Security Operations Centre (SOC) Services

Get 24x7 visibility of your network within hours, regardless of your technology, organisation size, or budget, with our SOC and Managed Detection and Response (MDR) services.

e2e-assure Security Operations Centre (SOC) in action

e2e-assure SOC-as-a-Service

Our Security Operations Centre services offer cost effective, tailored visibility into your organisation, arming you with the information and expertise needed to reduce your organisational risk from cyber threats whilst enabling your business to grow.

Everything we do is focused on delivering effective detection and response capabilities to minimise the impact of cyber-attacks. This laser-focus allows us to perfectly align customer objectives, with our services, improving cyber security for all organisations. With offices across the UK and in Australia, we can provide our services 24x7, if required, through UK SC cleared personnel and/or UK / Australian sovereignity.

We’ve tried to keep this page jargon-free, to help explain some of the terms we use and compare our services to others (that may use other terminology), we’ve included a handy jargon buster at the bottom of this page.

Get in touch

How we work

We provide owners of cyber risk with confidence through a transparent and tailored Security Operations Centre that leverages value from existing investments, whilst reducing total cost of ownership. Whether we’re dealing with customers, partners, or our own internal colleagues, we operate with the customer at the core of our decision making. There are three simple tenets that underpin our services, being a truly trusted advisor to our customers through:

Shared objectives - our primary goal with every customer is to make them more secure and reduce their risk from cyber threats. To achieve this goal, we made a very clear decision to not sell any other tools or services that don’t support our SOC and supporting teams. No one piece of technology can fix all organisations’ cyber security problems and so we work independent of any providers to advise the right options for the specific customer requirement to meet our shared objectives.
Transparency - in short, everything our SOC Analysts do, our customers can see, right down to the smallest ticket, should you wish. We pride ourselves in being an extension of your team and can’t hope to do that without providing you complete visibility into what our team are doing.
Unbiased advice - as we don’t resell any other company’s products or services, we’re not financially rewarded for recommending any tools. We work with customers to build out a strategic cyber roadmap, aimed at prioritising purchases to provide the best value, focusing on your key assets, routes in and ways to protect them. The aim of our advice is simple, any future purchase, be they third party or an additional service that we can provide, have to support the shared objective of improving your organisation’s cyber security.

e2e-assure global cyber security operations centre and protective monitoring

What we do

Our services are completely flexible to all organisations, threats, technologies and budgets and include:

Understanding the key threats to your organisation - we understand your business through our Threat Workshops that identify likely threats based on your organisation and industry as well as any routes an attacker may take to get hold of your critical assets. This allows us to prioritise spending to deliver the best value from day one.
Detecting and responding to threats - another flexible element, we can simply provide triaged alerts to customers to deal with, taking away the noise of alerts from their teams, provide remediation advice or even respond to certain threats with pre-agreed processes (playbooks).
Providing threat intelligence - our team of Cyber Consultants and SOC Analysts provide regular updates, relevant threat intelligence, including remediation advice, allowing you to be more pro-active and reduce your attack surface.
Improving 'cyber maturity' - we don’t just rest on our excellent detection and response capabilities; we actively work with customers to build a roadmap of continuous cyber improvement. We help prioritise investments, based on the initial (and evolving) understanding of key threats and your network to ensure the best return on your cyber investment.

We also offer a range of supporting services, which can be found here.

Discuss your options

Flexibility

Fundamentally, we don't care how your organisation is run, we can build our services to match that. We offer flexibility in regards to:
- Service - the service we offer customers is the core of what we do. One of the issues in cyber security is a lack of focus on services, covering processes and people that deliver those services. We know that most organisations can’t justify the costs, in money, time and people that it takes to build their own Security Operations Centre and that’s why we focus so heavily on ensuring our service is the best it can be. This means that flexibility is critical to ensure we can offer the right balance of high-quality service at the right price point. In addition, even excluding pricing, different organisations will have different service requirements. For example, a smaller organisation may be able to afford a higher level of service but may not have the in-house team to effectively manage the incidents and alerts we triage, even with our team providing detailed remediation guidance and so our services are designed to flex around individual requirements, be they budgetary or other resource constrained. Our services range from standard, ‘off-the-shelf’, to fully tailored for this reason.
- Organisation type and size - we’ve worked hard in recent years to develop services for any organisation, from charities and schools to big enterprises, government bodies and everyone in between. Because we tailor and prioritise our services based on the type of organisation and threats they may face, we can be sure to provide the best services for your specific needs.
- Technology - a key factor in how we make our services cost-effective for all is through our ability to integrate with any technology , meaning customers can leverage existing investments. We can also advise on duplication of output, with many cloud providers including security tools as standard with different licences, for example, that can mean cost-savings in security investment. We utilise our SOC Platform, Cumulo, to integrate with any technologies required, providing a simple, single pane of glass for Analysts to investigate attacks from, with a complete view of the network.
- Threats - we can also prioritise specific types of attack and indicators of compromise (IOC's) to further focus on how and what we monitor. This can be particularly effective for organisations with smaller budgets, or those that want to protect key elements of their network, whilst building a business case for more comprehensive coverage.
We can provide a host of additional tools, services and processes to allow better visibility of your network and provide different levels of protection.
- Let's talk
Service Outcomes

We’ve mentioned our shared objectives with customers and a key way in which we achieve this is through pre-agreed service outcomes, that align with industry best practice, such as the The US National Institute of Standards and Technology (NIST) and the UK NCSC Cyber Assessment Framework (CAF). Some outcomes we actively manage ourselves, others we advise customers, using our many years of cyber security expertise. Specific outcomes will depend on the organisation; their goals, challenges, industry, size and current cyber posture and as part of our services, we work with you to identify the key areas of focus, covering:
- Managing security risk - ensuring the organisation understands cyber security within the organisational context, starting with getting board-level buy-in to drive the right culture, policies, understanding of roles and responsibilities and processes, to put you in a good position to deal with potential cyber threats.
- Protecting against cyber-attack - reviewing your tools and processes to effectively protect the organisation against potential cyber-attacks. This covers device, privileged user and identity (and access) management as well as understanding the data you hold, how it’s transmitted across your network and how attackers may get to it. We also work with IT teams, be they in-house or outsourced to ensure the IT and cyber security roadmaps are aligned and ‘secure by design’, rather than have cyber security as an afterthought.
- Detecting cyber-attacks - clearly detecting cyber-attacks is the bread and butter of what we do and we excel in it. Starting with ensuring we have the right data, whether that be from logs, network traffic or other sources, as well as the standard and bespoke (as appropriate) processes, tools and people to effectively detect potential cyber-attacks and either step in or advise on remediation.
- Responding to cyber-attacks - we can work with organisations to ensure they have an appropriate response and recovery plan in place and that cyber security is considered in your Business Continuity Plans (BCPs). We have worked with many organisations, even those that weren’t customers prior, during live cyber security incidents to continue monitoring and understanding any further attacks and to keep them online whilst the response and recovery stages take place.
Whilst our focus is on the detection of cyber security incidents (and, depending on customers, response), we know that many organisations require a more holistic service and so work with a small number of specialist partners who compliment our services. Find out more about our partners and request a meeting via here.
- Let's talk
Services

There are a range of operating models available depending on your requirements and these can be easily adapted over time as your cyber security posture matures. Our operating models come down to two broad options:
- Hybrid SOC - probably the most common service which spans a large range of options and effectively involves our SOC becoming an extension of yours. We can add capability, capacity and expertise to in-house teams and tackle security alerts , cutting out the noise and only passing on potential incidents, with remediation advice. We can also respond to threats, based on pre-agreed processes.
- Fully outsourced - we can go a step further and provide your full detect and respond services. Sometimes this still involves passing on remediation requests to your in-house or outsourced IT teams, or we can do this with one of our partners to provide a full end-to-end IT and cyber security service.
- Discuss your options
Why do I need a SOC?

Unfortunately, every organisation is at risk of a cyber-attack, just because you may not have data that’s worth selling, simply locking an organisation out of their operations can be enough to demand a ransom. The stakes can be even higher for other organisations that handle personal or financial data with regulatory fines to consider.

Most organisations will have some degree of cyber technology aimed at preventing breaches and a lot of it is great, however, technology alone is not enough. In fact, in some cases technology without a service can cause more issues, with a host of unanswered alerts and additional technology overheads and support costs.

To truly defend against cyber threats, you firstly need to be able to detect a potential cyber-attack and have the right people and processes in place to provide a robust response, should it be required. To do this effectively, a single pane of glass is beneficial to look across multiple data sources and get a more complete view of the network and attack paths. This allows teams to correlate events to provide the best chance of detecting and responding to malicious activity.

Attacks also happen 24/7, from across the world and so you need people in place who can respond at any time of the day, any time of the year. This is where a global Security Operations Centre comes in.

However, most organisations don’t have the resources to build a SOC themselves. An effective SOC takes years and millions of pounds to build and so many organisations look to outsource elements of the service, taking advantage of industry experts at a fraction of the cost of building it themselves.
- Let's talk
Jargon Buster

Here we explain some of the terms used on this page, but also terminology you’ll hear elsewhere to help reduce and explain the jargon and acronyms used by the industry and allow you to compare the different definitions many organisations have for the same terms.
- DPI (Deep Packet Inspection) - an additional dataset for security teams to analyse, alongside traditional log collecting. DPI allows security teams to analyse real-time threats in a network, using threat intelligence they can monitor on the fly.
- EDR (Endpoint Detection and Response) - EDR focuses on protecting endpoints (devices, servers, printers etc.). Threats and signals from these endpoints can be automatically blocked and/or sent to security teams for further analysis as part of a bigger-picture view of a potential attack. EDR is effectively a more comprehensive and adaptable Anti-Virus solution that can also provide remedial action.
- IDS (Intrusion Detection System) - analyses network traffic for signatures that match known threats and other strange or suspicious activity and provides this information to Analysts to review.
- IOA (Indicator of Attack) - a series of activities that a potential attacker needs to complete to gain access to a network, for example sending a phishing email, hiding within a network, moving to other areas within the network (lateral movement) etc.
- IOC (Indicator of Compromise) - anything that could suggest a potentially malicious activity, often gathered through logs or network traffic. For example, suspicious/previously unseen IP addresses, system file changes, unusual network traffic of activity from privileged accounts etc.
- IPS (Intrusion Prevention System) - analyses traffic like an IDS, but can also prevent that packet from being delivered based on the known attacks it detects.
- MDR (Managed Detection and Response) - A service that combines EDR and NDR, often with some elements of an Analyst team to provide a broader view. MDR is sometimes used interchangeably with a SOC, however MDR is not a SOC, whereas a SOC may provide MDR services alongside other valuable support.
- MSP / MSSP (Managed (Security) Service Provider - sometimes used interchangeably by the industry, an MSP broadly provides outsourced IT services, whereas an MSSP focuses on managing the security tools (such as firewalls, IDS, Anti-Virus and VPNs). Nowadays many MSPs offer MSSP services and both types of company are starting to offer SOC-style services. Read our blog on the pros & cons of an MSP providing your SOC services.
- NDR (Network Detection and Response) - monitors the network of an organisation for anomalous behaviour based on a known benchmark. Alerts security teams of suspicious behaviour. NDR is generally less used nowadays, but all SOCs will provide a level of NDR as part of their broader services, even if it’s not called out explicitly.
- Playbook / Runbook - the processes a security team will go through based on an alert they are presented with. This uses known threats, IOAs and IOCs to provide an Analyst with the steps to gather the information they need before making a call on whether it’s a real threat or not.
- SIEM (Security Information and Event Management) - nowadays SIEM is generally thought of as a tool (such as Microsoft Sentinel), but the true definition relates to a process which defines the management of security event information, i.e. how to provide this information in a way that is meaningful to Analysts. This allows security teams to correlate data, alerts and events across multiple systems using logs and other sources. It’s important to note that a SIEM is not a SOC, rather a way of supporting the SOC by providing easier to digest information.
- SOAR (Security Orchestration, Automation and Response - allows organisations to collect information about security threats and automatically respond, without the need for human intervention. Often used alongside (or integrated into) SIEM tools to reduce the need for basic ‘alert bashing’ and remove false positives from an Analysts’ workload.
- SOC (Security Operations Centre) - will take on a range of tasks covering all detection and response acronyms. A SOC can be in-house, outsourced or co-sourced (hybrid) and relies on the combination of people, processes and technology to identify threats and take (or advise on) remedial action to prevent breaches.
- Threat Intelligence - any information available about threats and threat actors that can be used to reduce the success of attacks by strengthening defences or building playbooks around them. A SOC should utilise threat intelligence to inform processes to reduce cyber risk.
- XDR (Extended Detection and Response - There is quite a bit of debate in the industry about what exactly XDR constitutes. For some it's simply EDR, NDR and MDR combined. For others it adds in SIEM and SOAR functionality, although it could be argued that SIEM and SOAR are complimentary to XDR, not a part of it as one particular product. XDR can also be used interchangeably with a SOC by the industry, but in isolation can lack the processes and people to deliver effective security operations as it is, in effect, a collection of tools that help a SOC make decisions.
- Let's talk

e2e-assure SOC-as-a-Service

How we work

What we do

Flexibility

Service Outcomes

Services

Why do I need a SOC?

Jargon Buster