Skip to main content

Help us improve the Digital Marketplace - send your feedback

MTI Technology Ltd

MTI Managed Microsoft Sentinel SIEM/SOAR/SOC service

MTI Managed SIEM (Security Information and Event Management)/SOAR/SOC Service provides centralised security monitoring, threat intelligence and response service for on-premises, hybrid and cloud environments. Our UK based Security Operations Centre, staffed with SC Cleared SecOps analysts is fully integrated with Microsoft Sentinel and offers 24*7*365 monitoring, response and assurance.

Features

  • 24x7x365 Monitoring through a UK based Security Operations Centre (SOC)
  • Aggregate and examine all your organisation’s log data
  • Proactive threat protection, analytics, alerts and response
  • Configuration of data-connectors, analytics-rules, automation-rules, playbooks, and workbooks
  • User and Entity Behaviour Analytics (UEBA)
  • Proactive Threat Hunting based on Threat Intelligence, IoA's and IoC's
  • Automated Response Actions through playbooks and automation rules
  • Service Aligned to NIST SP800-61r2 Computer Security Incident Handling Guide
  • Full Managed Service with Incident Response
  • Configuration in Customer's Sentinel tenant to retain Intellectual Property

Benefits

  • Reduce risk of successful cyber attacks
  • Provide Monitoring and Response 24x7x365
  • Industry Leading SLA's: P1, 15 minutes to detect and alert
  • Automated Response actions immediately stop attacks developing
  • World-leading Threat Intelligence updates every day
  • Continual tuning minimises false-positives
  • Proactive Threat Hunting identifies undetected attacks
  • Fully customisable dashboards and reporting
  • Full integration with ServiceNow, JIRA and other ticketing solutions
  • Security event, incident, and threat reporting

Pricing

£3,115 a terabyte a month

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at bid@mti.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

7 3 4 0 9 2 9 7 6 7 6 4 0 3 7

Contact

MTI Technology Ltd Darren Moyes
Telephone: 01483520200
Email: bid@mti.com

Service scope

Software add-on or extension
Yes, but can also be used as a standalone service
What software services is the service an extension to
MTI's Integrated Cyber Threat Defense including: Emergency Forensic Incident Response, Dark Web Monitoring, Data Leakage Detection, Privilege Access Management, MDR and XDR, Offensive Cyber Security Services (Red Teaming, CHECK/CREST/CyberScheme Penetration Testing), and Cyber Security Advisory Services (Gap Analysis, Policy, Process, Procedure, Cyber Strategy, Technical Controls, Implementation Consultancy and Technical Remediation.)
Cloud deployment model
  • Public cloud
  • Private cloud
  • Hybrid cloud
Service constraints
No
System requirements
  • Logs to feed into the service
  • Logging enabled on all devices that form the SIEM scope
  • Access to the customer's Microsoft Sentinel tenant

User support

Email or online ticketing support
Email or online ticketing
Support response times
P1 Response time is 30 minutes 24x7x365
User can manage status and priority of support tickets
Yes
Online ticketing support accessibility
WCAG 2.1 AA or EN 301 549
Phone support
Yes
Phone support availability
24 hours, 7 days a week
Web chat support
Web chat
Web chat support availability
9 to 5 (UK time), Monday to Friday
Web chat support accessibility standard
WCAG 2.1 AA or EN 301 549
Web chat accessibility testing
Testing has been done by ServiceNow and Microsoft.
Onsite support
Yes, at extra cost
Support levels
Full 24x7x365 Managed Service with full incident management. We also provide "out of hours / weekends" to support customers with existing in-house, working hours SOCs.

We include the following nominated support staff in our Managed SIEM service:
- Transition Manager
- Duty Manager
- Service Delivery Manager
- SecOpps Technical Lead Engineer
- Client Director
Support available to third parties
Yes

Onboarding and offboarding

Getting started
We provide a Full SIEM Managed Service onboarding aligned to ITIL and ISO 20000 Service Management processes including: Service Design, Service Transition and Service Operation. We collaborate with the customer on identifying log sources, logging to the correct level, onboarding log sources into the SIEM platform, agreeing a priority call out matrix for in and out of hours, identity candidates for automatic response actions and playbooks, and creation of custom workbooks and reports and training on how to access and consume the data within the platform and how to create your own custom searches.
Service documentation
Yes
Documentation formats
  • HTML
  • ODF
  • PDF
  • Other
Other documentation formats
  • PowerPoint
  • CSV
End-of-contract data extraction
All SIEM log data is stored in the customer's own Microsoft Sentinel tenant / Log Analytics workspace in-line with the data retention schedule agreed and applied during the contract. To Extract data, archived Log data is first restored into the customer's workspace, and then exported to a suitable storage account.
End-of-contract process
A designated representative from MTI will schedule a meeting or call with the customer to discuss the termination process, gather feedback, and address any concerns.
Customer Success and Account Management teams will work with the customer to develop a transition plan, including timelines, responsibilities, and any necessary assistance or support from MTI.
Technical Support will assist the customer in transferring their data, configuring new systems or services, and ensuring a smooth transition with minimal disruption to their operations.

MTI will treat all customer information, data, and feedback obtained during the exit process with strict confidentiality and use it only for the purpose of improving services or addressing customer concerns.
Technical Support a will ensure the secure deletion or transfer of customer data in compliance with data protection regulations and contractual obligations.

Using the service

Web browser interface
Yes
Supported browsers
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
Application to install
Yes
Compatible operating systems
  • Linux or Unix
  • MacOS
  • Windows
  • Other
Designed for use on mobile devices
No
Service interface
Yes
User support accessibility
None or don’t know
Description of service interface
Web based console including workbooks / dashboards, charting and powerful search and query capabilities using Kusto Query Language (KQL) searches, saved queries, in addition to security analytics, playbooks, watchlists, automation rules, and threat intelligence.
Accessibility standards
WCAG 2.1 AA or EN 301 549
Accessibility testing
Testing done by Microsoft as part of WACAG 2.a AA allignment.
API
No
Customisation available
Yes
Description of customisation
Our services can be customised to the organisations needs. Examples include: Creation of Custom Reports, Integrations and Workbooks, Customised Response Action Processes, Customised Playbooks, Customised SLA's or Incident Priority Classifications, Increased Threat Hunting Schedules, and Customised Schedule of Technical Meetings amongst other areas.

Customisations are agreed during contract onboarding and as a change notice during the contract by authorised representatives.

Scaling

Independence of resources
Through continual capacity monitoring and management, MTI ensure that the ratio of Staff per customer ensures they have sufficient time, skills and resilience to service all customers on a run and burst basis. Tracking resource consumption, we forward plan team hires in advance ensuring there is always sufficient skilled and experienced analysts available to deliver the service to agreed SLA's and KPI's.

Analytics

Service usage metrics
Yes
Metrics types
MTI produce a Monthly IT Service Management report, that includes all of the key metrics value and development of the service which can be tailored to the Customers’ requirements:
o Tickets Raised and Resolved Summary
o Successes
o Customer Experience - Performance against agreed Incident and Service Request KPI’s
o Alarm & Incident Stats and Summary / Charts
o Listing of All Incidents Raised and Status
o Service Status
o Problem Records
o Change and Service Request Summary
Reporting types
  • Regular reports
  • Reports on request

Resellers

Supplier type
Reseller providing extra features and support
Organisation whose services are being resold
Microsoft

Staff security

Staff security clearance
Conforms to BS7858:2019
Government security clearance
Up to Security Clearance (SC)

Asset protection

Knowledge of data storage and processing locations
Yes
Data storage and processing locations
United Kingdom
User control over data storage and processing locations
Yes
Datacentre security standards
Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency
At least every 6 months
Penetration testing approach
‘IT Health Check’ performed by a CHECK service provider
Protecting data at rest
Physical access control, complying with CSA CCM v3.0
Data sanitisation process
Yes
Data sanitisation type
Explicit overwriting of storage before reallocation
Equipment disposal approach
Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data export approach
All SIEM log data is stored in the customer's own Microsoft Sentinel tenant / Log Analytics workspace in-line with the data retention schedule agreed and applied during the contract. To Extract data, archived Log data is first restored into the customer's workspace, and then exported to a suitable storage account.
Data export formats
  • CSV
  • Other
Other data export formats
  • JSON
  • TXT
Data import formats
  • CSV
  • Other
Other data import formats
  • Syslog
  • CEF (Common Event Format)
  • STIX/TAXII data using the "Threat Intelligence - TAXII" connector

Data-in-transit protection

Data protection between buyer and supplier networks
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
Data protection within supplier network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Other
Other protection within supplier network
For MS Sentinel customer's the Log data is always stored in their own tenant with MTI granted least privileged access, using dedicated accounts for allocated SoC analysts, strongly authenticated with MFA. Access to the customer's tenant is granted via our Lighthouse instance. Reports and any sensitive files or documentation are shared via an Encrypted Repository with a dedicated Zone created for each Customer, which provides both encryption in transit and encryption at rest, with access restricted to authorised people authenticated via MFA.

Availability and resilience

Guaranteed availability
Uptime SLA's and Service Credits are as in-force by Microsoft [Sentinel] as outlined below:
Definitions:
"Maximum Available Minutes" is the total number of minutes that a given Microsoft Sentinel has been deployed by Customer in a Microsoft Azure subscription during an Applicable Period.

“Downtime” is the total number of minutes within Maximum Available Minutes that data in Microsoft Sentinel are unavailable. A minute is considered unavailable for a given Azure Sentinel during which no HTTP operations resulted in a Success Code.

"Query Availability Percentage" for a given Microsoft Sentinel calculated as Maximum Available Minutes less Downtime divided by Maximum Available Minutes multiplied by 100.

Query Availability Percentage: The Query Availability Percentage is calculated using the following formula:

Service Credit:
Query Availability Percentage < 99.9%, Service Credit of MS Sentinel fees only is 10%
Query Availability Percentage < 99%, Service Credit of MS Sentinel fees only is 25%
Approach to resilience
Microsoft ensures resilience for both Azure datacenters and Microsoft Sentinel through robust strategies:

Azure Datacenters Resilience:
Availability Zones: Azure regions are divided into availability zones, each with separate power, cooling, and networking. These zones are physically distinct datacenters within a region, ensuring redundancy and fault tolerance.
Redundant Architecture: Azure deploys multiple service instances across geographically separate hardware nodes, minimizing the impact of failures.
Data Replication: Data replication between datacenters provides high availability and reliability during incidents.
Proactive Reliability: Azure continually strives for high resiliency in its cloud platform.
Microsoft Sentinel Resilience:
Hardware and Network Redundancy: Sentinel leverages redundancy to minimize the impact of failures.
Data Replication: Data replication between datacenters ensures high availability.
Business Continuity Plans: Regular testing of business continuity plans ensures readiness.
Outage reporting
In the event a Service Outage occurs, alerts will be reported via email alerts, with hourly updates until the service is resumed.
Details of any outages are recorded in the Monthly ITSM report for tracking and monitoring.

Identity and authentication

User authentication needed
Yes
User authentication
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Username or password
Access restrictions in management interfaces and support channels
Azure Active Directory (AAD): Users require AAD credentials to access Sentinel's management interface.
Role-Based Access Control (RBAC): user permissions are allocated to specific roles based on principle of least privilege within Sentinel (view only, manage alerts, etc.).
Multi-Factor Authentication (MFA): is enforced for all logins.
Just-In-Time (JIT) Access: Limits access to management interfaces to specific timeframes and needs.
Access restriction testing frequency
At least every 6 months
Management access authentication
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Username or password

Audit information for users

Access to user activity audit information
Users have access to real-time audit information
How long user audit data is stored for
User-defined
Access to supplier activity audit information
Users have access to real-time audit information
How long supplier audit data is stored for
User-defined
How long system logs are stored for
User-defined

Standards and certifications

ISO/IEC 27001 certification
Yes
Who accredited the ISO/IEC 27001
British Assessment Bureau
ISO/IEC 27001 accreditation date
Initial Certification: 16 July 2013. Latest Issue: 24 June 2022
What the ISO/IEC 27001 doesn’t cover
Certification of the MS Sentinel / Azure platform is provided by Microsoft.

MTI's certification covers the entirety of the Managed Service delivered by MTI with the certification scope being "The protection of information for the provision of Cyber and Data Security, Datacentre Modernisation, IT Managed Services and IT Transformation Services to clients across all sectors worldwide."
ISO 28000:2007 certification
No
CSA STAR certification
No
PCI certification
No
Cyber essentials
Yes
Cyber essentials plus
Yes
Other security certifications
Yes
Any other security certifications
  • ISO/IEC 20000 - Information technology — Service Management
  • ISO 22301 - Security and resilience, Business Continuity Management Systems
  • ISO 9001 - Quality Management Systems
  • CHECK Scheme Member
  • CREST Scheme Member
  • Cyber Scheme Member

Security governance

Named board-level person responsible for service security
Yes
Security governance certified
Yes
Security governance standards
  • ISO/IEC 27001
  • Other
Other security governance standards
ISO 9001 - Quality Management Systems, ISO/IEC 20000 - Information technology — Service Management and ISO 22301 - Security and resilience — Business Continuity Management Systems
Information security policies and processes
MTI follow security policies and processes developed and maintained under our UKAS certified ISO/IEC 27001 - Information Security Management Systems (ISMS). Delivery of the SIEM/SOC service is also aligned to NIST SP800-61r2 for Computer Security Incident Handling Guide.

Operational security

Configuration and change management standard
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Configuration and change management approach
Configuration and change management processes are aligned to our ISO/IEC 20000 - Information technology — Service Management certification.
ISO/IEC 20000 is the international standard for IT service management. It provides guidance for establishing, implementing, maintaining, and continually improving an effective IT Service Management System.
Vulnerability management type
Supplier-defined controls
Vulnerability management approach
As a CHECK, CREST, Cyber Scheme Certified penetration testing company, MTI have robust Vulnerability management processes in place.
Threat Assessments: MTI carry out regular vulnerability assessments, and penetration testing. Vulnerabilities are rated and prioritised based on Criticality, Availability of Exploits and Potential Impact.
Patch Deployment: where proven safe to do so, automatic patching and agent updates are configured. For critical systems, a risk assessment is conducted, with patches tested on non-critical hosts prior to deployment.
Threat Sources: Numerous Security Advisories, Vendor Alerts, and Threat Intelligence feeds.
Protective monitoring type
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Protective monitoring approach
MTI continuously monitor system logs, security platforms (Firewall, EDR, IPS, Proxy logs) and security events for anomalies (aligned with ISO27001 controls and NIST SP800-61R2 recommendations). MTI carry out proactive threat hunting based on threat intelligence, IoC's and IoA's. Upon detecting suspicious activity, we initiate automated containment procedures where available and notify the relevant security resolver personnel immediately for investigation, containment, eradication and recovery (aligned with incident response best practices). Response time depends on the severity of the incident with P1's investigated within 15 minutes and responded to within 30 minutes.
Incident management type
Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
Incident management approach
Pre-defined playbooks exist for frequent events, ensuring a swift response (in accordance with ISO27001). Users report incidents through designated channels (telephone call for P1's to MTI's Service Desk, with email, and ticketing system for lower priority issues). Upon receiving a report, a dedicated team investigates, determines severity, and implements necessary actions working with relevant internal or external resolvers. Incident reports are documented and shared with relevant parties (in line with NIST SP800-61R2) including, Details of the incident, Investigation procedures and results, Identification of key indicators of compromise (IoCs) or indicators of attack (IoAs), Remediation actions taken and lessons learned.

Secure development

Approach to secure software development best practice
Conforms to a recognised standard, but self-assessed

Public sector networks

Connection to public sector networks
No

Social Value

Social Value

Social Value

  • Fighting climate change
  • Covid-19 recovery
  • Tackling economic inequality
  • Equal opportunity
  • Wellbeing

Fighting climate change

MTI publishes an annual Quality & Environmental (Q&E) Policy statement, which is aligned to its ISO 9001 & ISO 14001 accreditations and the annual EcoVadis CSR review and accreditation. MTI’s Corporate & Social Responsibility policies integrate our business values and operations to meet our strategic objectives and the expectations of our customers, employees, investors, suppliers, the community and the environment. By putting our CSR into practice, we are committed to conducting ourselves responsibly and in an ethical manner, creating a positive and supportive working environment, supporting local communities, improving service levels to customers, acting fairly and collaboratively with suppliers and other third parties, to deliver solutions that support our environmental objectives. Our Environmental Management System, recognised by independent ISO 14001 Environmental Management certification, incorporates our Environmental Policies and Procedures.Demonstrating our commitment to protecting the environment and sustainability. We undergo regular independent audits to demonstrate our commitment to improvement. Our management review programme and CSR and Environmental Reporting, evaluate and demonstrate our environmental achievements, through measurement of impacts as a result of all business activities, monitoring of reduction targets, achievements against objectives & results from our activities, initiatives and environmental commitments. Our FY2022 focus includes; Zero-Carbon Society: we will strive to achieve zero emissions from our own business activities and encourage carbon neutrality within our supply chain. Through comprehensive energy conservation activities and the use of renewable energy, we aim to reducing our carbon footprint and impact on the environment through reduction of contributions to greenhouse gases (GHGs) and annual CO2 emissions, and support supplier commitments; •Partnering with Tier-1 suppliers who are committed to carbon neutrality, evidenced through annual environmental and sustainability assessment •Commitment form partners/product vendors to commit to supplying packaging with a minimum of 50% recycled content (80% Cardboard) or be entirely derived from sustainable sources.

Covid-19 recovery

In response to the COVID-19 pandemic, MTI has implemented thorough in-house technology solutions allowing over 90% of our staff to be based at home, including the majority of our service delivery staff. This approach provides greater job opportunities across the region without the potential for geographically disadvantage, and ensures we have skilled staff locally across the UK to deliver our core services. Where MTI are delivering longer-term services to Buyers, MTI is committed to sourcing and utilising local suppliers to provide relevant elements of the service and would support running local supplier days to publicise the delivery and give opportunities for local company involvement. MTI recognises that the COVID-19 pandemic presents challenges for graduate employment and is offering employment opportunities for graduates in order to support local students to progress from higher education into jobs utilising their skills and knowledge.

Tackling economic inequality

MTI has invested significantly in developing in house skills and capabilities in order to provide high-class services across a wide range of technologies and disciplines, with emphasis on providing a wide range of professional and managed services. Our Internal Development Programmes and individual development plans ensure that all employees are offered opportunities for learning and development and provides skills training for new employees and existing employees to prepare them for promotions, transfers or new responsibilities. Our development programmes help our employees stretch their capabilities and those of the organisation, upskilling employees through investments in a wide range of skills and product training and development for staff and managers to broaden opportunities. Building a diverse and inclusive workplace has become an imperative part for the all-round growth and development of MTI. Therefore, our HR team takes tangible steps to create a workplace that is committed to diversity and inclusion, including providing career opportunities to support disadvantaged people into the workplace. MTI are registered to the Disability Confident scheme and have agreed to the Disability Confident commitments to provide interventions to increase employment opportunities and retention for people with a long- term health condition or disability to support these people into employment.

Equal opportunity

We recognise our obligations under the Equality Act 2010, Article 119 of the Treaty of Rome, The Race Relations Act, The Employment Equality (Sexual Orientation) Regulations 2003 and The Employment Equality (Religion or Beliefs) Regulations 2003, and The Codes of Practice published by the Equal Opportunities Commission, the Commission for Racial Equality and the European Commission; We are committed to the principle of equal opportunities in employment. We are opposed to any form of less favourable treatment or financial reward through direct or indirect discrimination, harassment, victimisation to our staff members or job applicants on the grounds of race, religious beliefs, political opinions, creed, colour, ethnic origin, nationality, marital/parental status, sex, sexual orientation, offending past, disability, age, caring responsibilities or social class. We extend protection under this Policy to our suppliers, customers, contractors, and others who are on our premises and in return expect all suppliers, customers, contractors and others to behave in the same way towards our members of staff. This policy is intended to assist the organisation to put this commitment into practice. Compliance with this policy should also ensure that employees do not commit unlawful acts of discrimination. Communicating this policy will be supported by appropriate training, and the effectiveness of this Policy will be monitored on an on-going basis. No form of intimidation, bullying or harassment will be tolerated. Implementation of this policy will be carried out where necessary by invoking the Disciplinary Procedure. Every employee is required to assist the organisation to meet its commitment to provide equal opportunities in employment and avoid unlawful discrimination.

Wellbeing

The organisation has developed an employee wellbeing policy to manage its obligations to maintain the mental health and wellbeing of all staff. It covers the organisation's commitment to employee health, the responsibilities of managers and others for maintaining psychological health, health promotion initiatives, communicating and training on health issues, the range of support available for the maintenance of mental health, and organisational commitment to handling individual issues.

Pricing

Price
£3,115 a terabyte a month
Discount for educational organisations
Yes
Free trial available
Yes
Description of free trial
Trial evaluation of MS Sentinel with support to get a small use-case up and running and the customer gain an appreciation of MS Sentinel capabilities. Trials are offered on limited scope, 31 day basis, the first 10 GB/day is free for 31 days.
Link to free trial
https://learn.microsoft.com/en-us/azure/sentinel/billing?tabs=simplified%2Ccommitment-tiers#free-trial

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at bid@mti.com. Tell them what format you need. It will help if you say what assistive technology you use.