CYPRO CONSULTING

24/7/365 Cyber Security Monitoring

Sleep soundly in the knowledge your network and devices are monitored around the clock with our 24/7 Cyber Security Monitoring services. Our security operations centre (SOC) uses advanced technologies to detect, analyse, and respond to threats in real time, protecting your business from data breaches.

Features

• Continuous network and device monitoring round the clock
• Advanced detection technologies utilised in Security Operations Centre (SOC)
• Real-time threat detection and response mechanisms implemented
• Security Incident and Event Monitoring (SIEM) on critical systems
• SIEM log onboarding assessment, criticality evaluation and plan
• Immediate incident response to minimise business impact
• Continuous improvement of use case library adapting to evolving threats
• Managed Detection & Response (MDR) capabilities
• Proactive threat hunting to identify potential risks preemptively
• End-Point Detection and Response (EDR) capabilities

Benefits

• Cyber threats are identified and managed in real-time
• Business impact minimised by immediate incident response
• Assurance of business continuity day and night
• Regulatory compliance met with comprehensive logs and reports
• Automatic response to cyber attacks on end-points eliminate propagation
• Enhanced resilience against cyber threats and attacks ensured
• Alleviate stress and workload of internal resources
• Improved visibility into security events and incident trends
• Move from a reactive to a proactive cyber security posture
• Customised alerts and notifications for prompt action and response

£525 to £1,400 a unit a day

• Education pricing available

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at accounts@cypro.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

723058364007117

Contact

Jonny Pelter
020 80 888 111
accounts@cypro.co.uk

Planning

• Planning service: Yes
• How the planning service works: Planning: We will assess your organisation's cybersecurity needs and objectives to define the scope of SIEM (Security Incident and Event Monitoring) deployment, including the systems, networks, and data sources to be monitored.; Criticality Assessment: We review your systems using a criticality framework to determine which systems and the order in which they should be onboarded into the SIEM.; Design: We develop a comprehensive SIEM solution design, considering factors like data sources, event correlation rules, and reporting requirements, ensuring scalability for current and future needs.; Implementation: We'll deploy the SIEM solution according to design specifications, configuring software, integrating data sources, and fine-tuning correlation rules for optimal detection capabilities.; Tuning: We'll configure data sources to send logs and security events to the SIEM platform for analysis, encompassing logs from network devices, servers, endpoints, applications, and security appliances.; Event Correlation: We'll configure correlation rules within the SIEM to identify patterns and anomalies indicative of security incidents, fine-tuning them based on your organization's specific threat landscape.; Alerting: We'll set up alerting and reduce false positives.; Incident Response Integration: Integrating the SIEM with incident response systems e.g. ITSM tool like ServiceNow.; Monitoring: Continuously monitoring the SIEM, we'll review and update correlation rules, fine-tune alerting, etc.
• Planning service works with specific services: No

Training

• Training service provided: Yes
• How the training service works: Cloud Security Best Practices Training: Cover encryption, access management, and secure configurations for the chosen cloud platform.; Threat Identification and Response Training: Educate on detecting and mitigating common cloud security threats like data breaches and DDoS attacks.; Compliance Training: Ensure awareness of industry-specific compliance requirements and methods to maintain adherence.; Incident Response Procedures Training: Teach reporting security incidents and coordinating with cloud service providers effectively.; Emerging Threat Awareness Training: Provide updates on evolving threats and trends in cloud computing security.; Interactive Workshops and Simulations: Engage participants in hands-on learning through workshops, simulations, and real-world scenarios.; Security Awareness Programs: Foster a culture of security awareness and responsibility across your organisation.; ; All this can be delivered via in-person training, eLearning, virtual instructor-led training (VILT), interactive training simulations, blended learning approach, gamified learning or access to peer learning communities.
• Training is tied to specific services: No

Setup and migration

• Setup or migration service available: Yes
• How the setup or migration service works: Data Encryption: Utilize TLS for transit encryption and AES for data at rest to secure data during migration.; Identity and Access Management (IAM): Implement RBAC, MFA, and least privilege principles to secure user access.; Network Architecture: Strengthen security with firewalls, segmentation, VPNs, and intrusion detection/prevention systems.; Vulnerability Management: Conduct regular assessments and penetration testing to identify and remediate cloud security weaknesses.; Logging and Monitoring: Set up cloud-native monitoring tools and SIEM systems to track user activities and security incidents.; Data Loss Prevention (DLP): Enforce measures to protect sensitive information during migration, including data classification and encryption.; Compliance and Governance: Ensure adherence to regulatory requirements and industry standards using governance frameworks like the CSA Cloud Controls Matrix.; Disaster Recovery and Business Continuity: Develop and test DR/BC plans with cloud-native backup, failover, and recovery services.; Secure Development Practices: Implement secure coding and DevSecOps methodologies to build and deploy applications securely.; Security Awareness Training: Provide education on security best practices to mitigate human error and insider threats during migration.
• Setup or migration service is for specific cloud services: No

Quality assurance and performance testing

• Quality assurance and performance testing service: Yes
• How the quality assurance and performance testing works: - Test Planning: Develop a comprehensive plan outlining objectives and methodologies for QA and performance testing.; - Functional Testing: Verify security service functionality, including IAM, encryption, and DLP, ensuring compliance with requirements.; - Penetration Testing: Simulate real-world attacks to identify and address vulnerabilities in the cloud environment.; - Vulnerability Assessment: Use automated tools and manual analysis to detect and prioritise security weaknesses.; - Load and Stress Testing: Assess performance and scalability under peak traffic conditions to ensure reliability.; - Resilience Testing: Validate failover mechanisms and disaster recovery plans for business continuity.; - Logging and Monitoring Testing: Confirm effectiveness in capturing security events and generating timely alerts.; - Compliance Testing: Ensure alignment with regulatory mandates such as GDPR and PCI DSS.; - Documentation and Reporting: Document findings and recommendations for stakeholders, facilitating informed decision-making.; - Continuous Improvement: Implement feedback-driven enhancements to adapt to evolving threats and technology trends.

Security testing

• Security services: Yes
• Security services type:
  • Security strategy
  • Security risk management
  • Security design
  • Cyber security consultancy
  • Security testing
  • Security incident management
  • Security audit services
  • Other
• Other security services:
  • Secure architecture review
  • Secure solution designs
  • Vulnerability scanning and discovery
  • Secure cloud migration
  • Identity and access management audits
  • 24/7 cyber security monitoring
  • Cyber security accreditation (ISO 27001, Cyber Essentials, SOC 2)
  • IT Disaster Recovery Planning
  • Cyber security project and program management
  • Cyber threat assessments
• Certified security testers: Yes
• Security testing certifications:
  • GBEST
  • CHECK
  • CREST

Ongoing support

• Ongoing support service: Yes
• Types of service supported:
  • Buyer hosting or software
  • Hosting or software provided by a third-party organisation
• How the support service works: - Cloud Security Assessments: Evaluate the security posture of cloud environments to identify vulnerabilities and compliance gaps.; - Secure Cloud Architecture Design: Develop robust and scalable cloud architectures with built-in security controls and best practices.; - Identity and Access Management (IAM) Solutions: Implement IAM solutions to manage user access and permissions, ensuring least privilege principles.; - Data Encryption and Key Management: Secure sensitive data in transit and at rest through encryption and robust key management practices.; - Continuous Monitoring and Threat Detection: Monitor cloud environments continuously to detect and respond to security threats in real-time.; - Security Incident Response and Forensics: Develop and implement incident response plans and conduct forensic investigations to mitigate security incidents effectively.; - Vulnerability Management and Penetration Testing: Identify and remediate vulnerabilities through regular assessments and penetration testing exercises.; - Compliance Audits and Governance Frameworks: Ensure compliance with regulatory requirements and industry standards through audits and governance frameworks.; - Secure DevOps and CI/CD Pipeline Integration: Integrate security into the software development lifecycle to automate security checks and ensure code integrity.; - Security Awareness Training and Education: Educate employees on security best practices and emerging threats to promote a culture of security awareness and responsibility.

Service scope

• Service constraints: We can provide on-site resource but only to organisations within the UK.

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Depends on the service level agreement.
• User can manage status and priority of support tickets: No
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: No
• Support levels: We provide different support levels depending on the needs of the client:; ; 1. Basic Support: Offers essential support services such as email or ticket-based assistance during standard business hours. Basic support may include help with basic troubleshooting, account setup, and general inquiries.; ; 2. Standard Support: Provides more comprehensive assistance with faster response times and extended support hours. Standard support often includes phone support, dedicated support representatives, and access to a self-service portal.; ; 3. Advanced Support: Offers advanced technical support services such as proactive monitoring, performance optimization, and regular health checks. ; ; 4. Advanced support may include on-site visits, dedicated account managers, and customised solutions tailored to the client's specific needs.; ; 5. 24/7/365 Support: Delivers round-the-clock support for critical security incidents and emergencies. This level of support ensures rapid response and resolution to security incidents regardless of the time of day.

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: Up to Security Clearance (SC)

Standards and certifications

• ISO/IEC 27001 certification: No
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: No
• Other security certifications: No

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Equal opportunity
  • Wellbeing

  Fighting climate change

  Energy Efficiency Assessments: we can evaluate the energy usage of existing IT infrastructure and recommend strategies for optimizing energy consumption through cloud migration and resource consolidation.; Server Utilisation Optimisation: we analyse server workloads and resource utilisation patterns to optimise server usage and reduce energy consumption in cloud environments.; Renewable Energy Integration: Assist in integrating renewable energy sources such as solar, wind, and hydroelectric power into cloud data center operations to minimize reliance on fossil fuels.; Green Data Center Design Consulting: Provide guidance on designing environmentally sustainable data centers, including efficient cooling systems, modular architecture, and waste heat reuse.; Remote Work Enablement Solutions: Implement cloud-based collaboration tools and remote work solutions to reduce commuting and office energy consumption, supporting environmental sustainability efforts.; Lifecycle Management Services: Manage the entire lifecycle of IT hardware, from procurement to decommissioning, in an environmentally responsible manner, including recycling and disposal programs.; Workload Optimisation Solutions: Implement workload optimisation strategies using cloud services such as auto-scaling, load balancing, and serverless computing to streamline resource usage and improve energy efficiency.

  Equal opportunity

  Recruitment and Hiring Practices: We employ fair and unbiased recruitment processes that focus on qualifications, skills, and experience, ensuring that all candidates are evaluated based on merit alone. We actively seek candidates from diverse backgrounds and underrepresented groups to build a talented and diverse workforce.; Diversity and Inclusion Training: We provide ongoing training and education on diversity and inclusion topics to our employees. This training helps raise awareness of unconscious biases, promotes inclusive behaviors, and fosters a culture of respect and belonging.; Equal Pay: We adhere to principles of pay equity and provide equal pay for equal work, regardless of gender, race, ethnicity, age, sexual orientation, or other personal characteristics.; Career Development and Advancement: We offer career development opportunities and support for all employees to reach their full potential. This includes mentorship programs, training workshops, and leadership development initiatives aimed at advancing individuals from underrepresented groups into leadership roles.; Flexible Work Arrangements: We recognize the importance of work-life balance and offer flexible work arrangements, including remote work options, flexible hours, and part-time schedules, to accommodate diverse lifestyles and responsibilities.; Zero Tolerance for Discrimination and Harassment: We have strict policies in place to prevent discrimination, harassment, and retaliation in the workplace. We investigate all complaints promptly and take appropriate action to address any violations of our policies.; Community Engagement and Partnerships: We engage with external organisations and community partners to promote diversity and inclusion initiatives, support underrepresented groups, and contribute to positive social change.

  Wellbeing

  Health and Safety Measures: We implement robust health and safety protocols in the workplace, including ergonomic workstations and compliance with regulations.; Mental Health Support: We offer counseling services and mental health resources to help employees manage stress, anxiety, and other challenges.; Work-Life Balance: We promote work-life balance through flexible work arrangements, including remote work options and flexible hours.; Wellness Programs: We provide wellness activities and programs to promote physical health, such as fitness challenges and nutrition workshops.; Employee Assistance Programs: We offer confidential support services through employee assistance programs for personal and work-related issues.; Professional Development: We invest in the professional growth of our employees through training, workshops, and tuition reimbursement programs.; Recognition and Appreciation: We regularly recognise and appreciate the contributions of our employees to cultivate a positive work environment.; Social Connections: We encourage social connections and community engagement through team-building activities, social events, and volunteering opportunities.; Wellbeing Policies: We have policies in place to support employee wellbeing, including flexible work policies and anti-harassment policies.; Leadership Support: Our leadership team prioritizes employee wellbeing and serves as role models for healthy work habits and self-care practices.; Feedback Mechanisms: We provide avenues for employees to provide feedback and suggestions for improving workplace wellbeing, ensuring their voices are heard and valued.; Health and Wellness Resources: We offer access to resources such as health screenings and wellness workshops to empower employees to take proactive steps towards their wellbeing.; Community Involvement: We engage in community initiatives and partnerships focused on health, wellness, and social responsibility, providing opportunities for employees to make a positive impact beyond the workplace.

Pricing

• Price: £525 to £1,400 a unit a day
• Discount for educational organisations: Yes

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at accounts@cypro.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.