The company is looking to disrupt the status quo by allowing companies to embed compliance standards within the perimeters of that the CSOC monitors, equipping companies with a real‐time view of their compliance status. In addition, Exponential‐e is calling time on volatile events-per-second and service‐based pricing models, offering an asset‐based pricing model that will allow companies to align the CSOC with their cyber strategy.
As networks and requirements change, disparate security systems across the IT environment have their own GUI. This creates a significant compliance headache for businesses, making it near impossible to accurately assess compliance adherence across a multitude of interfaces. The result is a fragmented view of compliance that is prone to error. The Exponential‐e CSOC is capable of monitoring for compliance to multiple standards, from best practice through to PCI-DSS and ISO 27001. The very nature of this type of monitoring lifts a heavy burden when adhering to regulations such as GDPR.
It correlates and aggregates information from any device or service across a customer’s security estate to provide analysis based on each individual company’s priorities through one single ‘pane of glass’. By layering analyst capabilities over monitoring services, the CSOC is able to report on:
•External vulnerabilities – preventing different attack vectors from outside the network
•Threat detection – monitoring the security estate and seeking out threats that have yet to be activated
•Internal vulnerabilities – analysing devices within scope to see how their security posture can be enhanced
•Network intrusion detection – identifying inbound threats and anomalies in network traffic
•Network security monitoring – proactively monitoring for anomalous behaviour spanning applications, networks, systems and data access.
Jeff Finch, Cyber Security Product Manager, Exponential‐e commented: “The economy relies on every company having access to robust security services and technologies. Yet in the mid‐market, where firms are evolving fast, sometimes it’s simply not possible to skill‐up as they evolve and neither can they leave data security to chance. Their brand and future growth depends on them being able to demonstrate that they take data governance extremely seriously.
“It’s this segment of the market where the cyber skills crisis bites hardest, and so they need a partner that they can work with. Equally, they need a more pragmatic pricing model – one that doesn’t profit from them for being the victim of an attack. It’s like having an old fashioned gas meter and the balance running out just as a cold spell hits. Suddenly in the midst of a breach, the CISO has to go cap‐in‐hand to the board for money. Such an approach leaves companies vulnerable and with little choice but to play fast and loose with their cyber investments, which is not a sustainable model."