every device.


As part of an expert security team, skilled Security Analysts deliver 24x7x365 monitoring and leverages the intelligence of smart analytics to identify threats and gain insights across your organisation and determine accurate attack timelines. A Security Assurance Consultant provides guidance on best practice and appropriate response, with a Service Delivery Manager in place to oversee delivery and ensure all commitments and service guarantees are met.


Ongoing monitoring and analysis of user activities and information across your network creates a behavioural baseline for each user’s activity. These insights are then leveraged by adaptive built-in intelligence to reveal suspicious activities that support the identification of new and advanced threats facing your organisation. Real-time monitoring and investigation of detected threats reduces false positive alerts and triggers appropriate automated actions including manual host quarantine, while advanced incident analytics support malware sandboxing and analysis of zero-day malware threats to ensure ongoing protection around the clock. All alerts that develop into incidents are available in our i3 portal, as well as featuring in a monthly Key Risks and Remediations Report.


Harnessing industry-leading AI, Defender for Office 365 detects malicious and suspicious content and correlates attack patterns to identify campaigns specifically designed to evade protection. A layered, defence-in-depth approach detects and prevents a wide variety of volume-based and targeted attacks including business email compromise, credential phishing, ransomware and advanced malware. Defender for Office 365 also extends protection beyond email to other critical tools within your Microsoft estate, including SharePoint, OneDrive, Office applications and Microsoft Teams.


Managed by an expert security team, your Defender for Office 365 service delivers real-time monitoring and investigation of email threats to reduce false positive alerts and ensure appropriate defensive actions are taken, including locking compromised email accounts and removal of confirmed phishing emails. Alongside 24x7x365 monitoring, a dedicated Security Delivery Manager coordinates teams to deliver both non-targeted and targeted phishing simulations that test your business users’ ability to detect and report phishing emails. Our expert Security Analysts will then review results and report on findings to enable training for those most in need.


Real-time monitoring ensures protection across the entire email delivery chain. Malicious email-borne threats can be detected and blocked at the network edge, while sophisticated sender intelligence supports accurate identification of compromised sender accounts, spoofs and domain impersonation. Once delivered, intelligent machine learning and heuristics review message content in real time, with any potentially malicious links replaced with safe alternatives to ensure ongoing protection against the primary attack vector. If threats at the alert level develop into incidents, then they are recorded in our i3 portal and monthly Key Risks and Remediations report.


Defender for Endpoint MDR goes beyond the best anti-virus protection to deliver real-time detection and prevention of advanced network threats and malware. A powerful combination of machine learning, signature detection and threat intelligence identifies anomalous activity on endpoint systems before automatically blocking and quarantining high-risk events, before flagging low-risk events for further investigation.


Highly-skilled Threat Hunters proactively seek out anomalies in user and software behaviour to discover zero-day threats as part of 24x7x365 threat monitoring and incident response. A Security Assurance Consultant provides guidance on best practice for monitoring and incident response, while a dedicated Service Delivery Manager ensures expectations and obligations are met.


On-going threat hunting and cyber intelligence monitoring across the internet and hacker forums ensures around the clock threat monitoring, analysis and remediation. The SOC team apply knowledge of emerging indicators of compromise (IoC’s), leaked data, targeted campaigns and fraudulent web domains to ensure your defences stay one step ahead. This advanced incident analytics, including malware reversal, keep you protected against any emerging threats. Any incidents are recorded in our i3 portal, and these, as well as full insights are shared as part of a monthly Key Risks and Remediations Report.

Key benefits

Rapid remote deployment of monitoring and protection software through cloud management.

Detect targeted and sophisticated network attacks.

Faster root-cause analysis via multiple security logs including network, firewall, server, active directory, database and cloud systems.

Key Risk Indicator and security maturity improvements delivered within 4 weeks of SOC deployment.

Help protect against zero day malware.

Joined up overview of security incidents in the event of a breach – slashing the time it takes to respond.

Protect key data, intellectual property and client data from theft and accidental leakage.

Reduce employee overhead and improve speed of response through automated defence and remediation.

Flexibility to evolve your service using our ‘Roll Out Roll In’ SOC protections.

Harden networks and systems to common network intrusion attacks and malware.

Protect data stores and keep business operations moving with real-time anti-ransomware detection and prevention.

Select modules you need, or adopt all of them together.

Take the next sep

Found the SOC for you? Take advantage of our 3-month free pilot and discover the Zepko difference risk-free. Or if you’d simply like to know more about our services, get in touch with our expert team.

Get in touch

Insurance company protects their Microsoft Exchange servers against the Hafnium group

60 k

organisations attacked by Hafnium group

99.9 %

customers protected

12 hrs

IoC blocking rules applied

21 %

average IT budget spent on security

The insurance company was using MS Exchange and were in the process of commencing migration to Office 365. The SOC team notified the client that state sponsored threat actor Hafnium started targeting zero day (previously unknown) vulnerabilities on Exchange servers.

The SOC team applied specific Hafnium Indicator of Compromise (IoC) detection rules to the MDR system. The IoCs covered Hafnium suspicious file creation, Hafnium process spawning and China Chopper. The IoC rules were configured to both detect and prevent execution of the malicious processes.

This gave the organisation protection whilst they commenced a critical patching exercise with guidance from the SOC team. The SOC team used our SIEM to monitor logs from the other systems such as the firewalls to identify any inbound or outbound traffic from malicious IP addresses related to Hafnium (as detected by our GTIN threat intelligence platform).

60,000+ organisations attacked by the Hafnium group

IoC blocking rules applied within 12 hours of notification, whilst clients started the patching process

99.9% of customers protected

The average firm now devotes 21% of its IT budget to cyber security – a jump of 63%

Our customer pledge

We’re confident in the services we provide, and we want you to be too. That’s why we offer the following pledge to every business considering onboarding us as their managed security service provider:


3-month pilot
free of charge

Put us to the test and let us run your 24×7 Security Operation Centre for free for the first 3 months. You can benchmark our performance against pre-agreed success criteria – and if you’re not convinced after the pilot, it won’t cost you a penny.


Lowest prices

Our mission is to make high-quality, tailored managed security services affordable to the mid-market – and we stand by our word. If you find another provider who can offer a like-for-like SOC service for a lower cost, we will refund the difference.


No half

When you take part in our pilot you can expect the full Zepko service, not a trimmed down version. We’ll run a full 24×7 SOC operation, providing access to our specialist SOC team, process models and procedures, at the same level as our existing customers.