Solutions / Cyber Security

Closed doors. Open eyes.

Most breaches don't start with hackers in hoodies — they start with a stolen credential, a missed patch, an over-permissioned mailbox. We close the doors that get left open, watch the ones we can't, and contain whatever gets through before it spreads.

  • 24/7 SOC
  • UK-based
  • Right-sized
  • Talk to an engineer
Introduction

Boring is what gets you. The credential someone reused. The patch that didn't land. The shared mailbox nobody locked down. Real attackers don't break in — they log in. Your defence has to be set up for that.

We close the doors. We keep watch. When something gets through, we contain it before it spreads.

Cyber Security

Layered defence, run as one service.

A layered programme that prevents the boring breaches, watches the ones it can't prevent, and contains anything that lands. Run by engineers, evidenced for auditors, sized for your team.

Live SOC feedEyes on glass
  • 02:14:03alertCredential stuffing on m.smith@contoso.com
  • 02:14:08isolateSession killed, MFA re-enforced
  • 02:14:12enrichIP geolocated to Belarus, added to threat intel
  • 02:14:18closeIncident resolved, evidence logged
  • 02:14:22reportComms drafted to security lead
Triage
Resolved

Closed doors — what we prevent

Identity & access

Entra ID, conditional access, MFA, privileged identity, ITDR. The single biggest lever on both security and user experience.

App control & ringfencing

ThreatLocker. Stop the binaries that shouldn't run, before they get to. Allowlist by default, ringfence by intent.

Endpoint hardening

Defender hardening baselines, attack-surface reduction, secure boot, BitLocker. Make the laptop boring to attack.

Network & SASE

Fortinet Security Fabric and a SASE platform. Segmentation, ZTNA, SD-WAN with security on by default.

Email & brand

DMARC, anti-phishing, brand-reputation monitoring. Close the inbox door — most attackers still ring it.

Open eyes — what we watch

XDR & SIEM

Microsoft Defender XDR + Sentinel. One pane of glass across endpoint, identity, mail and cloud.

24/7 managed SOC

Eyes on glass round the clock. Triage, contain, escalate, document. You wake up to a closed ticket. Detail on the dedicated /solutions/cyber-security/managed-soc page.

Identity threat detection

ITDR catches the things conditional access can't — token theft, MFA fatigue, lateral movement via identity.

Dark-web monitoring

Credentials in the open, before someone uses them. Forced rotation, conditional access, evidence trail.

Audit & reporting

Every alert, every action, every change — logged, mapped to controls, retrievable. Easy answers on audit day.

What you actually get out of all that.

Respond in minutes, not hours

SOC runbooks, pre-built isolations, named escalation owners. Mean-time-to-contain matters more than dashboards do.

Evidence everything

Auditors and boards get straight answers. Every alert, every action, every change — logged, mapped to controls, retrievable.

Size it to fit

Same controls whether you're 40 staff or 4,000. Cyber Essentials, ISO 27001 and the Defender baseline scale down without watering down.

Built onMicrosoftThreatLockerHuntressFortinet
  • ISO 27001
  • Cyber Essentials Plus + IASME
  • Microsoft Solutions Partner
Our standards

Before we get into the conversation, what we operate to.

The minimum we'll commit to managed cyber on is Microsoft 365 Business Premium (or E3+ for enterprise) — which gives us Defender for Endpoint, Intune, conditional access, MFA and sensitivity labels — plus Huntress as the managed-EDR wrap.

The tenant is the new server. The attack surface today is identity, mailbox, OneDrive, Teams and the laptop on somebody's kitchen table — we can't defend that with consumer-grade tooling any more than you'd run your file server on a shop-bought laptop.

If you're below this baseline we'll happily help you upgrade as part of onboarding and model the licence cost up front, so the maths is on the table before you commit.

A small first step

Fortinet Cyber Threat Assessment.

A fixed-scope diagnostic that names what's actually on your network, what's wrong with it and what to do about it. We drop in a Fortinet device on a span port for a fortnight, leave it to listen, and come back with a written report — applications, users, threats, bandwidth, the lot. No commitment beyond the assessment.

Fortinet
How to engage

Pick the size of the conversation.

You don't have to commit to a multi-year managed contract on day one. Most clients start small and grow the relationship as the trust does.

  1. Posture review

    Two-week, fixed-fee assessment of where you are today and the three things that would move the dial fastest.

  2. Get-to-good rollout

    A defined programme to land the controls that change risk, in the order they change risk. Quoted up front.

  3. 24/7 managed SOC

    We run the eyes-on glass and the response. You wake up to a closed ticket and a written summary.

  4. Co-managed SOC

    You keep your team in the loop; we handle out-of-hours, weekends, and the noise that ruins a Saturday.

We're delighted with the service we've received from M-Tech Systems, and the Fortinet solution is a fantastic way to give us proper insight into our network. The performance of the products has been brilliant.

Voice of the clientJay Visram · Senior IT Lead, Golding Homes
Read the Golding Homes story
FAQs

Questions we hear every week.

Can you take over the security stack we already have?
Yes — and it's most of what we do. We start with a posture review and a documented handover, so you (and we) know exactly what's running before we change anything. We'll often keep a tool you've already paid for if it's the right one.
Do you have minimum requirements to take on managed cyber?
Yes. Our baseline is Microsoft 365 Business Premium (or E3+ for enterprise) plus Huntress as the managed-EDR wrap. That gives us Defender for Endpoint, Intune, conditional access, MFA and sensitivity labels — the primitives we need to see what's running, enforce identity, and commit to a detect-and-contain SLA. The licence uplift from a basic SKU is usually a few pounds a user a month; we'll model the upgrade as part of onboarding. The wider operational reasoning behind the SKU floor is on Fully Managed Services.
Do we need both your SOC and the Microsoft Sentinel one we already pay for?
No. Sentinel is the SIEM; the SOC is the people who run it. Most clients keep their Sentinel licensing and let our SOC operate it — fewer tools, more eyes. Detail on the watch-tower service is on the dedicated Managed SOC page.
What's the difference between EDR, XDR and SIEM?
EDR watches the endpoint. XDR correlates endpoint with identity, mail and cloud. SIEM ingests everything else (Wi-Fi, SaaS, custom apps) and aggregates the lot. You usually need all three; we run them as one service.
How quickly do you respond to an incident?
Triage in minutes; containment runbooks pre-built for the common cases (credential stuffing, business email compromise, ransomware staging). The SLA is documented per service tier and we measure mean-time-to-contain monthly.
Do we need ThreatLocker if we already have Defender?
Different jobs. Defender is the catch-it net; ThreatLocker is the not-allowed-to-run-in-the-first-place wall. The two together close most of the gaps a determined attacker would otherwise find. We'll show you a posture review either way.
What does this cost for a 50-person business vs a 500-person one?
Per-seat for the platform pieces; fixed monthly for the SOC wrap. We quote the actual estate, not a sticker price. The same controls scale down without watering down — small teams get a proper programme, not a stripped one.
/ Start a conversation

Tell us what you're trying to do.

Whatever the shape of your team or your stack — multi-site, lean on IT, or somewhere in the middle — we'll listen first, ask the right questions, and tell you honestly how we'd approach it.

Talk to an engineerSee case studies