iCyberDefence Limited

20 Eastbourne Terrace, Paddington, London W2 6LG, UK

Sales Tel : +44 (0) 020 8242 4756
Sales Email:  enquiry@icyberdefence.com

Our Privacy Policy

©2018 by iCyberDefence, a brand registered under  iCyberDefence Limited, registered in England and Wales, 10980510

Registered Office: 27 Old Gloucester Street, London, WC1N 3AX

Security Operation Centre (SOC) and SIEM-as-a-Service

Discover Our Expertise

Our 24x7 Security Operation Services (SOC) that leverages all necessary things to overcome security risk across the organisational landscape, and also it helps you to stay ahead of the cyber threats and retain the environment very safe and secure. Unlike other managed security service providers, we don't restrict our service with number of security incidents. We will always be with you whether you have one security incident in a year or 10000s, it's truly unlimited

 

Our 24x7 SOC capabilities are delivered through an ISO27000 accredited data centre and operation centre based in Chennai, India under the governance of a specialist cyber security expert team based in London, UK.  Our SOC offering is powered by AlienVault Unified Security Management (USM) SIEM Platform. AlienVault has been consistently rated by Gartner, SC Magazine and Forbes as a visionary in Security Information and Event Management (SIEM) market place that provides comprehensive security monitoring (asset discovery, vulnerability assessment, intrusion detection, behavioural monitoring, and SIEM log management and correlation.)

 

Our security experts possess CEH, CISSP, CISM, CISA etc. certifications providing the capability to analyses incidents, deal with false positives, and respond appropriately to critical events.

Already purchased SIEM Tool? Explore our "Customised SOC and SIEM Offering"

Our Cyber Security SOC Service Offering

Incident Response & Remediation

Our skilled and certified SOC analysts monitor and manage the security information captured in our SIEM platform 24 x 7 x 365 days, and conduct detailed analysis for breach investigation, build processes for management of incident's. Unlike other managed security service providers, we don't restrict our service with number of security incidents. We will always be with you whether you have one security incident in a year or 10000s, it's truly unlimited. 

The logs generated by information systems, servers, security devices; networks and application provide critical information that is useful for detection of state of the security.

Information generated from the assets on continuous basis, yields different sets of information that reflect the pattern of system behaviour.

Our incident response team provides fastest tailored made incident response plan for enterprise based on your needs.

Network and Systems Behaviour Monitoring

Behaviour monitoring is essential from identifying unknown threats. Our security experts will perform network and system behaviour analysis by monitoring your critical infra 24/7 from our Security Operations centre. 

Protocol analysis on network traffic will provide full replay of events that occurred during a potential breach. This information will be used to investigate suspicious behaviour and policy violations.

Threat Intelligence Services

Threat intelligence services provides manual and automated (AlienVault OTX) threat identification. We typically collect data from numerous sources and performs a threat assessment by generating actionable information in the form of data feeds.

It includes IP addresses, malware hashes and malicious domains. With threat intelligence feeds, we are moving one step further in cyber security with prioritising security risks from different sources.

Use Case and Correlation rule Creation/Tuning

Threat correlation is the core of SIEM platform. The use cases configured within SIEM tool defines the sequence of events that could indicate security weaknesses or cyber-attack. We will continuously monitor your IT environment and create/amend SIEM correlation rules in coordination with your technical team so that your security posture is always up to date.

Our SIEM-as-a-Service Offering

Our Cyber Security SOC offering is powered by AlienVault Unified Security Management (USM) SIEM Platform. Our SOC service and SIEM-as-a-Service go hand in hand.

Our SIEM solution offers flexible architectural options and operating models that you can choose from:

  • Option 1: AlienVault Cloud SIEM solution (Recommended by iCyberDefence)

    • Software-as-a-Service (SaaS) AlienVault USM Platform hosted in AlienVault’s USA or EMEA data centre as per your choice. We offer 30 days (default) log retention.

    • Secure log transfer from your on-premise or cloud based systems to the SIEM Platform.

    • Support of NetFlow log collector(s) for enhanced security monitoring and forensic capability.

    • Quick to set up, very low capital investment and annual-subscription based cost model.

    • Most suitable for the organisations who have cloud-first IT strategy.

 

  • Option 2: AlienVault On-premise SIEM solution 

    • AlienVault USM Platform hosted in your own data centre. 

    • Support of NetFlow log collector(s) for enhanced security monitoring and forensic capability.

    • Most suitable for the organisations who have special regulatory and compliance requirements e.g. GxP, FDA, FISMA, SOX, GDPR to keep data in their own data centre.

  • Option 3: AlienVault Hybrid SIEM solution 

    • Software-as-a-Service (SaaS) AlienVault USM Platform hosted in AlienVault’s USA or EMEA data centre as per your choice. We offer 30 days (default) log retention.

    • On-premise log collectors to gather logs from the systems hosted in your on-premise data centre(s).

    • Support of NetFlow log collector(s) for enhanced security monitoring and forensic capability.

    • Most suitable for the organisations who have IT systems hosted in cloud and on-premise data centres, and willing to adopt cloud based security solution. 

  • Option 4: AlienVault AWS/Azure Cloud SIEM solution

    • AlienVault USM Platform hosted in public cloud (AWS, Azure) as Infrastructure-as-a-Service (IaaS).

    • Secure log transfer from your on-premise or cloud based systems to the SIEM Platform.

    • Support of NetFlow log collector(s) for enhanced security monitoring and forensic capability.

    • Most suitable for the organisations who have already adopted AWS or Azure public cloud infrastructure, and reluctant to use AlienVault's cloud infrastructure.

 

  • Option 5: Customised SOC and SIEM solution

    • Bespoke solution and service to provide 24 x 7 SOC monitoring for incident response, remediation and threat intelligence services using your chosen SIEM tool. We currently support Splunk, IBM QRadar and EMC RSA SIEM Platforms

    • Most expensive SOC service as it requires us to provide dedicated technical resource(s).

    • Most suitable for the organisations who have already purchased a SIEM Platform and need help in SIEM administration and/or looking for a 24 x 7 SOC service using their chosen SIEM tool. 

We offer a wide range of consulting services with the necessary tools and expertise to help secure your business. We partner with our clients from start to finish, focusing on their needs while producing new ideas, developing effective security strategies and designing high quality, scalable and cost-effective security solutions.

 

Even though we started in 2017, our security consultants have been helping organisations of all sizes on how to respond to cyber threats since 2007. Our years of experience have taught us to make your business success our key priority. 
 

Our team of experts is ready to help you develop strategies for not only surviving, but thriving in the future. Give us a call today to set up your first consultation.

 

 

We will build a partnership with you to understand your technical requirements and develop a transition management plan to design, build and test SIEM solution, and to integrate the solution with our SOC service. 

Unlike other managed security service providers, we don't restrict our service with number of security incidents. We will always be with you whether you have one security incident in a year or 10000s, it's truly unlimited

 

Once SOC service is fully operational, we will engage with your technical team regular basis to ensure that our SOC analysts have up-to-date understanding of your IT environment. Such interactive approach will gurantee that our SOC service remains fit-for-purpose during our contract period. 

We will provide you a customer portal to manage security incidents, and regular reports that will describe vulnerabilities, ranked by security risk and remediation recommendations. Our reporting follows a standard format with two sections:

  • Executive report - A jargon and buzz-word free true executive-level summary with high level findings, root causes, and recommendations based on potential risk to your organisation

  • Technical report – Specific technical details of the assessment and raw data, targeted to technical staff.

 

Our SOC service is performed remotely through our 24 x7 ISO27001 accredited Security Operation Centre (SOC) in India. Security threat and risk analysis, recommendations and reporting are conducted in London, UK. 

Our AlienVault SIEM-as-a-Service pricing model is simple, flexible and based on few key criteria’s:

  • How many data sources (i.e. IP addresses) you want us to integrate with our SIEM Platform? We have slab and volume based pricing options.

  • Whether you want to implement AlienVault's Network Intrusion Detection System (NIDS) and/or Host Intrusion Detection System (HIDS) security modules along with USM SIEM solution, in case if you don't already have NIDS or HIDS solution from other vendor(s). We strongly recommend to have NIDS and/or HIDS solution for a greater cyber threat visibility.

  • What is your log retention requirement, subject to your legal and compliance requirements? The default log retention is 30 days.

Please note, our on-premise SIEM-as-a-Service supports  up to 2000 Events Per Seconds (EPS) in a single instance. For larger installation, you will need multiple instances. Our Cloud based SIEM-as-a-Service has no such restriction.

 

​Our Customised SOC and SIEM Service (where you already have an existing SIEM solution) pricing model is based on few key criteria’s:

  • One time consultation charges depending on the current state of SIEM implementation (for example, is it tuned or requires tuning), device integration requirements, custom policies and service migration requirements. 

  • Whether any specific skillset is required or not

  • Is there a need for dedicated support team

Sounds interesting?

Commercials

Our Deliverables