Managed Security Orchestration Automation and Remediation (SOAR)
A subscription service built on our expertise that correlates and enriches your security alerts, and where possible automatically remediates the incident in line with your needs, without you losing control.
Our team of experts manage your dedicated solution that your teams can work in to protect your organisation.
Features
- 24x7 Security Monitoring
- UK Security Operations Centre
- Underpinned by Threat Intelligence
- Real Time Reporting
- Customer Remote Access capability
- Automated Remediation
- Fully owned subscription model
- Playbook Development
- Application Integration delivering robust security
- Integrates with 11 SIEMs and 19 EDR Solutions
Benefits
- detect cyber threats from any event source
- utilises the investment an organisation has already made
- utilises the best of breed security applications
- best in class security content created in house
- underpinned with the latest threat intelligence
- automated reporting enables management to understand security risk
- automated remediation removes security risks in less than one minute
- integration with your own ITSM toolset makes management easy
- collaboration between customer teams and our experts
- enabling customers to understand their security risks easily
Pricing
£6,000.00 a licence a month
- Education pricing available
Service documents
Request an accessible format
Framework
G-Cloud 13
Service ID
3 1 9 0 0 5 4 5 5 7 0 8 0 2 6
Contact
Talion
Keven Knight
Telephone: 07833094049
Email: kknight@talion.net
Service scope
- Software add-on or extension
- Yes
- What software services is the service an extension to
- It integrates with a SIEM or an EDR solution, but can also be used with Next Generation Firewalls.
- Cloud deployment model
-
- Public cloud
- Private cloud
- Community cloud
- Hybrid cloud
- Service constraints
-
Our Managed SOAR service is based a cloud SOAR platform based on Google Clouds SIEMplify application, you subscribe to the platform and have a dedicated platform for yourself.
We enable customers to enhance their security service without needing to invest in these expertise roles. - System requirements
-
- We can own the entire service and manage 100%
- We can collaborate in a hybrid service model
- You need a source to gather security relevant information from
- We utilise the software and licences you already procured
- Is agnostic in the software we integrate with
- We provide the cloud platform for you to work from
- We can add resources to help with the security triage
User support
- Email or online ticketing support
- Email or online ticketing
- Support response times
- We have a series of SLAs in place depending on severity of ticket. A P1 Security Incident can be responded to in less than 5 minutes.
- User can manage status and priority of support tickets
- Yes
- Online ticketing support accessibility
- WCAG 2.1 A
- Phone support
- Yes
- Phone support availability
- 24 hours, 7 days a week
- Web chat support
- Yes, at an extra cost
- Web chat support availability
- 24 hours, 7 days a week
- Web chat support accessibility standard
- WCAG 2.1 A
- Web chat accessibility testing
- This web chat is actually in the SOAR platform, so you can chat with our experts on a security incident.
- Onsite support
- No
- Support levels
-
We provide P1-P4 support levels for service and security incidents, depending on the severity of the incident. All defined in our Operate Schedules we provide. These are included in the pricing we agree.
We can provide an Account Manager, some customers don't want one, some want a light touch, and others a more integrated customer advocate. Each level has a price point. - Support available to third parties
- Yes
Onboarding and offboarding
- Getting started
- We have an onboarding team and documentation. We work with you through the process and utilise our own project teams to ensure that you have a successful service as soon as possible.
- Service documentation
- Yes
- Documentation formats
-
- HTML
- End-of-contract data extraction
- The data is held by the customer as we are providing a subscription model. If we manage this on your behalf, then data can be exported or deleted.
- End-of-contract process
-
We include the switching off of the service as any new provider will just point event sources to a new location. We delete the data we hold and confirm that this has happened.
We can provide a full exit of service but this is an extra cost.
Using the service
- Web browser interface
- Yes
- Supported browsers
-
- Internet Explorer 11
- Microsoft Edge
- Firefox
- Chrome
- Safari
- Application to install
- No
- Designed for use on mobile devices
- Yes
- Differences between the mobile and desktop service
- All access points are developed to render for the requesting device, so, whilst the interface may offer a slightly different aesthetic, functionality is consistent across the end user platforms.
- Service interface
- Yes
- User support accessibility
- WCAG 2.1 A
- Description of service interface
- As a customer you subscribe to the SOAR platform, so your interface is the SOAR. However, we also provide access to our ITSM platform which is Servicenow, or we can integrate an E-Bonding integration to your own ITSM. The ITSM is provided as a portal to your business to log incidents, questions etc.
- Accessibility standards
- WCAG 2.1 A
- Accessibility testing
- None
- API
- Yes
- What users can and can't do using the API
- We use API integration through out the service to bring software solutions into our service, engage with customers on incident management, share our portal and reporting. The Managed SOAR platform is a cloud version dedicated to you, with all the integrations via API.
- API documentation
- Yes
- API documentation formats
-
- HTML
- API sandbox or test environment
- Yes
- Customisation available
- Yes
- Description of customisation
- The service portal and service management interfaces can be customised to meet user preferences. This includes interface schemes (including high contrast), custom dashboards, custom reporting and search capabilities. Any user with access to these systems is able to take advantage of all customisation options.
Scaling
- Independence of resources
- Our service is fully resilient enabling the highest availability for all customers. Where we run a multi-tenanted service there is customer segregation to ensure one customer is secure and does not impact another. Where we operate hybrid we provide dedicated cloud instances.
Analytics
- Service usage metrics
- Yes
- Metrics types
- We provide real time reporting on a wide range of metrics, all of which are customisable by the customer, where each user can have reports that are relevant for them.
- Reporting types
-
- API access
- Real-time dashboards
- Regular reports
- Reports on request
Resellers
- Supplier type
- Not a reseller
Staff security
- Staff security clearance
- Conforms to BS7858:2019
- Government security clearance
- Up to Security Clearance (SC)
Asset protection
- Knowledge of data storage and processing locations
- Yes
- Data storage and processing locations
-
- United Kingdom
- European Economic Area (EEA)
- Other locations
- User control over data storage and processing locations
- Yes
- Datacentre security standards
- Managed by a third party
- Penetration testing frequency
- At least once a year
- Penetration testing approach
- ‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
- Protecting data at rest
-
- Physical access control, complying with CSA CCM v3.0
- Physical access control, complying with SSAE-16 / ISAE 3402
- Encryption of all physical media
- Scale, obfuscating techniques, or data storage sharding
- Data sanitisation process
- Yes
- Data sanitisation type
- Deleted data can’t be directly accessed
- Equipment disposal approach
- Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001
Data importing and exporting
- Data export approach
- Via a request, we carry out any data export for them. We ingest security relevant data to the service.
- Data export formats
-
- CSV
- Other
- Other data export formats
- JSON
- Data import formats
- Other
- Other data import formats
-
- We ingest the data not the customer
- Raw text
Data-in-transit protection
- Data protection between buyer and supplier networks
- IPsec or TLS VPN gateway
- Data protection within supplier network
- TLS (version 1.2 or above)
Availability and resilience
- Guaranteed availability
- We contract to a service availability of 99.9% and have SLAs that offer service credits as part of the availability metrics. These credits are taken on the next invoice to the customer.
- Approach to resilience
- Talion leverage public cloud technologies, consisting of PaaS and IaaS services. These are delivered in a highly available and scalable way through the in built highly available architecture and multi-region, multi-availability zone functions.
- Outage reporting
- The process is through our ITSM toolset, this creates a service incident. This may be E-Bonded to the customer ITSM as well. This creates an email as a secondary delivery mechanism and our team of Service Delivery Managers reach out and speak to the customers.
Identity and authentication
- User authentication needed
- Yes
- User authentication
-
- 2-factor authentication
- Public key authentication (including by TLS client certificate)
- Dedicated link (for example VPN)
- Username or password
- Access restrictions in management interfaces and support channels
- Logical access to Talion’s network is controlled internally using unique network user IDs and passwords. Password controls are enforced within Active Directory by policies that require strong passwords and changes to passwords every 30 days for all systems, with restrictions on re-use. After a predetermined number of unsuccessful access attempts, a user is locked out of the network via Active Directory. Access to the facility is controlled through a computer-controlled access system utilizing proximity key fobs. Employees are granted unescorted access to the area solely based on their job functions, and such access must be approved by the Security Officer
- Access restriction testing frequency
- At least every 6 months
- Management access authentication
-
- 2-factor authentication
- Public key authentication (including by TLS client certificate)
- Dedicated link (for example VPN)
- Username or password
Audit information for users
- Access to user activity audit information
- Users have access to real-time audit information
- How long user audit data is stored for
- User-defined
- Access to supplier activity audit information
- Users have access to real-time audit information
- How long supplier audit data is stored for
- User-defined
- How long system logs are stored for
- User-defined
Standards and certifications
- ISO/IEC 27001 certification
- Yes
- Who accredited the ISO/IEC 27001
- PECB
- ISO/IEC 27001 accreditation date
- 19/03/2021
- What the ISO/IEC 27001 doesn’t cover
- The entire organisation is ISO/IEC 27001 certified.
- ISO 28000:2007 certification
- No
- CSA STAR certification
- No
- PCI certification
- No
- Cyber essentials
- Yes
- Cyber essentials plus
- Yes
- Other security certifications
- Yes
- Any other security certifications
- SOC2 Type 2
Security governance
- Named board-level person responsible for service security
- Yes
- Security governance certified
- Yes
- Security governance standards
- ISO/IEC 27001
- Information security policies and processes
-
We hold and provide a full suite of security policies and processes, including:
Access Control Policy
Information Security Policy
Data Classification Policy
IT Operations Policy
Acceptable Use Policy
Control of Information Policy
Human Resources Policy
Supplier Security Policy
Our Information Security Officer ensures that these policies are understood via training, and adhered to through regular testing by our external continuous auditing. Escalation is to our ISMS Management Committee and then the Board.
Operational security
- Configuration and change management standard
- Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
- Configuration and change management approach
-
The Company’s system development lifecycle (SDLC) is set forth within the Managed Security Services (MSS) Change Management Policy
Changes that need to be migrated to production systems are approved by management prior to implementation, and the approval is documented within the request for change.
Talion maintains separate environments for development/testing and production.
Access to promote changes into production is limited to authorized IT personnel.
Emergency change requests regarding production issues that must be fixed immediately follow the above process, with the exception that approval can occur up to one business day after the change is promoted to production. - Vulnerability management type
- Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
- Vulnerability management approach
-
Talion performs weekly network vulnerability assessments utilizing a third-party tool. The third-party tool provides daily updates for threats and threat levels with high priority patches (CVSS 3.0 score 7 and above) being deployed no later than 2 weeks from release.
Talion’s management is responsible for monitoring the quality of internal control performance as part of their duties. Management reports have been developed that measure the results of various processes involved in servicing clients. These reports include:
• Processing completion reports
• Transaction volume reports
• Processing error reports
• Service-level statistics
• Development project status reports - Protective monitoring type
- Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
- Protective monitoring approach
- Talion utilizes third party Security and Incident Event Management tools to provide real-time security monitoring and event collection information to our in house SOC, this information is categorized based in severity of potential compromise and presented to the security analysts in a priority order to ensure review and reaction in a timely manner. For high priority potential compromises this will be reviewed and notified within 60 minutes of the incident being raised increasing in duration as the severity of the potential compromise reduces.
- Incident management type
- Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
- Incident management approach
- Talion defines a service incident as an occurrence that would lead to the loss of, or disruption to, operations, services, or functions and result in Talion’s failure to achieve its service commitments or system requirements. Such an occurrence may arise from a security event, security incident, failure to comply with applicable laws and regulations, error, or by other means. User will raise incident reports via the Service Management Tool with reports provided to management upon raising the incident.
Secure development
- Approach to secure software development best practice
- Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)
Public sector networks
- Connection to public sector networks
- No
Social Value
- Fighting climate change
-
Fighting climate change
As a company we have created an Employee Engagement forum, this is where the employees of the business are involved in key initiatives.
Talion are committed to reducing the environmental impact of our business activities, here are some key points:
Talion’s business is digital and has little use for physical materials such as paper & plastics, we run a paperless office for example.
The majority of the Talion infrastructure is Azure based. Their policy includes 100% renewable energy by 2025.
We chose to move from an outskirts office to a city centre location to provide better public transport links to our team, meaning less reliance on cars as primary mode of transport.
We have introduced a flexible home working policy to reduce the demand for people to travel into the office either via personal or public transport.
Our Carbon Footprint Approved Service confirmed the SOC Office achieved 100% diversion from landfill, 88% recycled and 12% Refuse Derived Fuel (RFD). - Covid-19 recovery
-
Covid-19 recovery
Our service centres are open and staff do work from these locations.
We have a remote capability of our services to ensure that any Covid-19 issues reoccur, and our Employee Engagement team work with staff to understand any concerns or issues that the staff have.
Our locations allow for distanced working where required, and have hygiene stations in place to ensure hygiene standards remain high. Should someone test positive they work remotely or are signed off work depending on severity of illness. - Tackling economic inequality
-
Tackling economic inequality
We are a community of equals, all working in pursuit of a common goal, to protect our clients from the many faces of cyber crime.
Cyber crime is present the world over and Talion’s capabilities depend on a variety of characteristics from the teams located across the globe. From an array of ethnicities, religions and socioeconomic backgrounds we develop a wide spectrum of innovative ideas and solutions to keep our customers safe. We manage an equal opportunities and equal pay program, have anti-slavery policies in place. - Equal opportunity
-
Equal opportunity
A key area for our Employee Engagement teams is equal opportunities. We understand the importance of maintaining the strength within the Talion team and this is achieved by providing an environment which is fair, respectful for everyone. Here are some key points:
Anti-Discrimination or harassment is managed via the Equal Opportunities Policy.
We have licenced online training packages in many technologies & skills, available to all.
All staff are trained in the process and working practices for diversity & inclusion.
A formal repository for all employees to submit suggestions and ideas for improvements is available.
Regular questionnaires are sent to all employees to measure their satisfaction, the questionnaires contain a free text forum for any feedback. - Wellbeing
-
Wellbeing
Again another key area for the Employee Engagement Forum, where mental health is a key deliverable for the team:
We offer Employee Assistance from a professional body should an employee require this.
We provide quiet remote working for those roles that need to distance from the noise of the business.
We provide leave on birthdays for all staff.
We have a regular social side to bring a better work, life balance to all employees.
Pricing
- Price
- £6,000.00 a licence a month
- Discount for educational organisations
- Yes
- Free trial available
- No