Client Portal


A Security Operations Centre – or SOC – is a centralised cyber security function within an organisation. It enlists people, processes and technology to continuously monitor and improve an organisation’s security posture while preventing, detecting and responding to cyber security incidents.

An SOC is used to protect a wide range of assets from cyber crime, including personal data, business systems, intellectual property and brand reputation.

The key aims of a SOC are:

  • To detect and respond to cyber security threats
  • To increase resilience by learning about the changing threat landscape 
  • To identify and address negligent or criminal behaviours
  • To derive business intelligence about user behaviours to shape and prioritise the development of technologies

The Need For SOC As A Service

In the ever-evolving corporate landscape, companies need to proactively monitor their environment in order to protect their customers’ identities, safeguard their intellectual property and avoid business disruption. This allows them to rapidly detect threats and accurately respond before attackers are able to cause material damage.

You’ll need a SOC in place if you:

  • Run an online service
  • Store sensitive data (which is accessed by employees, customers or partners)
  • Share personal data with other organisations
  • Operate a unified threat management system for multiple different business locations


Bruce & Butler’s Managed SOC service – in partnership with and powered by IBM QRadar – provides the right mix of intelligence, human expertise, and cutting-edge technology to continually protect your organisation from cyber security threats. 

With this continuous monitoring in our safe hands, you can then focus on running your business – securely. This service provides all the benefits of a fully managed SOC without breaking your IT budget.

What We Offer


Our managed Security Information and Event Management system (SIEM) is a 24/7 intelligent cyber threat protection service, designed to monitor your infrastructure, systems, network and web applications for potential security breaches.

The SIEM collects and logs event data generated by different types of devices, collating it into one centralised hub to be assessed by a security analyst.
The SIEM allows our analysts to have a holistic view of the network and combines multiple data feeds into one place, ensuring everything can be efficiently monitored. This allows us to identify any threat or vulnerability within a matter of minutes and remediate it before it becomes an issue.


Utilising state-of-the-art technology, we’ll build a profile of what regular system activity looks like on your network. This enables us to improve detection of unusual patterns and suspicious behaviour across your environment, allowing us to respond quickly to eradicate potential attacks and intrusions.


Intrusion detection is the process of monitoring the events occurring within your network and analysing them for signs of possible incidents, violations or imminent threats to your security policies.

Intrusion Detection Systems (IDS) sit inside the network. We can then monitor inbound and outbound traffic depending on what devices are forwarding logs to us. The IDS analyses the network and provides us with the information we need to ensure your network is running securely and hasn’t been breached.

Furthermore, Intrusion Protection Systems (IPS) act to block threats that are identified within your network.


Threat Mining is the approach of actively researching (mining) threats on the web. Investigating what potentially could harm or affect your organisation and ensuring the correct countermeasures are in place.

Threat mining is an ongoing activity conducted by our highly certified Security Operations Centre Analysts. All threats are added to our central threat database, ensuring all of our clients have the correct measures in place to counter threats.

Using the most up-to-date techniques and tooling, our Security Operations Centre scours the web for threats. This is the piece of the puzzle that could be the difference in whether you are breached, or you prevent a breach.


Just a few years ago, compromised credentials and adversary communication could be found simply on the surface web. Modern encryption and privacy mechanisms mean that this is no longer possible, with sensitive information being traded on the dark web.

Bruce & Butler utilises industry-leading dark web monitoring technology to monitor dark and inaccessible corners of the internet in real time, identifying indicators of compromise pertaining to an organisation.


Cyber attackers will often attempt to modify your critical system files in order to gain a foothold on your network and infrastructure. 

File Integrity Monitoring enables the Bruce & Butler SOC to quickly detect and respond to any activity of this nature, keeping your files safe at all times.


Due to the agile nature of network infrastructure, new vulnerabilities present themselves on a regular basis. Therefore, it’s critical to monitor, remediate and categorise these vulnerabilities on a continuous basis. Sometimes, fixing a vulnerability can lead to more vulnerabilities being identified.

During our onboarding process of the Security Operations Centre solution, we run a detailed threat identification and categorisation process. This identifies what threats there are on the network and how impactful they are to the business.

Threats are then categorised as:

  • Critical (Very high business impact – fix imminently), 
  • High (High business impact – fix as soon as possible), 
  • Medium (Medium business impact – fix when required, ideally quickly), and
  • Low (Low business impact, fix when able, low immediate risk factor).

Our Services

Contact Us

Drop Us a line

Contact Us

  • This field is for validation purposes and should be left unchanged.