Why iomart

We’re threat intelligence experts

Lean on our cyber security analysts to help reduce the risk of cyber threats to your business, all while meeting your regulatory and compliance requirements. We’ll also reassure your customers and end users by minimising the chance of lost or compromised data. 

There are no short-cuts. Intrusion prevention systems that merely act as an alarm are becoming less and less utilised on their own. We now understand that the key to a strong security posture is the right balance of people, process and technology.  That’s why our security services combine e2e-assure’s independent cyber security know-how and threat hunting experience with our clearly defined managed service and deep infrastructure expertise.  

For more than twenty years we’ve been designing and managing secure infrastructure for government agencies, the military, and international telco and payment providers. The partnership we’ve forged with e2e-assure is watertight and deeply integrates our people and systems to deliver a single, proactive operation. Our SOC team matches exceptional monitoring and incident response with unparalleled real-time analysis of your security operations.   

Security is built into everything we do.   

The right SOC for you

We have three different SOC options for you to choose from, made for different budgets and varying needs.

Image

24/7 monitoring

Essential Security Operations Centre

With our entry level multitenant SOC you can onboard as many devices as you like. Our government security cleared analysts can defend and protect your business 24/7. 

Dual monitors showing code from a SOC service

24/7 monitoring and threat hunting

Enhanced Security Operations Centre

With our Enhanced SOC you’ll have all the functionality of our Essential SOC along with longer log retention, threat hunting, and access to our customer portal included (for full visibility of all security operations). Designed to do the heavy lifting so you can get on with running your business – our Enhanced SOC will guide you through the complex world of cyber security.   

Bank of six monitors showing a enterprise SOC system

Robust cloud security

Enterprise Security Operations Centre

There’s nothing held back – everything we offer with Essential and Enhanced Security Operations Centre, you’ll get here. Plus, we’ll run tailored threat workshops for your teams, along with discovery exercises for a full business overview. And we offer a full range of deployment options.  

Download our SOC factsheet to compare features

Under the hood of our Security Operations Centre

Security monitoring

Technology alone isn’t enough though. It can’t tell you whether a threat is a false alarm (a false positive). And it can’t take action.

With our SOC, expert security analysts and operatives will monitor your systems for anomalous behaviour, alerting you when a potential threat appears, and work alongside you to respond. Gone are the days of noisy software acting as a mere alarm system. Our SOC team will alert, respond and help you resolve.

Unpacking how security monitoring works

As we gather logs and alerts, our technology spots patterns. Any anomalies in the patterns or user behaviours means they get investigated by our specialist security teams. Any inkling of something suspicious, it’s then passed to our analysts. They use all the tools at their disposal including external vulnerability assessments, security intelligence, workflows, and playbooks to triage the threat. If there’s a genuine sign of a compromise or attack, it’s escalated to our response team – they’ll quickly be in touch with recommendations for you.

We’ll still share reports of false positives with you. It simply means we’ll have saved you time-sapping-energy analysing them yourself. You’ll know we’ve done the hard yards and that there’s nothing to worry about.

Security rules

We use security rules to examine all the system data we gather and translate it into security alerts. Anything that’s flagged as an alert gets thoroughly investigated by our analysts as standard. What data we look at is up to you. We’ll gather data from the devices and systems you choose. Based on that we’ll either us an ‘out of the box’ set of security rules, or ones that are specific to your business – which option we take depends on the SOC service you opt for.

Unpacking how an ‘out of the box’ security rule works

Our service is built around the MITRE ATT&CK framework, this is aligned to the tactics and techniques attackers are known to use. We’ve fine-tuned our suite of standard security rules over many years of frontline experience. And we continually improve the service by adding any new rules as we identify emerging security incidents.

External vulnerability scanning

Our cloud service scans your public IP addresses or URLs over the internet. External vulnerability scanning is aimed at profiling and monitoring the external exposure of your business for obvious flaws, misconfigurations, and vulnerabilities.

Unpacking how external vulnerability scanning works

By scanning for external vulnerabilities, we can tell if you’ve already been compromised, your business is vulnerable, or already infected. Your reputation could be saved by discovering something as simple as an SSL certificate that’s about to expire, detecting you’re using a poor cipher, or an exposed open relay email server. These are all quick and easy fixes that could prevent a security breach.

Depending on the service you choose, we’ll give you weekly external vulnerability scanning for up to 16 IPs or URLs.

Threat intelligence

We use our human expertise in the SOC team to build a clear picture of any anomalies our technology picks up. Our years of threat intelligence and threat management allows our team of analysts to review the possible impact of a threat, and importantly give you an action plan for your critical business functions.

Unpacking how threat intelligence works

Our platform gathers data from several sources including:

  • Open source and commercial intelligence
  • External IP address and domain name
  • Deep and dark web
  • Threat briefs
  • Threat intelligence signatures

We automatically analyse the intelligence in real-time, and run it against logs within your environments.

Threat hunting

Threat hunting is performed routinely by our most expert analysts. But we can also perform threat hunting on demand. For example, you might want us to conduct threat hunting after we’ve uncovered some threat intelligence that’s relevant to your environment or industry.

With our Enhanced and Enterprise SOC options you’ll have access to your own SIEM security portal. This is the platform our analysts use, so you’ll be able to see everything we do to protect your business. With your own log in, your in-house team can conduct their own threat hunting if they want to. And we’ll provide support and training to further enable and educate your internal team.

Unpacking how threat hunting works

We’ve hand-picked our most experienced analysts to hunt threats. They’ll look through your logs and data for any indications of potential security threats, or compromise. If or when they discover something they can:

  • fine tune your system
  • update signatures
  • update rules and existing tickets
  • make any service improvements you need

Endpoint detection and response (EDR)

This is fundamental to protect you from malware and ransomware. We’ll install EDR on all your endpoints, including your servers. We integrate with Microsoft Defender for Endpoints and Sentinel One to enhance the standard Microsoft use cases. Our security team will add extra detection rules to identify anomalous behaviour and other indicators of attack. This means we can potentially stop a threat in its tracks before it’s had a chance to do any damage.

Unpacking how EDR works

We’ll constantly monitor your EDR, and use expert knowledge and processes to investigate security information, alerts and threat data. When our analysts decide an alert is suspicious, without hesitation they’ll immediately investigate further. Whatever they find, we’ll make sure your chosen resolver group is given all the information about it, along with actions to resolve the threat.

And, as part of our service, we’ll also make best practise recommendations for your Microsoft Defender endpoint toolset.

women staring out of window thinking of challenges

The type of challenges we can help you with

You’re not sure where to start, and need to figure out your challenges and security issues before you fork out money.

Our experts will spend time understanding your business objectives, so you can make an informed decision about what level of service you need to protect your sensitive data.   

You’ve been caught out before and don’t have the skills you need in-house

Our SOC team helps you navigate the hurdles normally linked with recruiting and training your own teams. 

You know you need to be more secure but you’re worried about the costs involved

Our security solutions build on your existing investment, so nothing’s wasted. We’ll work with your in-house teams to develop a solution that’s best for you, no matter what you have in place now.  

You’re paying out for a security tool but don’t know what it’s doing or how to manage it

Security tools are only as good as those configuring and managing them. Our expertise means you know we’re managing your security operations day-to-day.  

You need to be insured and compliant 

We’ll give your infrastructure a clean bill of health. And our on-going protective monitoring supports cyber insurance, potentially cutting the cost of your premiums. 

How we help with security incidents

In alignment with the widely recognised NIST framework, our approach is split into “incident” and “response”. We’ll detect and analyse threats identified and classified as incidents. For all levels of SOC, we’ll recommend actions you should take to contain these threats through established playbooks. 

For Enhanced and Enterprise customers, our initial detection is followed by an investigation that includes full incident response and recovery from active threats. We’ll work to eradicate issues, recover data if required, and provide post incident reviews to make sure there isn’t another occurrence.

Image

They trust us, and they tell the best stories

Follow in the footsteps of the global brands we work with – they’ve tried and tested our cloud hosting platform. Here are what a select few had to say about us

“We couldn’t be happier with how they responded to a recent Business Email Compromise incident. They went above and beyond the service we pay for to help us.” Group Head of IT Compliance Travel & Tourism company
”World-leading cyber threat monitoring is critical to any modern organisation and this is exactly what they provide for us and our customers.” Phil Dawson Managing Director AUCLOUD

Want to know more, or are you in need of straightforward advice?