Security Operations Centre (SOC)

We live in a world where an ever-increasing number of hackers and adversaries are out to steal data from people and companies for profit, knowledge or disruption. Today’s networks are more complex than ever before and protecting them from increasingly malicious and sophisticated attackers is a never-ending task. Our fully-managed security operations centre provides your organisation with the skills, expertise and technology required to quickly counter cyber threats.

What Is A SOC?

A Security Operations Centre – or SOC – is a centralised cyber security function within an organisation. It enlists people, processes and technology to continuously monitor and improve an organisation’s security posture while preventing, detecting and responding to cyber security incidents.

An SOC is used to protect a wide range of assets from cyber crime, including personal data, business systems, intellectual property and brand reputation.

The Key Aims of a SOC Are:

The Need For SOC as a Service

In the ever-evolving corporate landscape, companies need to proactively monitor their environment in order to protect their customers’ identities, safeguard their intellectual property and avoid business disruption. This allows them to rapidly detect threats and accurately respond before attackers are able to cause material damage.

You'll Need a SOC In Place If You:

Our Managed SOC

Bruce & Butler’s Managed SOC service – in partnership with and powered by IBM QRadar – provides the right mix of intelligence, human expertise, and cutting-edge technology to continually protect your organisation from cyber security threats. 

With this continuous monitoring in our safe hands, you can then focus on running your business – securely. This service provides all the benefits of a fully managed SOC without breaking your IT budget.

What We Offer

Our managed Security Information and Event Management system (SIEM) is a 24/7 intelligent cyber threat protection service, designed to monitor your infrastructure, systems, network and web applications for potential security breaches.

The SIEM collects and logs event data generated by different types of devices, collating it into one centralised hub to be assessed by a security analyst.

The SIEM allows our analysts to have a holistic view of the network and combines multiple data feeds into one place, ensuring everything can be efficiently monitored. This allows us to identify any threat or vulnerability within a matter of minutes and remediate it before it becomes an issue.

Utilising state-of-the-art technology, we’ll build a profile of what regular system activity looks like on your network. This enables us to improve detection of unusual patterns and suspicious behaviour across your environment, allowing us to respond quickly to eradicate potential attacks and intrusions.

Intrusion detection is the process of monitoring the events occurring within your network and analysing them for signs of possible incidents, violations or imminent threats to your security policies.

Intrusion Detection Systems (IDS) sit inside the network. We can then monitor inbound and outbound traffic depending on what devices are forwarding logs to us. The IDS analyses the network and provides us with the information we need to ensure your network is running securely and hasn’t been breached.

Furthermore, Intrusion Protection Systems (IPS) act to block threats that are identified within your network.

Threat Mining is the approach of actively researching (mining) threats on the web. Investigating what potentially could harm or affect your organisation and ensuring the correct countermeasures are in place.

Threat mining is an ongoing activity conducted by our highly certified Security Operations Centre Analysts. All threats are added to our central threat database, ensuring all of our clients have the correct measures in place to counter threats.

Using the most up-to-date techniques and tooling, our Security Operations Centre scours the web for threats. This is the piece of the puzzle that could be the difference in whether you are breached, or you prevent a breach.

Just a few years ago, compromised credentials and adversary communication could be found simply on the surface web. Modern encryption and privacy mechanisms mean that this is no longer possible, with sensitive information being traded on the dark web.

Bruce & Butler utilises industry-leading dark web monitoring technology to monitor dark and inaccessible corners of the internet in real time, identifying indicators of compromise pertaining to an organisation.

Cyber attackers will often attempt to modify your critical system files in order to gain a foothold on your network and infrastructure.

File Integrity Monitoring enables the Bruce & Butler SOC to quickly detect and respond to any activity of this nature, keeping your files safe at all times.

Threats are then categorised as:

Critical (Very high business impact – fix imminently),

High (High business impact – fix as soon as possible),

Medium (Medium business impact – fix when required, ideally quickly), and

Low (Low business impact, fix when able, low immediate risk factor).