Lorem ipsum dolor sit amet, consectetuer adipiscing elit, sed diam nonummy nibh euismod tincidunt ut laoreet dolore magna aliquam erat volutpat.

Cloud-Based SOC-as-a-Service

Digital Shield is a cloud-based Security and Compliance Monitoring Service that combines Technology, People and Process to deliver Enterprise-Class security and compliance services to customers for one low monthly subscription fee.

Think of Digital Shield as your very own full service Cyber defence system. We monitor your computer and network devices so you can focus on delivering your products and services to your customers.

60% of small businesses close within six months of experiencing a data breach

7×24 network monitoring

Advanced correlation

Real-time alerts

Remediation for any malicious activity

Integrated incident management workflow

Reports required for compliance purposes

Low monthly cost


Security analysts based in the Digital Shield Security Operation Centres analyse security incident and event information to identify threats and potential compromises. They investigate incident cases which are trigged by the SIEM technology and enrich incident information with 3rd Party Threat Intelligence data to further improve the identification accuracy of potential cyber-security risks and compromise within the end-customer environment.

Our SOC analysts

  • Average of more than 5 years of professional experience
  • Certifications include:
  • Certified Ethical Hacker (CEH)
  • CompTIA Security+
  • EC Council Certified Security Analyst (ECSA)
  • Certified Information Systems Security Professional (CISSP)
  • Several hold BS or MS in degrees in Information Systems and Cyber Security.



The Digital Shield Service utilises patented technology to collect and analyse log data that is generated from devices within customer’s IT infrastructure.

Log collection

In most cases, log collection requires no installation of hardware, virtual servers, or agents on an end customer’s premises. The collector software is downloaded and installed on a Windows server or workstation and then configured to collect and/or receive log data from devices within the end-customers network. The log data is encrypted and compressed before being send via the Internet to the Security Operations Centre (SOC). Other log collection methods can be deployed as specifically required by the end-customer.

Log Storage

Upon receipt of the end-customers log data at the Digital Shield SOC, the raw log files are encrypted using aMD5 hash and stored for 12 months, as standard. Longer periods of storageare available. These log files can beused as ‘Chain of custody’ if required.


A copy of each log file is then forwarded to the SIEM analytics engine where it goes through a process ofaggregation and de-duplication before being normalised using a categorisation process that automates andaccelerates the analysis of the data. Log data is processed at 100 million checks per second per analyticsengine.


Having aggregated and normalised the log files, they are then forwarded to Digital Shield’s correlation engines where the data is run against a number of pre-defined rules, or sometimes bespoke rules, to begin to automatically identify patterns of malicious activity and known indicators of compromise. The data is processed using a range of correlation techniques that, can include; Rules Based Correlation, Vulnerability Correlation, Historical Correlation, Statistical Correlation and Threat Intelligence Correlation. In addition to data being processed in real-time in the correlation engines, data is written to the database.

Incident Management

When the processed data meets the conditions identified in the rule sets, an incident is triggered and posted inthe Incident Response Module of the SIEM platform. Incidents are tagged by severity that can betied into customer SLAs. Incidents can be viewed in the Digital Shield Portal as well as being forwarded to 3rd Party trouble ticket systems.


Incident cases are created by robust rulesets which trigger on correlations of well-defined Indicators of Compromise (IOC). The cases generated include a description of the security threat along with all the supporting evidence pulled from raw message logs and supporting correlated events.

Using a combination of industry recognised Incident Management work-flow processes based on NIST, MITRE, and SANS best practice, analysts investigate the Incident Cases which are automatically generated by the SIEM product. Specific information is identified by analysts and documented within the case notes as well as detailed, step-by-step, procedures that need to be followed to remediate the security incident. Each incident is then prioritized/scored based on information from our Threat Intelligence feeds and any Incident that is not marked as a false positive is sent on to the partner for follow-up/remediation.

The Digital Shield SOC is available 24×7 via web portal, email and phone for any required follow-up or questions on Incident Cases.


Do you know who wants to steal your customer’s data and why?

Do you have an internal team of advanced deep cyber security experts?

Can you afford a 7×24 Security Operations Center (SOC)?

Can you keep pace with the rapidly shifting threat landscape?

If you answered NO to any of these questions then Digital Shield is the right solution for you.


Digital Shield is designed to specifically address the growing number of cybersecurity breaches plaguing small to midsize businesses. This cloud-based solution is both affordable and delivers the same level of protection that large customers receive, making it perfect for managed security services for enterprise protection as well.

Digital Shield enables customers to deploy a sustainable, comprehensive security monitoring solution without the need to invest in expensive infrastructure, buy expensive hardware appliances and recruit expensive security analysts. By simply sending their event log data to the advanced Digital Shield cloud, customers will receive a portal view of their compliance reports and security posture, complete with step-by-step remediation workflows designed to help resolve security incidents and halt malicious activity.

Advanced architecture designed to cover complex regulatory compliance, business continuity and risk management needs

Real-time attack visualization identifies zero-day attacks based on rules-based, vulnerability, statistical, and historical correlations

Vulnerability correlation integrates data from detection systems, eliminating false positives and freeing up your team to focus on actual threats

Unparalleled visibility in distributed networks to correlate activity in individual customer environments, identifying hidden threats, suspicious trends and other potentially dangerous behavior

Sophisticated reporting tools for ISO, PCI, HIPAA, SOX and other compliance standards

Cybercriminals often attack small- and mid-sized businesses (SMBs) to launch attacks against other larger targets. In addition to their own data, most SMBs have access to partners’ computer systems and access to their valuable data and intellectual property. You might think of yourself as a small company, but there is big risk.

For businesses of up to 1,000 employees the risk of a data breach is 80.2%, which is 35% higher than the risk for large organisations.