Security Operations Centre (SOC)
We are very proud that our world class service was independently recognised in 2018 when NCC Group become only the second organisation globally to achieve CREST SOC accreditation.
Our Security Operations Centre (SOC) delivers managed security solutions for clients around the globe. Our physical SOCs in the UK and the Netherlands work together as a unified 24/7 capability, and our 75 analysts draw on decades of experience to detect and respond to cyber-attacks as soon as they occur.
- Drive down business risk
- Secure your investment in new digital technology
- Maintain a holistic, 360 degree view of your enterprise by combining a spectrum of ‘best in class’ technologies
- A proactive solution, underpinned by world class threat intelligence
- Keeping watch every minute of every day
Our SOC Services
The NCC Group SOC offers an array of services that work together to deliver a comprehensive Managed Detection and Response service. At the core of the service are three elements:
- Managed and Hosted SIEM: We collect and analyse multiple logs from customer enterprises as per their bespoke security requirement. We interrogate this data in real time using our Managed Detection Engine to identify malicious and anomalous activity. We offer the ability to fully manage existing customer SIEMs from our SOCs
- Cyber Threat Management: CTM is a proprietary NCC Group capability that analyses inbound and outbound traffic in real time against known signatures. CTM is highly agile; it is tuned constantly on the basis of intelligence and the changing threat picture
- EndPoint Detection and Response: We employ Carbon Black and our own proprietary solution to detect and respond to malicious activity that occurs in endpoint devices
Data from the above technologies and others are aggregated in our SIEM where they are analysed in concert with detailed threat intelligence. The real power of the NCC Group SOC approach lies with our ability to take a holistic view of an event based on data from multiple sources.
Why NCC Group's SOC?
- The Human Factor: We employ world leading technology to distil the billions of events we see a month down to the few hundred that matter, after which our analysts step in to really add value. In an environment where our people deal with the broadest range of cyber threats on a daily basis, they very quickly become highly experienced and specialised. By getting the right events in front of the right people quickly, we ensure that even the most serious attacks are investigated and mitigated before they cause damage
- Collaborative Approach: We have found that the best way to respond to cyber security events is collaboratively, so we notify clients immediately on detection and then work with them through incident resolution. We ensure that clients have access to our dashboards so that they can play a full role in resolution should they wish to. This partnership-based approach keeps all parties informed and achieves better results faster
- Intelligence at the Heart: We believe that cyber security must evolve from being a traditionally reactive business. To get on the front foot, we work to anticipate the threat before it impacts. That is why we are investing so heavily in cyber threat intelligence. The results are immediately apparent – we already detect up to 40% of malicious network traffic using signatures developed by our analysts based on our intelligence
- Demonstrable Excellence: We became only the second SOC globally to be accredited by CREST and we are ISO 27001:2013 and ISO 9001 certified