Managed Security Orchestration Automation and Remediation (SOAR)

A subscription service built on our expertise that correlates and enriches your security alerts, and where possible automatically remediates the incident in line with your needs, without you losing control.

Our team of experts manage your dedicated solution that your teams can work in to protect your organisation.


  • 24x7 Security Monitoring
  • UK Security Operations Centre
  • Underpinned by Threat Intelligence
  • Real Time Reporting
  • Customer Remote Access capability
  • Automated Remediation
  • Fully owned subscription model
  • Playbook Development
  • Application Integration delivering robust security
  • Integrates with 11 SIEMs and 19 EDR Solutions


  • detect cyber threats from any event source
  • utilises the investment an organisation has already made
  • utilises the best of breed security applications
  • best in class security content created in house
  • underpinned with the latest threat intelligence
  • automated reporting enables management to understand security risk
  • automated remediation removes security risks in less than one minute
  • integration with your own ITSM toolset makes management easy
  • collaboration between customer teams and our experts
  • enabling customers to understand their security risks easily


£6,000.00 a licence a month

  • Education pricing available

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at kknight@talion.net. Tell them what format you need. It will help if you say what assistive technology you use.


G-Cloud 13

Service ID

3 1 9 0 0 5 4 5 5 7 0 8 0 2 6


Talion Keven Knight
Telephone: 07833094049
Email: kknight@talion.net

Service scope

Software add-on or extension
What software services is the service an extension to
It integrates with a SIEM or an EDR solution, but can also be used with Next Generation Firewalls.
Cloud deployment model
  • Public cloud
  • Private cloud
  • Community cloud
  • Hybrid cloud
Service constraints
Our Managed SOAR service is based a cloud SOAR platform based on Google Clouds SIEMplify application, you subscribe to the platform and have a dedicated platform for yourself.

We enable customers to enhance their security service without needing to invest in these expertise roles.
System requirements
  • We can own the entire service and manage 100%
  • We can collaborate in a hybrid service model
  • You need a source to gather security relevant information from
  • We utilise the software and licences you already procured
  • Is agnostic in the software we integrate with
  • We provide the cloud platform for you to work from
  • We can add resources to help with the security triage

User support

Email or online ticketing support
Email or online ticketing
Support response times
We have a series of SLAs in place depending on severity of ticket. A P1 Security Incident can be responded to in less than 5 minutes.
User can manage status and priority of support tickets
Online ticketing support accessibility
WCAG 2.1 A
Phone support
Phone support availability
24 hours, 7 days a week
Web chat support
Yes, at an extra cost
Web chat support availability
24 hours, 7 days a week
Web chat support accessibility standard
WCAG 2.1 A
Web chat accessibility testing
This web chat is actually in the SOAR platform, so you can chat with our experts on a security incident.
Onsite support
Support levels
We provide P1-P4 support levels for service and security incidents, depending on the severity of the incident. All defined in our Operate Schedules we provide. These are included in the pricing we agree.

We can provide an Account Manager, some customers don't want one, some want a light touch, and others a more integrated customer advocate. Each level has a price point.
Support available to third parties

Onboarding and offboarding

Getting started
We have an onboarding team and documentation. We work with you through the process and utilise our own project teams to ensure that you have a successful service as soon as possible.
Service documentation
Documentation formats
  • HTML
  • PDF
End-of-contract data extraction
The data is held by the customer as we are providing a subscription model. If we manage this on your behalf, then data can be exported or deleted.
End-of-contract process
We include the switching off of the service as any new provider will just point event sources to a new location. We delete the data we hold and confirm that this has happened.

We can provide a full exit of service but this is an extra cost.

Using the service

Web browser interface
Supported browsers
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
Application to install
Designed for use on mobile devices
Differences between the mobile and desktop service
All access points are developed to render for the requesting device, so, whilst the interface may offer a slightly different aesthetic, functionality is consistent across the end user platforms.
Service interface
User support accessibility
WCAG 2.1 A
Description of service interface
As a customer you subscribe to the SOAR platform, so your interface is the SOAR. However, we also provide access to our ITSM platform which is Servicenow, or we can integrate an E-Bonding integration to your own ITSM. The ITSM is provided as a portal to your business to log incidents, questions etc.
Accessibility standards
WCAG 2.1 A
Accessibility testing
What users can and can't do using the API
We use API integration through out the service to bring software solutions into our service, engage with customers on incident management, share our portal and reporting. The Managed SOAR platform is a cloud version dedicated to you, with all the integrations via API.
API documentation
API documentation formats
  • HTML
  • PDF
API sandbox or test environment
Customisation available
Description of customisation
The service portal and service management interfaces can be customised to meet user preferences. This includes interface schemes (including high contrast), custom dashboards, custom reporting and search capabilities. Any user with access to these systems is able to take advantage of all customisation options.


Independence of resources
Our service is fully resilient enabling the highest availability for all customers. Where we run a multi-tenanted service there is customer segregation to ensure one customer is secure and does not impact another. Where we operate hybrid we provide dedicated cloud instances.


Service usage metrics
Metrics types
We provide real time reporting on a wide range of metrics, all of which are customisable by the customer, where each user can have reports that are relevant for them.
Reporting types
  • API access
  • Real-time dashboards
  • Regular reports
  • Reports on request


Supplier type
Not a reseller

Staff security

Staff security clearance
Conforms to BS7858:2019
Government security clearance
Up to Security Clearance (SC)

Asset protection

Knowledge of data storage and processing locations
Data storage and processing locations
  • United Kingdom
  • European Economic Area (EEA)
  • Other locations
User control over data storage and processing locations
Datacentre security standards
Managed by a third party
Penetration testing frequency
At least once a year
Penetration testing approach
‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
Protecting data at rest
  • Physical access control, complying with CSA CCM v3.0
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Encryption of all physical media
  • Scale, obfuscating techniques, or data storage sharding
Data sanitisation process
Data sanitisation type
Deleted data can’t be directly accessed
Equipment disposal approach
Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data export approach
Via a request, we carry out any data export for them. We ingest security relevant data to the service.
Data export formats
  • CSV
  • Other
Other data export formats
Data import formats
Other data import formats
  • We ingest the data not the customer
  • Raw text

Data-in-transit protection

Data protection between buyer and supplier networks
IPsec or TLS VPN gateway
Data protection within supplier network
TLS (version 1.2 or above)

Availability and resilience

Guaranteed availability
We contract to a service availability of 99.9% and have SLAs that offer service credits as part of the availability metrics. These credits are taken on the next invoice to the customer.
Approach to resilience
Talion leverage public cloud technologies, consisting of PaaS and IaaS services. These are delivered in a highly available and scalable way through the in built highly available architecture and multi-region, multi-availability zone functions.
Outage reporting
The process is through our ITSM toolset, this creates a service incident. This may be E-Bonded to the customer ITSM as well. This creates an email as a secondary delivery mechanism and our team of Service Delivery Managers reach out and speak to the customers.

Identity and authentication

User authentication needed
User authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Dedicated link (for example VPN)
  • Username or password
Access restrictions in management interfaces and support channels
Logical access to Talion’s network is controlled internally using unique network user IDs and passwords. Password controls are enforced within Active Directory by policies that require strong passwords and changes to passwords every 30 days for all systems, with restrictions on re-use. After a predetermined number of unsuccessful access attempts, a user is locked out of the network via Active Directory. Access to the facility is controlled through a computer-controlled access system utilizing proximity key fobs. Employees are granted unescorted access to the area solely based on their job functions, and such access must be approved by the Security Officer
Access restriction testing frequency
At least every 6 months
Management access authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Dedicated link (for example VPN)
  • Username or password

Audit information for users

Access to user activity audit information
Users have access to real-time audit information
How long user audit data is stored for
Access to supplier activity audit information
Users have access to real-time audit information
How long supplier audit data is stored for
How long system logs are stored for

Standards and certifications

ISO/IEC 27001 certification
Who accredited the ISO/IEC 27001
ISO/IEC 27001 accreditation date
What the ISO/IEC 27001 doesn’t cover
The entire organisation is ISO/IEC 27001 certified.
ISO 28000:2007 certification
CSA STAR certification
PCI certification
Cyber essentials
Cyber essentials plus
Other security certifications
Any other security certifications
SOC2 Type 2

Security governance

Named board-level person responsible for service security
Security governance certified
Security governance standards
ISO/IEC 27001
Information security policies and processes
We hold and provide a full suite of security policies and processes, including:
Access Control Policy
Information Security Policy
Data Classification Policy
IT Operations Policy
Acceptable Use Policy
Control of Information Policy
Human Resources Policy
Supplier Security Policy

Our Information Security Officer ensures that these policies are understood via training, and adhered to through regular testing by our external continuous auditing. Escalation is to our ISMS Management Committee and then the Board.

Operational security

Configuration and change management standard
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Configuration and change management approach
The Company’s system development lifecycle (SDLC) is set forth within the Managed Security Services (MSS) Change Management Policy
Changes that need to be migrated to production systems are approved by management prior to implementation, and the approval is documented within the request for change.
Talion maintains separate environments for development/testing and production.
Access to promote changes into production is limited to authorized IT personnel.
Emergency change requests regarding production issues that must be fixed immediately follow the above process, with the exception that approval can occur up to one business day after the change is promoted to production.
Vulnerability management type
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Vulnerability management approach
Talion performs weekly network vulnerability assessments utilizing a third-party tool. The third-party tool provides daily updates for threats and threat levels with high priority patches (CVSS 3.0 score 7 and above) being deployed no later than 2 weeks from release.
Talion’s management is responsible for monitoring the quality of internal control performance as part of their duties. Management reports have been developed that measure the results of various processes involved in servicing clients. These reports include:
• Processing completion reports
• Transaction volume reports
• Processing error reports
• Service-level statistics
• Development project status reports
Protective monitoring type
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Protective monitoring approach
Talion utilizes third party Security and Incident Event Management tools to provide real-time security monitoring and event collection information to our in house SOC, this information is categorized based in severity of potential compromise and presented to the security analysts in a priority order to ensure review and reaction in a timely manner. For high priority potential compromises this will be reviewed and notified within 60 minutes of the incident being raised increasing in duration as the severity of the potential compromise reduces.
Incident management type
Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
Incident management approach
Talion defines a service incident as an occurrence that would lead to the loss of, or disruption to, operations, services, or functions and result in Talion’s failure to achieve its service commitments or system requirements. Such an occurrence may arise from a security event, security incident, failure to comply with applicable laws and regulations, error, or by other means. User will raise incident reports via the Service Management Tool with reports provided to management upon raising the incident.

Secure development

Approach to secure software development best practice
Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

Connection to public sector networks

Social Value

Fighting climate change

Fighting climate change

As a company we have created an Employee Engagement forum, this is where the employees of the business are involved in key initiatives.

Talion are committed to reducing the environmental impact of our business activities, here are some key points:​

Talion’s business is digital and has little use for physical materials such as paper & plastics, we run a paperless office for example.

The majority of the Talion infrastructure is Azure based. Their policy includes 100% renewable energy by 2025.​​

We chose to move from an outskirts office to a city centre location to provide better public transport links to our team, meaning less reliance on cars as primary mode of transport​.​

We have introduced a flexible home working policy to reduce the demand for people to travel into the office either via personal or public transport.​

Our Carbon Footprint Approved Service confirmed the SOC Office achieved 100% diversion from landfill, 88% recycled and 12% Refuse Derived Fuel (RFD). ​
Covid-19 recovery

Covid-19 recovery

Our service centres are open and staff do work from these locations.

We have a remote capability of our services to ensure that any Covid-19 issues reoccur, and our Employee Engagement team work with staff to understand any concerns or issues that the staff have.

Our locations allow for distanced working where required, and have hygiene stations in place to ensure hygiene standards remain high. Should someone test positive they work remotely or are signed off work depending on severity of illness.
Tackling economic inequality

Tackling economic inequality

We are a community of equals, all working in pursuit of a common goal, to protect our clients from the many faces of cyber crime.​

Cyber crime is present the world over and Talion’s capabilities depend on a variety of characteristics from the teams located across the globe. From an array of ethnicities, religions and socioeconomic backgrounds we develop a wide spectrum of innovative ideas and solutions to keep our customers safe.​ We manage an equal opportunities and equal pay program, have anti-slavery policies in place.
Equal opportunity

Equal opportunity

A key area for our Employee Engagement teams is equal opportunities. We understand the importance of maintaining the strength within the Talion team and this is achieved by providing an environment which is fair, respectful for everyone. ​Here are some key points:​

Anti-Discrimination or harassment is managed via the Equal Opportunities Policy.​

We have licenced online training packages in many technologies & skills, available to all.​​

All staff are trained in the process and working practices for diversity & inclusion.​​

A formal repository for all employees to submit suggestions and ideas for improvements is available.​​

Regular questionnaires are sent to all employees to measure their satisfaction, the questionnaires contain a free text forum for any feedback.​


Again another key area for the Employee Engagement Forum, where mental health is a key deliverable for the team:

We offer Employee Assistance from a professional body should an employee require this.

We provide quiet remote working for those roles that need to distance from the noise of the business.

We provide leave on birthdays for all staff.

We have a regular social side to bring a better work, life balance to all employees.


£6,000.00 a licence a month
Discount for educational organisations
Free trial available

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at kknight@talion.net. Tell them what format you need. It will help if you say what assistive technology you use.