Exponential-e, the British cloud and network provider, has today launched its Cyber Security Operations Centre (CSOC) with a view to making defence in-depth the default standard for the mid-market. The company is looking to disrupt the status quo by allowing companies to embed compliance standards within the perimeters of that the CSOC monitors, equipping companies with a real-time view of their compliance status. In addition, Exponential-e is calling time on volatile events-per-second and service-based pricing models, offering an asset-based pricing model that will allow companies to align the CSOC with their cyber strategy.
As networks and requirements change, disparate security systems across the IT environment have their own GUI. This creates a significant compliance headache for businesses, making it near impossible to accurately assess compliance adherence across a multitude of interfaces. The result is a fragmented view of compliance that is prone to error. The Exponential-e CSOC is capable of monitoring for compliance to multiple standards, from best practice through to PCI-DSS and ISO 27001. The very nature of this type of monitoring lifts a heavy burden when adhering to regulations such as GDPR.
It correlates and aggregates information from any device or service across a customer’s security estate to provide analysis based on each individual company’s priorities through one single ‘pane of glass’. By layering analyst capabilities over monitoring services, the CSOC is able to report on:
External vulnerabilities – preventing different attack vectors from outside the network
Threat detection – monitoring the security estate and seeking out threats that have yet to be activated
Internal vulnerabilities – analysing devices within scope to see how their security posture can be enhanced
Network intrusion detection – identifying inbound threats and anomalies in network traffic
Network security monitoring – proactively monitoring for anomalous behaviour spanning applications, networks, systems and data access.
Jeff Finch, Cyber Security Product Manager, Exponential-e commented: “The economy relies on every company having access to robust security services and technologies. Yet in the mid-market, where firms are evolving fast, sometimes it’s simply not possible to skill-up as they evolve and neither can they leave data security to chance. Their brand and future growth depends on them being able to demonstrate that they take data governance extremely seriously.
“It’s this segment of the market where the cyber skills crisis bites hardest, and so they need a partner that they can work with. Equally, they need a more pragmatic pricing model – one that doesn’t profit from them for being the victim of an attack. It’s like having an old fashioned gas meter and the balance running out just as a cold spell hits. Suddenly in the midst of a breach, the CISO has to go cap-in-hand to the board for money. Such an approach leaves companies vulnerable and with little choice but to play fast and loose with their cyber investments, which is not a sustainable model.
Exponential-e provides a suite of proactive services supported by the CSOC,; all of which will be accessible to all customers. The SLA for reporting an event is one hour; this ensures a dedicated analyst has investigated the incident before it is reported to avoid providing false positives. In addition, communication with clients is always secure. A variety of mechanisms ensure that confidential technical information about the security estate is only revealed to the correct people. During the last 18 months, Exponential-e has developed a comprehensive range of security services and partnerships, all of which will be integrated into the CSOC.