Claranet Security Operations Centre (SOC)

Upgrade your defensive capability across prevention and detection with the experience of a reliably proficient, pragmatic, results-driven SOC. Detect faster, increase the pain for attackers, and lower the success rate of cyberattacks against your organisation.

Get in touch

Close the breach-detection gap


One of only a handful of CREST-accredited SOCs, accreditation is a mark of our commitment to providing a watertight security baseline for our customers, year after year.


Our threat hunting methodologies tie directly to adversary tactics and techniques from the MITRE ATT&CK® framework, keeping us focused on the activities that hit attackers where it hurts the most.

For teams with an Assume Breach mindset

Focusing on prevention alone holds security teams back from addressing novel, complex, and persistent threats. It's never a matter of if but when. Claranet’s SOC provides post-prevention protection to manage the real risk that your organisation has been compromised or soon will be.

It can take years to build and train a SOC team to the level your organisation needs. Turn that timeline into days, by plugging into a SOC with competence across security engineering, threat hunting (TH), threat intelligence (TI) research, incident response (IR), cyber forensics, and more.

As well as managing thousands of events and hundreds of novel threats daily, we can handle complex, enterprise-scale SIEM deployments and their management. When you don’t have the time or resources to optimise and stay ahead, we’re on the front line already.

CREST accreditation: what difference does it make?

Holding CREST SOC accreditation provides customers with the assurance that across our people, processes, and technology, we provide the industry standard for threat protection and customer service. This is the absolute baseline for organisations focused on achieving cyber resilience.

The core objective of the CREST SOC Accreditation is to identify companies who provide comprehensive, high quality and repeatable SOC services to buyers

Accreditation demonstrates our commitment to quality, relevancy, and expertise across monitoring, detection, and response. In real terms, it means we’re on top of our processes, in full control of our systems, and fully aware of our performance, without fail. We’re transparent with this 360-degree view, providing our customers with the confidence that we’re meeting – and measurably exceeding – the standards expected of us.

The areas we are assessed and passed by include:

  • Having good business and operating arrangements in place to run an effective service
  • Accurately identifying individual customer requirements for our service
  • Using appropriate tools, technology, procedure, and practices
  • Being able to correctly identify and analyse events and respond to alerts
  • Protecting the SOC and wider Claranet business from compromise
  • Determining an effective course of action for mitigations

Find out how our SOC can help protect your organisation

Get in touch

SOC-managed services

Managed Detection and Response (MDR)

Find out more

Managed Detection and Response for Microsoft Sentinel

Find out more

Endpoint Detection and Response

Find out more

Intelligence-led threat hunting

Threat intelligence

Threat intelligence is data that has been collected, processed, and analysed, to understand a threat actor's motives, targets, and behaviours.

Claranet’s SOC uses this data to identify live attackers present on your estate and make faster, evidence-based decisions about what they might do next and how to stop them.

We use reputable and reliable threat intelligence feeds, including the AT&T Open Threat Exchange (OTX) to harvest TI data. This is used to create custom alerts, which automate and scale threat detection and inform threat hunting activities.

Threat hunting

Following compromise, an attacker may persist on your network, going undetected for months, sometimes years, as they work to evade detection.

Our threat hunters look for movement in the misleading silence. Using indicators shared via public threat intelligence, or uncovered independently, they proactively detect attackers even before an alert is created.

We use hunting methodology based on the MITRE ATT&CK® framework and in line with the pyramid of pain to increase the cost, resource, and energy that attackers require to achieve actions on objectives. This represents the most efficient, effective, and potent level of detection, forcing attackers to redesign their most complex tactics – or withdraw.

Your portal to the SOC

Claranet Online enables you to assess your managed security activity through one, neat platform.

Take control

  • Dashboard
  • Manage portal admin
  • View and manage hosted servers
  • Access panels for active services (MDR/EDR/hosted solutions)

Understand your data

  • Analytics (ticket status; incident status; change and support requests)

Request support

  • Raise incident/request support
An image of the SOC portal interface

SOC service overview


Our SOC is on hand to deal with your direct communication. Contact them via phone or email, 24/7/365.

Speak to the specialists who understand the threats facing your organisation from the inside.

Service review

We analyse and review our service to you every 3 months, addressing:

  • SLA pass/fail rate
  • Incident management
  • Data consumption
  • Escalation breakdown
  • Service improvements


Comprehensive data to help you assess the performance of your services and report back to the organisation. Our monthly reports contain:

  • Overview of SOC performance
  • SLA pass/fail rate
  • Threat metrics
  • Top 5 threats
  • Novel threat analysis
  • Support log
  • Threat hunt log
  • Threat intelligence log
  • Appendix


We commit to triaging every ticket within 30 mins of the original alert.

Agreed SLAs from P1 to P5 (inc. severity):

  • P5: Close as benign
  • P4: 4 hours to notify (low)
  • P3: 2 hours (medium)
  • P2: 30 mins (high)
  • P1: 15 mins (critical)

Book a 1-2-1 consultation

Speak to our team, develop your knowledge, and confidentially discuss your security challenges via a no-commitment 1:1 consultation. Whether it's a specific solution you need more information on or a question you can't find an answer to, we're here

Contact us today by leaving us a message in the contact form and a member of our team will be in touch soon.

Tel: 0330 390 0504

Our accreditations and partnerships

iso 9001 accredited
iso 14001 accredited
iso 22301 accredited
iso 27001 accredited
iso 27017 accredited