Capita Managed Security Services

The fundamental principle behind effective security management is the understanding that no organisation, however good their protection, is invulnerable. Breaches will happen, and whilst it remains important to do everything possible to prevent them, it is equally important to be able to spot them when they have happened – and that is often where the key challenge is.Sophisticated modern threat actors are stealthy and know how to evade detection. The traditional answer to this question is a Security Incident and Event Management (SIEM) system.Such a system will pull together event data from a wide array of different sources: siloed logs, alerts, threat feeds, network flows, user activity and the like, and analyse it for indications that the environment has been compromised in some way.However SIEM alone is not the answer. Simply putting log data in one place and running a static set of use-cases, criteria and thresholds against it can generate a lot of noise that will tie up IT resource without making anything more secure.To make a SIEM effective, it needs to be combined with at least the following:

Manual analysis of event data and alerts – review by qualified SOC staff who can distinguish genuine threats from false positives

Additional sources of threat intel to inform the review and analysis of threat data

Background research by the security team into new and emerging threats which feeds back into regular revisions SIEM use-cases and thresholds

Tuning and refining of SIEM configuration throughout the life of the service to reduce false positives

Regular reviews of system performance and alerts generated within the period

Without these things a SIEM can become an expensive waste of time. But it can be hard for organisations to recruit & retain the skilled staff needed to provide these things.Capita’s managed security services can provide this effective management of the SIEM and remove the burden of running your own SOC internally.Our purpose-built facilities are based in Great Britain and Northern Ireland, and are staffed with certified cybersecurity professionals employing a variety of market-leading solutions. They are dedicated to finding the cyber ‘needle in a haystack’ that presages the early stage of a cyber-attack.Capita’s Belfast SOC is the most recent, state-of-the art addition, and the only one of its kind in Northern Ireland. Together with GB and India, this multi-location approach provides a degree of service resilience beyond most organisations reach and offers our customers the ability to be monitored 24/7/365.Each SOC is tapped into pre-public threat intelligence from the National Cyber Security Centre (NCSC) – a degree of foresight otherwise unattainable for most of our clients.

175 days

The average time to detect a cyber-attack in EMEA last year. In comparison, our SOCs spot threats in real-time as they develop.

How does
it work?Our SOC employs IBM QRadar, an acknowledged (by Gartner and Forrester) market-leader in the SIEM arena which gathers security intelligence from throughout a client’s estate, and currently supports more than 500 product integrations.Each SOC has the flexibility to install and manage a range of QRadar deployment options, which can be hosted in the cloud, Capita data centres or client premises.This comprehensive, end-to-end platform generates a real-time view of vulnerability across a client’s entire estate, supporting it with a global network and advanced AI and behaviour analytics.Why Capita
for MSS?

Our SOCs are purpose-built, highly secure and use the most experienced cyber-security talent.

We are a full spectrum Managed Service Providers, and don’t rely on other MSPs to respond to incidents.

Our network of multiple SOCs enables 24/7/365 monitoring and an exceptional degree of resilience.

We bring our clients the skills and capabilities of highly experienced cyber security professionals that are otherwise hard to find, expensive to employ, and difficult to retain.

We provide real-time identification of security incidents and prioritisation of those with the biggest business impact, enabling the fastest and most effective response.

Our SIEM service also allows you to collate the forensic evidence often needed for regulatory or compliance purposes.

How we make SIEMs
cost effective

SIEMS are traditionally expensive, usually because they are poorly optimised and unfocused.

We work with our customers to configure and calibrate the system so it concentrates on their top priorities.

Coupled with a range of deployment models, this helps us manage costs for our customers.

Initially, solutions can be deployed to monitor only high-risk areas of the estate – further reducing costs – and scaled up to the entire estate if needed later, and when value is realised.