Cyber Defense Center (SOC)

Protection against attacks through prevention is an essential part of cybersecurity. Place your trust in an experienced Security Operation Center (SOC). Our SOC consists of over 100 cyber defence experts across Europe who specialise in preventing attacks. We help you to detect cyberattacks faster and make life difficult for attackers.


Don’t give attackers a chance to spot your vulnerabilities

Claranet is CREST-accredited

As one of the few CREST-accredited Security Operation Centers, the accreditation is a sign of our promise to provide our clients with an airtight security foundation year after year.

Find out more about Claranet’s CREST accreditation

Tools based on MITRE ATT&CK®

Our threat-hunting methods are directly linked to attacker tactics and techniques from the MITRE ATT&CK® framework so we can focus on the activities that hit attackers where it hurts most.

Be prepared for the worst case scenario

Focusing on prevention alone keeps security teams from tackling novel, complex and persistent threats. It’s not a question of if, but when. Claranet’s SOC provides post-prevention protection to manage the real risk that your company has been compromised or will be soon.

It can take years to build and train an SOC team to the level your company needs. Turn that time into days by deploying an SOC with skills in Security Engineering, Threat Hunting (TH), Threat Intelligence (TI) Research, Incident Response (IR), Cyber Forensics and more.

Not only can we manage thousands of events and hundreds of new threats every day, but we can also handle complex, company-wide SIEM implementations and management. If you don’t have the time or resources to optimise and stay one step ahead of the attackers, we’ll do it for you.

Find out how our SOC can protect your company

Intelligence Threat Hunting

Threat Intelligence

Threat intelligence is data that has been collected, processed and analysed to understand an attacker’s motives, goals and behaviours.

Claranet’s SOC uses this data to identify active attackers on your network and make faster, evidence-based decisions about what they might do next and how to stop them.

We use reputable and reliable threat intelligence feeds, including AT&T Open Threat Exchange (OTX), to collect TI data and then create custom alerts to automate and scale threat detection and support threat hunting activities.

Threat Hunting

After a compromise, an attacker can remain hidden on your network for months, sometimes even years, working to evade detection.

Our threat hunters look for movement in the deceptive silence. Using indicators shared via public threat data or which you have uncovered, they proactively detect attackers even before an alarm is triggered.

We use a hunting method based on the MITRE ATT&CK® framework and aligned with the Pyramid of Pain to increase the cost, resources and energy attackers need to achieve their goals. This represents the most efficient and effective level of detection, forcing attackers to redesign their most complex tactics – or simply give up.

Manage all security services in one dashboard

Claranet Online allows you to manage your Claranet Managed Security Services from a single, clear platform.

Take control

  • Dashboard
  • Portal management
  • View and manage hosted servers
  • Control panels for active services (MDR/EDR/other hosted solutions)

Understand your data

  • Analyses (ticket status, incident status, change and support requests)

Support requests

  • Report incidents/request support
An image of the SOC portal interface

SOC service overview


Our SOC is available for you to contact directly. You can reach us by phone or e-mail, 24/7/365.

Talk to the specialists who know the threats to your company.

Service review

We analyse and review our service for you every three months and address it intensively:

  • SLA pass/fail rate
  • Incident management
  • Data consumption
  • Escalation breakdown
  • Opportunities to improve the service


Comprehensive data to help you evaluate the performance of your services and report back. Our monthly reports include:

  • An overview of the SOC’s performance
  • SLA pass/fail rate
  • Threat metrics
  • Top 5 threats
  • Analysis of emerging threats
  • Support logs
  • Threat hunt logs
  • Threat intelligence logs
  • Attachments


We are committed to processing each ticket within 30 minutes of the alert.

Agreed SLAs from P1 to P5 (including severity):

  • P5: Close as harmless
  • P4: Notification in 4 hours (low)
  • P3: 2 hours (medium)
  • P2: 30 minutes (high)
  • P1: 15 minutes (critical)

SOC Managed Services

Managed Detection and Response

Detect and combat threats quickly. The Claranet SOC supports you in protecting your company against complex attacks.

Find out more

Endpoint Detection and Response

Protect your network with EDR before an attack develops. Analysts check security alerts on your systems in real time.

Find out more

CREST accreditation: What is the difference?

CREST SOC accreditation assures our customers that we provide the highest standard of threat protection and customer service with our staff, processes and technology. This is the absolute basic requirement for organisations that want to achieve cyber resilience.

The main objective of CREST SOC accreditation is to identify companies that can provide comprehensive, high-quality and repeatable SOC services to clients.

The accreditation demonstrates our commitment to quality, timeliness and competence in the areas of monitoring, detection and response. In specific terms, this means that we are in full command of our processes, have complete control over our systems and know what we are capable of. With this 360-degree view, we are transparent and give our clients the assurance that we meet – and measurably exceed – the standards expected of us.

The areas in which we are assessed and have successfully passed include:

  • Good business and operating agreements to run an effective service
  • Precise determination of the individual customer requirements for our service
  • Using appropriate tools, technologies, procedures and practices
  • Being able to correctly identify and analyse incidents and respond to alerts
  • Establishing an effective approach to remedial action