Cyber Security Associates Ltd

Managed Security Operations Centre (SOC), MDR Service and AppGuard MSP Service

Our fully-managed Security Operations Centre (SOC) solution provides a complete range of protection services including monitoring, managed detection and response (MDR), and prevention to security incidents 24x7x365. We also provide an Incident Response (IR) capability, consultancy and an end point protection service (AppGuard) to support cyber security needs.

Features

• Security Operations Centre (SOC) manned 24x7x365 by SC cleared staff
• Analysis and validation of security events by certified/trained security experts
• Continuous tuning of events to remove ‘false positives’
• Threat disruption/containment (SOAR) with emergency support for priority incidents
• Optimised threat-detection with proactive human threat-hunting and advanced behavioural analytics
• Customizable advanced analytics and bespoke dashboards
• Dedicated communications channel for Clients to talk to SOC Analysts
• Monthly security reporting
• Fully managed and audited ticketing system (aligned to ITSM)
• APPGUARD zero-trust protection service

Benefits

• Continuous monitoring and management of security events
• End to end management of security incidents
• Inherently improved security posture, reducing the risk of data breaches
• Flexible and scalable solution
• Full system deployment and configuration (turnkey technology stack)
• Cost-efficient SOC-as-a-service with full managed SIEM solution
• Improved threat response
• Proven technology platform to drive extended visibility and operational excellence
• Strong data governance, data not migrated to 3rd party service
• Bespoke zero-trust protection service (APPGUARD)

£5 a unit a month

• Education pricing available

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at commercial@csacyber.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

152724838228911

Contact

Commercial and Sales Team
+44 (0) 300 3034691
commercial@csacyber.com

Planning

• Planning service: Yes
• How the planning service works: CSA will conduct a discovery exercise, this will take the form of a client questionnaire and a scoping/clarification call to determine the exact requirements of the client for the SOC service.; During the scoping call an explanation of the onboarding steps will take place, as well as confirmation on how/when the service will start, how we will liaise with the client from a service perspective, and how we will report the effectiveness of the SOC service, providing example reports and example dashboards for the client. The call will also give the client opportunities to ask questions and for CSA to seek clarification on responses to the questionnaire.; ; Following the discovery exercise a complete proposal outlining all aspects of the service and breakdown of the associated service offerings will be presented in plain English. The proposal will include any optional add-on services.
• Planning service works with specific services: Yes
• Hosting or software services the planning service works with:
  • Microsoft Sentinel
  • SentinelOne
  • Microsoft Defender for Endpoint
  • AppGuard

Training

• Training service provided: No

Setup and migration

• Setup or migration service available: Yes
• How the setup or migration service works: For all SOC engagements each client is assigned a dedicated ‘on-boarding’ Technical Consultant who will setup and configure the platform, ensuring all necessary integrations into CSA’s supporting services is in place (e.g. Threat Feeds, ITSM Platform, Communication channels); The Consultant will then work with the nominated technical team(s) to confirm the services included in the SOC/SIEM monitoring platform and plan the integration of the necessary security logs into the SIEM platform. This is generally through the use of API’s, however in some cases the Consultant will also configure a dedicated collector to filter log sources and streamline the monitoring and alerting services.; Once all log feeds are confirmed as being monitored on the SIEM platform the Consultant will start implementing a series of base tuning policies to remove any unwanted/not needed logs, they will also confirm that the alerting routes are fully tested with the client.; All work performed by the Consultant with the Client is performed to an agreed schedule and based on agreed deliverables before sign-off is given and the service moving to the SOC Team.; If required CSA can also provide a Security Architect to help design and plan the SOC service and associated technical services.
• Setup or migration service is for specific cloud services: Yes
• List of supported services: Microsoft Azure

Quality assurance and performance testing

• Quality assurance and performance testing service: Yes
• How the quality assurance and performance testing works: During the ‘on-boarding’ of a customer onto the SIEM/SOC platform a series of validation checks will be performed by the CSA Technical Consultant to ensure key facets of the service works to the clients requirements before moving into formal acceptance.; ; Primary items included in the QA and performance testing are; 1. Confirmation of Client contacts and testing of escalation routes; 2. Confirmation of messaging services to be used by the CSA SOC to contact the Client ; 3. Confirmation of key alerts in place for Critical and High alarms; 4. Confirmation of reporting requirements (to be included in the monthly report); 5. Confirmation of any bespoke monitoring or dashboards required for the client; 6. Confirmation of access to the CSA ticketing system and receipt of a alerting ticket; 7. Confirmation of access to the bespoke CSA customer dashboard.; ; A checklist of deliverables agreed with the client during the on-boarding service will be signed before the service moves to the SOC team for formal monitoring

Security testing

• Security services: Yes
• Security services type:
  • Security strategy
  • Security risk management
  • Security design
  • Cyber security consultancy
  • Security testing
  • Security incident management
  • Security audit services
  • Other
• Other security services:
  • Vulnerability Scanning and Assessment
  • Supplier Assurance
  • Cyber Security Assessment
  • Penetration Testing
  • PCI-DSS Consultancy
  • Incident Response
  • Red Team Cyber Engagement
  • ISO 27001 Certification
• Certified security testers: Yes
• Security testing certifications:
  • CHECK
  • CREST

Ongoing support

• Ongoing support service: Yes
• Types of service supported: Hosting or software provided by a third-party organisation
• How the support service works: CSA offers several routes and services to provide ongoing support to all our Clients, these routes revolve around a dedicated telephone number to the SOC, a ticketing system and also a web chat capability to the SOC Analysts. All these services are available 24x7x365.; Dedicated telephone line: Will ring the SOC Shift Leader and has a call forwarding service, if the call is unanswered it will re-route to the other Analysts on the Shift, then onto the aligned SOC Technical Lead and then finally onto the SOC Manager.; Ticketing System: This is available through email, or through a bespoke customer dashboard. Clients can create new tickets and assign them a priority as well as update existing tickets; Web Chat/Instant Messenger: Our SOC Analysts use several web chat/IM services to provide instance communication to Clients.; In addition to these capabilities, and based on the service purchased, CSA will also provide a Service Delivery Manager to provide support and advice for any cyber related queries, they will also act as an escalation routes for any issues identified within the service.

Service scope

• Service constraints: Ingestion costs of MS Sentinel Service - These are to be assumed to be the responsibility of the Client, however CSA will ensure continuous tuning and other capabilities are used to ensure these ingestion costs remain as minimum as possible. ; ; Microsoft licencing costs - It is assumed that the Client will maintain all Microsoft related licences required to run the Microsoft products within their tenant.

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Our SLA's can be found within the Service Definition document, these SLA's are indicative but can be tailored to suit our Client needs.
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: WCAG 2.1 AA or EN 301 549
• Phone support: Yes
• Phone support availability: 24 hours, 7 days a week
• Web chat support: Web chat
• Web chat support availability: 24 hours, 7 days a week
• Web chat support accessibility standard: WCAG 2.1 AA or EN 301 549
• Web chat accessibility testing: Our CSA Team remain agnostic in terms of web chat/IM services required by our Clients, and are able to use dedicated assistive technology tools requested by users.
• Support levels: Our SOC is available 24x7 to discuss and answer any queries raised by the Client. The SOC is manned by qualified and certified cyber security analysts, who are all trained to provide elements of Incident Response.; If required, CSA can also provide Service Delivery Managers, Technical Security Consultants, vISM's/vCISO's, as well as qualified/certified PCI/QSA's and ISO Auditors to help with any security/consultancy related issue.; Within our company we also have a CREST and CHECK Certified Penetration Testing Team, who are able to provide Penetration and Red Teaming services. All Clients are aligned to a dedicated Account Manager who will work with the Client to ensure all their cyber security needs are met and competitive quotes are provided

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Conforms to BS7858:2019
• Government security clearance: Up to Security Clearance (SC)

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: Alcumus ISOQAR
• ISO/IEC 27001 accreditation date: 15/08/2022
• What the ISO/IEC 27001 doesn’t cover: N/A
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: Yes
• Other security certifications: Yes
• Any other security certifications:
  • ISO 9001 Certification
  • Microsoft Solutions Partner for Security (Threat Protection Specialism)
  • Microsoft Solutions Partner for Security (Cloud Security Specialism)
  • IASME CE & CE+ Assessors
  • QSAC

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Covid-19 recovery
  • Tackling economic inequality
  • Equal opportunity
  • Wellbeing

  Fighting climate change

  The environment and climate change is a core value within CSA, some of the initiatives are as follows: Company Ride to Work scheme in place to encourage less car use. We have moved to hybrid working to reduce carbon fuels on the commutes and have a wider range of distributed offices to enable staff to work in an office closer to home. All cleaning materials are eco products. We have dramatically reduced all forms of travel and invested in high quality video conferencing facilities. CSA has moved a paperless environment and moved all IT infrastructure from on premise to the cloud.

  Covid-19 recovery

  Prior to the Covid-19 pandemic starting we had already established remote working practices which were cyber secure, these were shared with local businesses as a free resource. We developed various policies for our staff to ensure a safe working environment and shared these with other businesses through social media. We held several mental health initiatives for our staff to ensure that they weren't isolated, including regular social evenings and events held online. We continued to recruit during the pandemic and used online interviews and meetings to both select and on-board new employees into the company. CSA continues to employ a geographically dispersed workforce post the pandemic, so regular communications and updates is a core part of our ways or working.

  Tackling economic inequality

  We have increased our staff numbers by over 50% during the pandemic, with remote working we were able to advertise and recruit from of different demographics. Our staff are now extremely diverse in every area, but especially neurodiversity, as much of our work benefits from lateral thought. We spread our recruitment nets wider and have taken on people without a background in cyber and trained them. We provide free support into the local Gloucestershire Local Enterprise Partnership and advise smaller businesses on their cyber security posture without having to break their budgets. Finally, CSA is an active member of Cyber First, promoting cyber into local Schools and actively encourages ‘work experience’ students for a week of immersive training with CSA.

  Equal opportunity

  CSA has a varied and diverse workforce and embraces the strengths of every individual within the company. Mental health is also championed within the organisation along with other minority groups, with centralised training and support available for all employees. The nature of cyber is that physical disability is not an issue for us and often neurodiversity is a great benefit as the analysis of threat actors who are attacking networks requires a variety of perspectives. Our recruitment process is fully transparent to ensure there is no prejudice in selection. Every individual is given the same opportunity to join CSA through a series of technical interviews and remote face to face interviews. All suppliers are vetted to ensure that there is no possibility of modern slavery and all CSA staff are paid above the minimum living wage.

  Wellbeing

  CSA recognise that the support of health and wellbeing is essential in any modern business. CSA hold regular events which promote health and wellbeing and provide free online resources and access to Group HR to ensure everyone is aware on what they can leverage if support is needed. Throughout the year we hold various remote social events to ensure that those remote working members of staff are not excluded from activities which are regular and varied. We have a dedicated Employees Forum who work with the Managing Director to suggest and implement areas that will benefit all employees. CSA provides the Chair role on the Gloucestershire Local Enterprise Partnership Cyber Tech Group which advises other businesses on the cyber threat and ways of staying safe against cyber crime.

Pricing

• Price: £5 a unit a month
• Discount for educational organisations: Yes

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at commercial@csacyber.com. Tell them what format you need. It will help if you say what assistive technology you use.