SOC

Security Operations Centre

Get in Touch

Do You Need SOC Support?

Our cyber security team are responsible for monitoring and improving our clients cybersecurity posture by identifying, preventing, detecting, and responding to threats. This service has now been extended to be available 24 hours a day 7 days a week for our clients.  The team monitor identities, endpoints (e.g. workstations), servers, network applications, websites and other systems to uncover and protect against potential cyberattacks in real time.

Our team provide proactive security management and solutions using the latest threat intelligence to allow us to identify and address system or process vulnerabilities before attackers could exploit them.

Our SOC point of difference is we work across multiple devices and software across the entire digital attack surface and not limited to a single vendor.

Our SOC Services include

Reducing the attack surface

Continuous monitoring & threat detection

Incident response

Log management

Asset discovery and tool inventory

Asset Discovery and Tool Inventory

To eliminate blind spots and gaps in coverage, the SOC needs visibility into the assets that it protects and insight into the tools it uses to defend the organization. This means accounting for all the cloud services, identities, applications, and endpoints across on-premises and multiple clouds. The team also keeps track of all the security solutions used in the organization, such as firewalls, anti-malware, anti-ransomware, and monitoring software.

Reducing The Attack Surface

A key responsibility of the SOC is reducing the organization’s attack surface. The SOC does this by maintaining an inventory of all workloads and assets, applying security patches to software and firewalls, identifying misconfigurations, and adding new assets as they come online. Team members are also responsible for researching emerging threats and analysing exposure, which helps them stay ahead of the latest threats.

Continuous Monitoring

The Cyber Security Team will be using multiple technological solutions to continuously be available to monitor our clients systems.  These solutions include, security analytics solutions like a security information enterprise management (SIEM) solution, a security orchestration, automation, and response (SOAR) solution, or an extended detection and response (XDR) solution.  Our SOC team will monitor the entire environment—on-premises, clouds, applications, networks, and devices—all day, every day, to uncover abnormalities or suspicious behaviour.

Threat Detection

The SOC team will use the data generated by the SIEM and XDR solutions to identify threats. This starts by filtering out false positives from the real issues. Then they prioritize the threats by severity and potential impact to the business.

Log Management

The NSOC team is also responsible for collecting, maintaining, and analysing the log data produced by every endpoint, operating system, virtual machine, on-premises app, and network event. Analysis helps establish a baseline for normal activity and reveals anomalies that may indicate malware, ransomware, or viruses.

Incident Response

Once a cyberattack has been identified, the NSOC team and management quickly takes action to limit the damage to the organization with as little disruption to the business as possible. Steps might include shutting down or isolating affected endpoints and applications, suspending compromised accounts, removing infected files, and running anti-virus and anti-malware software.

What Is SOC Looking For?

Cyber Security Team are looking for threats in your environment from a multitude of devices, systems and applications.  The team will be reporting on firewalls, workstation & server endpoints, website & web applications, alerting & protection, cloud services and data exfiltration from your network. Learn more about firewalls, workstation & server endpoints and cloud monitoring below.

Firewalls

Monitoring logs and alerts including monitoring for logins access (especially after hours), risky ports, large data copies in or out of the network, firewall rule changes.

Monitor and check firewall patching availability and new firewall vulnerabilities.

Respond on critical risks by triage with advanced teams and block any threats

Reviewing device configurations history and latest changes

Execute regular monthly vulnerability scans to recommend any new changes required

Workstation and Server Endpoints

Alert when any Global Admin account has been created.

When a global admin or administrator account is logged into your 365 or Azure environment

Alert when a user account has too many failed logins

Execute Microsoft Hunt & Threatening queries

Monitor and execute Microsoft vulnerability manager

When new devices or resources are added into your environment

Review and implementation of security enhancements as required

Review and implementation of security enhancements as required

Supplier and Product Vulnerability Hunting

Actively searching for supplier and product vulnerabilities that are released on a daily basis. We search across multiple vendors, products, news sources to immediately find vulnerabilities.

Our SOC team then assesses what action, escalation or possibly no response is taken

What We Offer

Feature
Basic Security
SOC Business Hours
SOC 24/7
Standard Business Hours (8am – 6pm)
24/7 Supported Hours
Monitoring Unusual Activity Reports
Unusual Login Attempts & Risky User Alerts
Monitor Email Service
Review 365 Secure Score, New Recommendations & Vulnerabilities
Monitoring AV / Malware Threat Alerts
Access Control Management/MFA Reporting
SharePoint Disk Usage & Trends
Data Loss Protection (file access) Monitoring*
Active Human Eyeball Monitoring and Response/Actions
Microsoft 365 Defender & Threat Intelligence
Firewall Monitoring, Login & Firewall Rule Change Alerting
Workstation Patching Reporting
Manage Engine 3rd Party Patching*
Threatlocker*
Email Integrity Status Checks & Reporting
Cloudflare DNS & WAF Monitoring & Reporting*
CloudFlare Zero Trust Monitoring & Reporting*
Wordfence WAF Monitoring & Reporting*
Veeam 365 Backup Enhanced Reporting
Azure Backups Enhanced Reporting*
MIT Red Team Updates
NSOC MIT Vulnerability Hunting and Actions
NSOC Monthly Reporting and Actions
Security Awareness Video
Darkweb Monitoring & Reporting
BullPhish Phishing Simulation

*Monitoring and reporting is completed if client has paid subscriptions, services or configuration setup for these products.

Example SOC Report

Transparency and detailed reporting are at the heart of our SOC services. We understand that having access to clear, comprehensive insights is essential for managing and securing your network. Our SOC reports are designed to provide a thorough analysis of your network’s security posture, including incident details, system vulnerabilities, and actionable recommendations.