SOC-as-a-Service

Our Security Operations Centre (SOC-as-a-Service) delivers advanced, next generation managed threat detection and incident response services to safeguard your organisation from emerging cyber threats ensuring regulatory compliance.

Speak to an expert

Advanced threat detection & response

Using our best-of-breed Unified Security Management platform (USM), powered by market leading AT&T AlienVault, the Air Sec SOC-as-a-Service (SOCaaS) is an advanced, next generation managed threat detection and response service (MDR).

Alien Vault AT&T MSSP Partner logos

 

Suited for any sized organisation, our service is tailored to your specific needs.

We’ll make sure you’re fully protected from latest and emerging threats and ready to meet legislative compliance.

Delivering one of the most comprehensive and advanced cyber security services available today, you’ll have complete peace of mind that you have the best measures in place to combat cyber-crime and mitigate risk.

Don’t rely on preventative measures alone

As cyber security threats grow more advanced by the day, protecting your organisation’s systems, data and people becomes more challenging.

The recent Hiscox Cyber Readiness Report found that 55% of UK businesses suffered a cyber-attack during 2019.

Threats are continually evolving with attacks becoming more frequent, sophisticated and targeted.

Organisations can no longer just rely on traditional preventative measures alone (such as firewalls, anti-virus) to protect themselves from breach and intrusion.

We proactively hunt & eliminate threats

In today’s ever-changing threat landscape, it’s no longer a matter of if, but when you’re likely to suffer a cyber-attack or intrusion.

Beyond prevention, it’s critical that organisations are now fully equipped to proactively identify and eliminate any attacks that bypass standard perimeter defences before they cause serious damage.

Ready to get started?

Speak to an expert

Air Sec SOC-as-a-Service

How we help

Our SOC is built upon the best technology available and staffed by a team of highly skilled and experienced security professionals.

Utilising the award-winning AlienVault Unified Security Management (USM) platform coupled with Alien Labs Continuous Threat Intelligence, we provide unrivalled, next generation Managed Detection and Response (MDR) services.

This enables our SOC team to deliver powerful threat monitoring, detection, incident response and compliance management covering all your critical environments, be they on-premise, cloud or hybrid.

With our up-to-the-minute industry intelligence, we’ll safeguard your complete IT estate and its users from advanced and emerging threats that bypass standard perimeter defences.

Continuously monitoring your networks and endpoints for security incidents we’ll hunt and detect any intrusions and attacks, swiftly remediating them before they can cause damage to operations and reputation.

Our 6-step methodology

We follow a 6-step methodology to continuously monitor and offensively protect from the latest threats and vulnerabilities – keeping you safe from the inside out.

 

Virtuous circle diagram Air Sec SOC process - monitor > detect > identify > Assess > respond > report

What we cover

With full transparency and a deep understanding of your full IT estate – we continuously monitor 24/7/365 across on-premise (physical & virtual), cloud (public & private) and hybrid infrastructures, endpoints (remote & local) and software (local & SaaS)

Saab - O365, G Suite, Okta, Box & more

Cloud IaaS - AWS, Azure

On Premise - Physical & Virtual Networks

Endpoints - Windows, Linux, MacOS

Our data collection methods

We deploy lightweight sensors that provide complete security visibility of your cloud and on-premise environments. These conduct scans, monitor network packets and collect logs from assets before securely sending this data to our SOC for analysis and correlation.

USM Sensors

Endpoint Agent

AlienApps

We also deploy an agent that extends the powerful threat detection capabilities of our SOC technology to your endpoints. And our application enables us to seamlessly integrate with your existing security tools, so we can offer a consolidated approach for managing your threat detection and response.

Types of data we collect

Cloud mgmt plane

Syslog

Application logs

NetFlow

Data packets

Key service features

Our SOC combines a range of market leading security tools all integrated under one unified platform, delivering a comprehensive managed security offering. This enables us to provide advanced, next generation threat detection, incident response and compliance management.

It means we can offer broader threat coverage than other providers with early detection, reduced false positives, and streamlined incident investigations.

The technology that underpins our SOC includes:

Asset discovery

Using our advanced sensor technology, we discover and keep a live inventory of all assets on your networks. We have full transparency across all infrastructures – on-premise, cloud or virtual. We know who and what is connected – at all times – including users, devices, configurations, software and services.

Continuous vulnerability monitoring

We continuously monitor your complete network and its assets 24/7, scanning for internal and external vulnerabilities to reduce risk of exploitation or compromise. We’ll identify any potential threats and weaknesses – such as unsecure configurations and unpatched software – and deploy robust counter measures to remediate vulnerabilities.

Intrusion detection & prevention

Utilising state-of-the-art intrusion detection tools, we monitor all environments with cloud (CIDS), network (NIDS) and host intrusion detection systems (HIDS), to identify unauthorised or anomalous activity and behaviour – preventing any network intrusions or threats to security.

File Integrity Monitoring (FIM)

Cyber criminals often attempt to modify critical system files in order to gain access to your network. We monitor the integrity of your files (FIM), automatically detecting suspicious or unusual changes to files and registries. We monitor all environments (cloud, onsite, virtual, remote), operating systems (Windows / Linux) and software including SaaS e.g. Office 365, OneDrive/SharePoint and G Suite – keeping your data safe and fully secure.

Continuous threat intelligence

Our unmatched threat intelligence is powered by the AlienVault Labs Security Research Team and the Open Threat Exchange (OTX), the world’s largest open threat intelligence community plus other sources our team collates manually, such as CISP.

We receive automatic, real-time threat intelligence directly to our SOC team about emerging threats, attacker techniques, vulnerabilities, and tactical guidance on remediation. This keeps us one step ahead of cyber criminals and allows us to move quickly to hunt and eliminate any emerging threats and new vulnerabilities.

SIEM & Log Management

Our managed Security Information and Event Management system (SIEM) collects, manages and correlates log and event information from our intrusion detection systems, third-party security providers and network devices.

Continuously updated with latest threat intelligence from AlienLabs and OTX, our SIEM uses advanced correlation techniques to analyse this data to flag and alert anomalous activity across your IT environment. Our SOC team monitor and assess this data and respond quickly to remediate anything they identify as potential threats.

Your expert security team

Our SOC analysts, engineers and responders are trained to the highest professional standards ensuring we have the latest skills, knowledge and capabilities to protect your organisation from new and emerging threats.

Endpoint Detection & Response (EDR)

Our EDR solution works to compliment your existing endpoint security by automating threat hunting and detecting threats that evade traditional perimeter security like anti-virus and firewalls. We centralise the monitoring of all endpoints, on-premise or remote, providing complete transparency of your environment wherever your users are located.

Behavioural monitoring & analytics

Utilising the latest technology in the behavioural monitoring industry, we’ll build a profile of what regular system activity looks like on your network. This enables us to improve detection of unusual patterns and suspicious behaviour across your environment, so we can respond quickly to eradicate potential attacks and intrusions.

Dark web monitoring

Criminals traffic stolen digital credentials on the Dark Web for illicit purposes such as hacking your network, identity theft and for financial gain. We proactively monitor the most secretive parts of the Dark Web in real-time, keeping you safe and preventing exposure of stolen email addresses, usernames, passwords and personal identifiable information (PII).

Compliance reporting

Our SOC is built on cutting-edge technology and provides the necessary security controls, pre-built reporting and data views needed to give you a head start with compliance and regulatory standards such as GDPR, HIPAA, PCI DSS, ISO 27001, SOC2 and more.

“In this day and age, the stability and security of our IT systems is mission critical. As a public sector organisation, we needed a partner who could oversee our full IT estate and help us meet complex supply chain and regulatory requirements.

Having worked with Air IT for a number of years, it made perfect sense to outsource our Security Operations Centre (SOC) to an existing partner with a deep understanding of our infrastructure. We have since found this to be a highly efficient and cost-effective solution to help us meet our business and security needs therein.”

John Ambler, ICT Manager, Scape Group

Key benefits

  • Access the most advanced threat detection & incident response services available today
  • Protect reputation & brand identity from emerging cyber threats
  • Next generation managed security with industry leading tool-set
  • Protection across complete environment – on-premise, cloud & hybrid
  • Continuous 24/7 security monitoring identifying threats in real-time
  • Respond & stop threats instantly before they cause damage
  • Proactively hunts & eliminates threats evading perimeter defences
  • Real-time threat intelligence keeping one step ahead of hackers
  • Team of expert security professionals dedicated to your business
  • Tailored service to suit individual needs of any sized organisation
  • Reduces Total Cost of Ownership (TCO) in establishing own SOC
  • Easy to budget with transparent pricing & fixed monthly cost
  • Easily scales with changing needs & IT environment
  • Prepares for compliance needs & security goals quicker

We stop account compromises before they happen

Using intelligent, advanced, custom correlation rules, we identify and eliminate account compromises before they can happen. For example, if an O365 user authenticates from multiple countries within a short space of time – our SOC team is alerted so we can triage and respond to this threat before a potential cyber-criminal has chance to act.