What managed security services do you provide?
CyberLens' core managed service is our managed security operations centre (“SOC”) which can ingest signals from any compatible security technology via API.
In addition, we offer full configuration, management and alert triage services for the following security technologies:
- Microsoft 365 Security Stack
- Microsoft Azure (Utilising Azure Sentinel and Azure Identity Protection)
- Security Information and Event Management (SIEM)
- Endpoint Detection and Response
- Phishing Defence
- Cloud Access Security (CASB)
We also build penetration testing, basic phishing defences, and cybersquatting defences in to our managed SOC solution, and integrate with multiple threat intelligence feeds.
What threat intelligence feeds do you integrate with for managed security operations?
We can integrate with any threat intelligence feed for which there is a suitable REST or SOAP based API, pulling in threat indicators at a technical level (hashes, C2 addresses etc.). Out-of-the box, we integrate with two globally recognised threat intelligence providers for this purpose.
We also incorporate threat intelligence at the tactical and operational levels, using feeds to closely monitor the tactics techniques and procedures, as well as the real-time activities of well-known threat actors.
What is the minimum contract term for your managed security services?
All customers are free to cancel their contract with 3 calendar months’ notice. We like to earn the right to work with you on an ongoing basis.
What is a typical on-boarding period for managed security customers?
The answer very much depends on the number of integrations we need to build and the size and complexity of the environment you are asking us to protect. As a minimum, however, we would suggest a timespan of 2 month to achieve an initial level of business as usual security operations.
Is there a charge to build new integrations with technologies that CyberLens has not integrated with before?
No, this service is free of charge, and forms part of our “proof of concept” service (not available if contracting under a "CyberLens for SMEs" agreement).
Can you offer a dedicated SOC instance (i.e. where all our data resides in a dedicated instance of the software used by CyberLens for security operations)?
Yes, we can offer customers a dedicated CyberLens instance. Additional fees apply.
What happens to our security operations data and capability if we stop working with you?
The way that we have designed our service means that the majority of source data (alerts and other information) stays within the source platform, whether this be your SIEM, EDR solution or other security technology. Where we have licensed a platform to you through a CyberLens managed service, we will help you move to a direct relationship with the vendor so that you have access to it going forwards.
We can also integrate with service management platforms to record incident related information within your own service-desk tickets.
Should more be required then optionally, as part of our off-boarding procedure, we can provide you with a copy of any data, integrations and automations related to your business, present within the Cyberlens platform. We deliver this in a proprietary format that you can import in to a licensed instance of the CyberLens platform software for your ongoing use and which must be up and running in order to receive the data.
Do you offer Penetration Testing as a service?
Yes, this is something we can offer, please get in touch to discuss your requirements further.
Do you offer CISO as a service?
Yes we can offer a CISO as a service package, please contact us to discuss your requirements further.
What security vendors do you work with to help companies implement technology-based controls?
Any. The message we want to convey here is around what customers are buying when working with CyberLens professional services. Customers are investing in:
- Our understanding of the security technology landscape, including the more niche solutions available
- Significant skills and experience in the field of traditional IT infrastructure
- Project and change management skills
- A successful outcome
Whilst we may have skills and experience in one vendor’s technology over another, this is not what customers are investing in; it is instead a “side benefit”, should they opt to work with that vendor’s technology.
What benefits do you offer?
We offer all of our team members life cover, pension contributions and three additional days off for the benefit of good causes. These benefits are all available immediately upon joining.
After 6 months service, employees also receive private healthcare and are invited to join our employee ownership incentive scheme (which is open to all employees) in time for the next award date.
For operations team members, we also offer a training budget of £125 per calendar month.