Managed threat detection for SMEs
Continuous monitoring of your network and systems, with human review and plain-language alerts when something breaks.
What problem this solves
Most attacks don't announce themselves. An attacker who gains access on a Friday evening has the whole weekend before anyone in your business notices. By Monday, the damage — exfiltrated data, encrypted files, compromised credentials — is done.
SMEs face a specific version of this problem: you don't have a security operations team, and you can't justify enterprise monitoring tools. But you are still a target. Attackers know that SMEs are often the route into larger clients, supply chains, and regulated data.
NIS2 requires organisations to have the capability to detect incidents and report significant ones within 24 hours. Without monitoring, you are both exposed and non-compliant.
What you get
- Alert in your inbox within 15 minutes of a confirmed incident
- Monitoring of authentication activity, network connections, and file system changes across covered systems
- Human triage before every alert — we filter out noise so you don't receive false alarms
- Plain-language incident descriptions: what happened, what it means, what to do now
- Monthly summary report: threats observed, actions taken, coverage status
- Direct phone escalation for serious incidents, any hour
What changes after this
- You will know about an active attack within minutes, not days
- NIS2's 24-hour incident notification requirement becomes achievable
- Your answer to "do you have security monitoring?" becomes "yes, here's the documentation"
- The weekend attack window closes
What it costs
Monthly subscription priced per protected system. No setup fee on annual contracts. No hidden costs.
[TBD by user — insert pricing per system per month]
We do not lock you into multi-year contracts. Standard notice period applies.
How managed threat detection works
Setup
We deploy lightweight logging on your covered systems and configure network visibility. Half a day per site. No disruption.
Baseline
We spend the first two weeks learning your normal traffic patterns. This reduces false positives and sharpens detection accuracy.
Monitor
Continuous coverage from that point forward. Alerts when something breaks. Monthly reports for your compliance file.
Frequently asked questions
We monitor authentication activity (logins, failed attempts, privilege changes), outbound network connections, and file system changes on covered systems. We look for the patterns that precede and indicate actual attacks — not just alerts that sound scary.
For confirmed incidents, you get an email alert within 15 minutes. We triage before alerting — we do not contact you for a failed login from a known scanning bot.
We contact your nominated person via email and phone. We give you a plain-language description of what was found, what it means, and the immediate steps to take. We stay available through containment.
We need a lightweight logging component on covered systems and network visibility at your perimeter. Setup takes half a day per site. We use components you can audit and remove.
Monitoring runs continuously. Our alerting does not respect office hours. For confirmed incidents, we escalate immediately regardless of time.
For most NIS2-scoped organisations, yes. NIS2 requires incident detection capability and defined response procedures. Our service provides both, with documented evidence for your compliance file.
See what we're currently watching — and what we're not
A 30-minute call is enough to understand your current exposure and what coverage would look like for your organisation.
Discuss managed threat detection →