Meet 'as a service'

Once novel, now ubiquitous, the as a service evolution has dramatically changed the way in which modern businesses operate and succeed. The movement has enabled businesses to focus on their core strategy, cut costs, improve security and more.

In a few years, the as a service movement is set to gather further momentum and is likely to become the predominant way in which businesses acquire… well, everything! Which could be a very good thing for businesses seeking to improve security, sustainability, and innovation.

The genesis of the movement dates back to the late 1990s, when businesses of all sizes were experiencing the nascent stages of the digital age as well as growing pains from the expanding technological functionality afforded by the Internet. As new technology, tools and platforms rapidly infiltrated offices around the globe, business leaders struggled to manage these innovations.

They began to selectively outsource core IT functions to free up internal resources, offloading tasks to experts who could do them more efficiently. The technology service model was born.

Today, we know these service-based innovations by the names of Software as a Service, Platform as a Service, Infrastructure as a Service, and so on.

In the on-demand economy, IT teams no longer want to buy a widget, they want to buy a service – for just about everything.

What is Cyber Security as a Service?

Cyber Security as a Service is the next evolution of the 'as a service' movement, and put simply is an outsourced model for cyber security management.

Rather than managing an in-house cyber security function, where resources are limited and expertise cab be hard to find and retain, an increasing number of companies are now choosing to outsource it to a trusted partner, typically on a pay-as-you-go basis.

The threat posed by cybercrime has become an everyday issue for most organisations; not only have attacks become far more sophisticated. It has become apparent that most businesses simply do not have the knowledge, capabilities or resources to battle cybercrime on their own.

Adding fuel to the fire is the ever-growing attack surface that's stemming from an increasing number of connected devices, cloud integration and remote working.

Combine this with the fact that many expert cyber criminals are now selling cybercrime-as-a-service tools to low level hackers for monetary gain, and the end result is a very real threat that will only grow in prevalence.

There are many reasons why the Cyber Security as a Service model is so appealing to modern businesses. There are also several factors that organisations need to take into account when choosing which managed cyber security is right for them. Here we discuss the main points to consider. 

Benefits of Cyber Security as a Service

*Lower costs and stay ahead of the latest threats

One of the biggest advantages of the managed cyber security model is the opportunity to save costs - both immediately and in the long-term. An outsourced cyber security service completely negates the need to assemble an in-house team and acquire hardware and software. 

It's also important to point out that investing in in-house cyber security is by no means a one-off deal. Organisations inevitably need to continually train team members, make new hires, buy new hardware and software, update it, and so on. This can quickly take a financial toll. CSaaS is an effective alternative because it allows businesses and other organisations to bypass these costs, awhile still giving them access to the latest technology and fully trained cyber experts. 

As an indication of the cost savings you should expect to achieve, the most advanced CSaaS offerings should allow subscribers to save between 60% and 70% of the cost of procuring and managing the cyber security solutions in-house.


*Access to cyber security experts

Let’s face it, not every company has a dedicated team of cyber security experts capable of thwarting advanced attacks. And neither would they want to. Another advantage of adopting an outsourced cyber security model is that it gives businesses direct access to experts whose sole focus is on cyber security, with a view to helping customers avoid business interruption and costly security breaches.

These experts should be accustomed to working with a variety of infrastructures, for companies of different sizes and within multiple industries. Moreover, the best cyber security experts want to work for a business that can challenge them and provide variety to their work.

They want to stay ahead of the bad guys and the quickest way for them to get an advantage is to work on different threats targeting many different customers. An in-house expert working for a single business will not be exposed to the variety of threats that they would face working for a managed service provider.

The scarcity of cyber security experts means that top talent seeks out those companies that can offer exposure to a variety of threats, a diverse experience and an opportunity to develop so that they can stay ahead and evolve.


*Ease the burden (and stress) on HR

It is widely reported that demand for cyber security professionals has skyrocketed in recent years, and that there is a significant cyber security skills gap – meaning that individuals working in or applying for cyber roles often lack the particular skills needed to perform those roles.

According to recent research into the UK cyber security labour market carried out on behalf of the Department for Digital, Culture, Media & Sport (DCMS), just less than half (48%) of all businesses have a basic technical cyber security skills gap. This is similar for charities (50%) and lower
for public sector organisations (27%). A total of 3 in 10 businesses (30%) have an advanced technical skills gap, equating to approximately 408,000 UK businesses. This is similar to charities (25%) and public sector organisations (27%).

Assembling a team of cyber security experts in-house can be a tall order even if an organisation does have the resources. But when money is already tight, it can be next to impossible. This creates some real challenges in terms of staffing and puts HR in a tricky predicament. There simply may not be enough manpower to acquire and manage cyber security talent.

A managed cyber security provider should be able to provide support from certified experts on a 24/7 basis. The vendor should be able to guarantee they will have the necessary personnel to cover the workload at all times – ideally via a 24/7 UK-based Security Operations Centre (SOC).


*Scaling to new heights

Today’s businesses operate in a dynamic, fast-paced global economy that is constantly in fl ux. This has never been more true than right now – a global pandemic, lockdowns and the effective closure of many industries has hit organisations hard and forced them to adapt, or die. As with many economic and political developments, while some industries struggle, others will flourish, and after every economic downturn an upturn inevitably follows.

New businesses spring up, established companies turn their hand to new offerings and the next generation of entrepreneurs
finds its niche. All of which mean that an organisation’s cyber security needs fluctuate over time. For instance, a brand-new start-up with only a handful of employees and a small infrastructure will probably have a minimal attack surface. In this case, a small-scale security package should suffice.

But as it grows over time, hires more employees and builds up its infrastructure, the attack surface would inevitably grow. As a result, it would need to increase its coverage and purchase a more robust plan. When deciding which managed security service partner to choose, organisations must make sure that they have the flexibility to scale up – and potentially down – as the business demands. Investigate the packages they offer and their suitability for where the business is now, and where it wants to be in 2 - 5 years’ time, and ensure that they aren’t including superfluous features that simply aren’t needed.


*Time well spent - focusing on core operations

One of the principal objectives of any managed service is the fact that it frees up time which can be spent on other things – like core product and service offerings. With cyber security incidents becoming more pervasive, it can require a substantial amount of effort to keep up with them.

Whether it’s analysing network traffic, log management or performing system updates, the whole process can be very resource intensive. When done in-house, this can eat away at the time that organisations would normally devote to core operations. This can lead to decreased productivity and a diminished customer experience – neither of which is good.

The beautiful thing about a managed service is that providers should take care of nearly all aspects of cyber security on behalf of an organisation – and they must be able to demonstrate how they are doing this and the value they are delivering via straightforward, jargon-free reporting for both business and technical stakeholders. It should be very hands off. In turn, this allows companies to focus on what’s really important – growing the business and improving the bottom line.


*Complete visibility and transparency

Far from a dark art, measuring the efficacy and value of an organisation’s investment should be integral to any managed cyber security service. From the Board level to the technology team, all stakeholders should have access to reporting that very clearly shows how all elements of the service are performing and their impact on the overall cyber risk position of the organisation. It should also include a summary of each pillar of a cyber security defence – process, people and technology – and give recommended actions for improvement.

Subscribers to CSaaS from norm. receive a monthly stress score, which gives a snapshot of their cyber risk profile on a scale of 0 – 100, alongside an analysis of how that score was reached and recommendations to improve it.

The power of 3

The three pillars of an effective, successful cyber security defence.

norm. is an award-winning cyber security and data protection provider with unrivalled capabilities in delivering managed security services to its customers. We do this by thinking differently to other cyber security companies. We understand that cyber security is not solely a technological problem, nor is it an issue for the already overburdened IT team. There is no technical silver bullet out there.

A successful cyber security approach must be holistic and address three key areas:

  • Process
  • People
  • Technology

Most importantly, the cyber security strategy and capabilities must be focused around an individual organisation’s business model and goals.


Processes are fundamental for the implementation of an effective and sustainable cyber security strategy. They are crucial in defining how an organisation’s employees, activities and documentation are used to mitigate the risks to its digital assets. Processes require constant reviewing; as the business develops and changes and cyber threats evolve, the underpinning processes need to adapt with them.

Any company considering adopting an as-a-Service approach to managing its cyber security should make sure that its offering is directly aligned to the National Cyber Security Centre’s (NCSC) cyber security standard and builds upon the existing industry recognised Cyber Essentials (CE) and Cyber Essentials+ (CE+) certification processes. 

The Cyber Essentials scheme has been developed to show organisations how to protect themselves against low-level “commodity threats”. It lists five technical controls (access control; boundary firewalls and Internet gateways; malware protection; patch management and secure configuration) that organisations should have in place.

The vast majority of cyber attacks use relatively simple methods which exploit basic vulnerabilities in software and computer systems. There are tools and techniques openly available on the Internet which enable even low-skill actors to exploit these vulnerabilities. Properly implementing the Cyber Essentials scheme will protect against the vast majority of common internet threats and should be included as part of any Cyber Security as a Service offering.

For those organisations that wish to develop their processes further there are two logical next steps:

Some managed cyber security providers, including norm., are able to provide certification against the IASME Governance standard (IASME Gold). The IASME Governance standard has been developed over a number of years in the UK specifically for mid-sized organisations as an affordable and achievable alternative to the international standard, ISO 27001.

ISO 27001 is the international standard for developing, maintaining and operating an effective Information Security Management System (ISMS). ISO 27001 is rapidly gaining momentum as the world’s leading cyber security standard, offering robust defences to those who implement it, as well as helping them to win new business through their commitment to security.

A managed cyber security provider should therefore be able to offer a complete readiness programme for ISO 27001, whereby a thorough gap analysis will be performed against a company’s existing information security arrangements and the standard’s requirements. However, a business can have the best cyber security processes in the world, but these are worthless if people don’t follow them.


Each year, cyber criminals continue to refine their use of social engineering, relying on human interaction rather than automated exploits to install malware, initiate fraudulent transactions, steal data and engage in other malicious activities. In fact, over the past 12 months less than 10% of the attacks observed globally made use of system vulnerabilities. The rest exploited “the human factor”: the instincts of curiosity and trust that lead well-intentioned people to click, download, install, open and send money or data. Instead of attacking computer systems and infrastructure, threat actors focused on people, their roles within an organisation, the data to which they had access, and their likelihood to “click here.”

Whether attacking at a massive scale in large indiscriminate campaigns, going after specific industries or geographies with more targeted activities, or seeking out a single person within an organisation, attackers and their sponsors consistently found human beings to be the most effective starting point to infiltrate organisations and facilitate fraud and theft.

Unsurprisingly, email remains the top attack vector. Threats range from malicious spam that clogs inboxes and wastes resources, to impostor attacks that can cost organisations and people millions of pounds. However, over 99% of emails distributing malware required some degree of human intervention – following links, opening documents, accepting security warnings and other behaviours – for them to be effective. There is an effective and proven methodology to systematically address this risk – ongoing cyber awareness and phishing training.

The widespread misconception that cyber security is a technology problem and not a business one is the greatest challenge facing organisations across all industries. What businesses really need to understand is how to create an effective cyber security culture throughout the organisation. This culture should focus on the employee, because general human understanding of cyber security is lacking. This lack of understanding is by far the biggest contributor to data breaches. Any managed cyber security provider worth its salt should offer training as part of the package.

At norm. we believe that everyone in an organisation who is connected to the Internet should be given general cyber security training. This training should be regularly reinforced and tested with simulated phishing campaigns and ongoing behavioural assessments.

By analysing and evaluating this data, companies are able to understand not only whether the training has been understood, but also identify how staff think and feel about cyber security in general, and how the controls employed by the business actually assist or impact their day-to-day work.
This process is cyclic and allows businesses to hone the training to the needs of its employees, based upon the outputs and data analysis of an effective People programme.

The reality is, if information security measures are too restrictive and prevent an individual from efficiently performing their role, the likelihood is that they will find ways to bypass the controls, creating a much greater and invisible risk to the business.


Whilst accepting that technology alone is not the answer to the cyber security conundrum it would be remiss of any organisation not to employ appropriate technical controls across its infrastructure, indeed Article 32 of UK GDPR mandates this requirement. Basic cyber security hygiene factors, such as the implementation of a modern firewall on the network perimeter and the deployment of an anti-virus solution across all devices, serve as the building blocks for developing a robust cyber security framework. Every organisation will be at a different phase of its cyber security maturity, with almost all organisations having made an investment in existing security technology and products.

Traditionally these products are deployed as individual point solutions and while they perform perfectly well in their specific function, the reporting and data produced by these products is more often than not siloed and difficult, if not nearly impossible, to correlate. This means that a managed cybersecurity offering should allow any company to augment its existing investments in technology and provide a 360o view of its digital estate.

CSaaS propositions should be based on best of breed technology that gives customers access to unrivalled levels of threat intelligence and industry expertise. In the world of cyber security, actionable, accurate and available threat intelligence is imperative.


*Vulnerability Management

Our Vulnerability Management solution leverages the power of Qualys’s Cloud Platform, providing customers with a continuous, always-on assessment of their security and compliance posture across all IT assets, wherever they reside. The Qualys Cloud platform identifies over one trillion security events across three billion+ scans per annum with a 99.99966% six sigma accuracy (the industry standard for high quality), and in the world of security and vulnerability management accuracy is imperative.

Vulnerability and configuration scanning help organisations to discover hidden systems and identify vulnerabilities before attackers do. The accuracy of these scans determines how well the results can be used by IT teams to find and fix the highest priority security and compliance issues.

Cloud Agents are used when it’s not possible or practical to perform network scanning. They’re our preferred method for assets such as dynamic IP client machines, remote/roaming users, static and ephemeral cloud instances, and systems sensitive to external scanning. Cloud Agents collect data from across an entire infrastructure and consolidate it in the norm. Visualiser – a customer portal that gives organisations a comprehensive snapshot of how the service is performing, the threats it is facing and the attacks that have been prevented.

The Cloud Agent can be installed on any host, such as a laptop, desktop, server, or virtual machine – on premise, mobile, or in the cloud. It is easily deployed via a compact, silent, lightweight installer. Complementing the Cloud Agents we deploy an onsite network based vulnerability scanner, applying a security in depth approach by ensuring our customers have a detailed and comprehensive view and inventory of the ‘known’ assets as well as being able to identify all connected devices across their digital footprint.


*Patch Management

Our Patch Management service builds upon the base Vulnerability Management service and is able to correlate identified vulnerabilities and remotely deploy the remediating patch to endpoints. Once a vulnerability has been detected it is evaluated, prioritised and correlated to the corresponding OS or 3rd party patch, ready for remote deployment. The patching deployment can then be managed and scheduled for automated deployment, in line with the business’s defined patching schedule, to endpoints regardless of where they are or how they are connected.

Patch Management from norm. addresses the single largest security challenge for IT teams today and derives greater value from the underpinning Vulnerability Management Service. The two combined allow our customers to better deploy their internal IT resources safe in the knowledge that the problem is being constantly addressed and monitored. An effective patch management service can deliver numerous benefits such as:

  • Improved protection against common vulnerabilities and the attacks that exploit them
  • Enhanced company and IT department productivity
  • Greater adherence to compliance standards
  • Benefitting from new technology features upon release


*Threat Detection and Response

Just as cyber security encompasses people, process, and technology, a robust managed threat detection and response solution must also address each of these points. The concept of purchasing technology without having a plan to manage the activation of the alerts or alarms will result in a near valueless solution. One of the primary focuses of the norm. Security Operations Centre (SOC) is to operationalise and continually enhance the ongoing interaction between technology platforms.

Our SOC constitutes a comprehensive monitoring service for customers by combining reactive, proactive and predictive capabilities. By using both reactive and proactive intelligence we are able to extrapolate from a series of data points and predict which tactics, techniques and events will be prevalent in the future, placing less reliance on Indicators of Compromise (i.e., a shift from signature-based detection to behavioural).

We also understand that many companies will already have some cyber security tools and technologies in place. Each of which will have its own output in terms of alerts, alarms and security event notifications which need to be monitored and acted upon. One of the benefits of the norm. Threat Detection and Response service is that it includes advanced security orchestration, automation and response capabilities. It can therefore be used to manage existing cyber security tools as well as those delivered by the service itself. For our customers, this further reduces the in-house management burden, and gives our SOC analysts complete visibility of the attack surface – allowing potential threats to be identified and resolved quickly and efficiently.


*Network Intrusion Detection

norm. partners with Fortinet to provide its Network Intrusion Detection capabilities. Key features and benefits of FortiGate Network Intrusion Detection:

  • Deep inspection of advanced threats, botnets, zero day attacks, and attacks on the network
  • Independent third-party validation demonstrates superior detection
  • Seamless integration with world-class sandboxing for advanced threats
  • Security controls for web servers and applications (cross-site scripting and SQL injection)

Zero day, advanced targeted attacks, ransomware, polymorphic malware and distributed denial-of-service (DDoS) attacks all require sophisticated detection engines not available in traditional standalone solutions or in most firewalls. Our Network Intrusion Detection platform includes multiple inspection engines, threat intelligence feeds and advanced threat protection to defend against unknown threats.

These devices (physical or virtual) are deployed at strategic vantage points within a network to ensure optimal visibility across the environment.
Complementing the Network Intrusion Detection platform is a cloud-based sandbox environment where suspicious files are sent for detonation and in-depth analysis.


*Endpoint Detection and Response

Traditional endpoint security – such as anti-virus software - is not effective against modern cyber threats; it was never designed to deal with sophisticated or advanced persistent threat attacks. To keep endpoints safe, a solution must quickly analyse, recognise and respond to such threats.

norm. utilises FireEye’s Endpoint Detection & Response (EDR) solution which combines the best of legacy security products, enhanced by FireEye technology, expertise and intelligence to defend against known and unknown cyber attacks. FireEye uses four endpoint security engines to prevent, detect and respond to threats.

To prevent common malware breaches, EDR uses a signature-based endpoint protection platform engine. To find threats for which a signature does not yet exist, MalwareGuard uses machine learning seeded with knowledge from the frontlines of cyber defence. To deal with advanced threats, EDR is enabled by a behaviour-based analytics engine. Finally, a real-time indicator of compromise engine that relies on current, frontline intelligence helps find hidden threats.

This defence in depth strategy helps protect vital information stored on customer endpoints. Even with the best protection, breaches are inevitable. To ensure a substantive response that minimises business disruption, EDR provides tools to:

  • Search for and investigate known and unknown threats on tens of thousands of endpoints in minutes
  • Identify and detail the vectors an attack used to infiltrate an endpoint
  • Determine whether an attack occurred (and persists) on a specific endpoint and whether it has spread
  • Establish the timeline and duration of endpoint compromises
  • Clearly identify which endpoints and systems need containment to prevent further compromise
  • The capability to immediately and automatically isolate the device according to a pre-defined ruleset or playbook.

*Email Threat Protection

Business email compromise, impersonation, phishing, spear-phishing and whaling all have one thing in common: exploitation of the most used, and usually the most unprotected, communication medium in today’s business world – email. Email is still the primary method used to initiate a cyber attack, with over 90% of all attacks originating from this vector.

Email Threat Protection (ETP) from norm., powered by FireEye, can detect threats other solutions miss, because the detection engines inspect suspicious email traffic to identify attacks that evade traditional signature-and policy-based defences.

The norm. ETP service adapts rapidly to the ever-changing email threat landscape and is the first secure email gateway service to observe and block new tactics identified from frontline investigations and observations of adversaries. It continually adapts defences using deep adversarial, machine and victim intelligence to quickly identify risks, minimise false positives, track attack activity and block phishing attempts.


*Service Monitoring

Adaptability and flexibility are key to an effective cyber security monitoring service; after all no two businesses are alike from a technology stack or operational process perspective. Threat Detection and Response from norm. ingests any third-party service element, from the more traditional on-premise services such as DHCP, DNS and Active Directory, to modern day cloud-based services such as Azure, Amazon Web Services (AWS), Google Cloud Platform, etc., and SaaS solutions including, amongst others, Office365, Salesforce and Google Duo.

The service is modular by design and allows customers to choose the appropriate level of monitoring in line with their business objectives and risk profile.


*Threat Intelligence

In the world of Security Operations, technology alone is useless without actionable, accurate threat intelligence. Through our relationships with our three technology partners (Qualys, Fortinet and FireEye), norm. has unparalleled access to the global threat intelligence market.

Having the ability to cross-reference individual events across multiple threat intelligence sources allows our Security Operations Centre (SOC) to operate with maximum efficiency and accuracy, ensuring false-positives become a thing of the past and emerging threats are quickly identified and contained before they become a problem for customers.

The rationale for selecting a multi-vendor strategy is simple; to ensure that we filter out the noise and we only contact you when we believe that there is a real incident that warrants your attention.

Many of the data points used by our SOC are based upon responsive data sets. Log data captured by Security Incident & Event Management (SIEM) technology and network captures obtained from traffic analysis is escalated to our security analysts who can decide very quickly whether to investigate further.


*Proactive Activity (Threat Hunting)

Threat hunting relates to targeted, proactive analysis of systems, processes, and traffic flow to determine whether or not they contain any form of malicious activity. Threat hunters leverage the attack trees and probabilistic attack paths identified in the threat modelling phase, to go out and hunt for malicious processes and operations. Threat hunting is accomplished by first understanding how the most likely people, processes and assets within your environment (identified from the threat modelling phase) will be targeted. Next, we combine this information with first-hand research conducted by our analysts from unfolding events. Finally, we identify existing malicious activity within your environment via a thorough, targeted analysis.


*Predictive Analysis

By combining intelligence gathered through reactive assessment and proactive threat hunting, the norm. security analysts can predict a likely attack path and disrupt attackers from reaching their goal. When reactive and proactive data is shared across our multi-tenanted environment, every client benefits from increased intelligence. Instead of simply relying on events that are relevant to your environment and your assets, our SOC team can share intelligence across all clients; allowing for stronger defences in advance of an anticipated attack. A model of this kind can only be delivered through a managed security service provider such as norm.

norm. strongly believes that for a customer to build an effective detection and response strategy it must gather logs and network traffic from as many parts of the kill chain as possible. The earlier the detection point in the chain, the greater the chance that the SOC will be able to identify malicious activity, contain it and prevent it from navigating to the next point on the attack chain.

Pulling it all together...

To assure the effectiveness of an organisation’s cyber security strategy norm. performs regular stress tests of the entire system – including the people, process and technology pillars. These Red Team Testing Services deliver intelligence-led penetration testing specific to an organisation’s environment and business. In addition to increased assurance around cyber security and defence capabilities, the testing phase enables our clients to have confidence in their ability to respond to the ever evolving cyber threat landscape.

The Red Team actively attempts to ‘exploit’ vulnerabilities and exposures in a company’s infrastructure, applications, people, and processes. Through exploitation, norm. can provide context around the vulnerability, impact, threat, and the likelihood of a breach of an information asset.

Utilising thousands of hours of previous ethical hacking experience, it is frequently possible for our CREST accredited team of experts to gain access to operating systems, application logic and database records. Through active exploitation of direct and interconnected systems, we can provide strategic guidance on risk and tailored advice on countermeasures; increasing and developing an organisation’s cyber security maturity.

The Red Team Testing program consists of three discrete elements:

  • Internal testing - Internal tests provide a review of cyber security conducted through the eyes of an experienced ethical hacker. Internal testing is designed to highlight risks faced from rogue employees, malware/worms/trojans, and any other third party that has access to the organisation’s infrastructure.
  • External testing - External tests provide a review of the IT infrastructure, conducted through the eyes of a professional ethical hacker. The external tester will analyse internet accessible infrastructure and will attempt to identify and exploit weaknesses with the aim of gaining access to sensitive data.
  • Web application testing - The number of businesses transacting online is at an all-time high, with no sign of slowing down. Business websites have changed from simple telephone directories, to fully fl edged data-driven web applications. With data protection fines also at an all-time high, it is now imperative to ensure that websites, and the data that they hold, are secure. Our team of experienced web application testers can accurately test all manner of web applications, from feature rich dynamic applications, to slimline API calls.


*Social Engineering

As an integral component to the Red Team Testing program norm. delivers highly tailored social engineering engagements, designed to illustrate the impact of social engineering attacks and further increase staff awareness.

We firmly believe that an element of social engineering should be conducted as part of all penetration testing. Whilst a myriad of tools and services exist to protect the technical elements of a business, fewer controls focus on the human element, which tends to be more prone to making mistakes.
Outside of continuous general awareness training, by conducting targeted phishing attacks and other social engineering tests, specifically relating to the business or individual, organisations are able to get a feel for how susceptible its employees are to compromise. In almost all instances, employees will represent the weakest link in an organisation’s security arsenal.

No organisation remains static - changes are constantly being made throughout the business such as the introduction of new applications, software patches, new hires (and leavers). It is therefore critical for cyber security strategies to be reviewed, evaluated and tested. By partnering with norm. and subscribing to our CSaaS proposition, organisations are uniquely positioned to ensure that they proactively identify and address the cyber risk as it, and the business, evolves.

Our Plan, Protect and Test cycle informs the foundation of CSaaS at every stage, providing a flexible, adaptable service that is tailored to meet the specific requirements of customers.  Adopting this approach ensures that processes are relevant to and reflective of every level of maturity; that staff are constantly educated on the evolving cyber security threat, and that all clients benefit from existing and new technology investments and intelligence.

Our 24x7 SOC provides both monitoring and proactive response capabilities which mean that in the event of an incident norm. will already be in the process of resolving the issue before the client knows about it. And by regularly testing the environment as a whole our customers gain an additional level of confidence that all three pillars of the system - Process, People and Technology - are robust and effective.

In addition, for those customers who invest in the full suite of measures that we recommend, we can’t guarantee that your business won’t suffer an attack – no one can! But if it happens, unlike other managed cyber security service providers, norm. will manage the forensic analysis and incident response process required to remediate and recover from an attack. This includes any applicable notification process and liaison with the relevant data protection authorities ,such as the ICO – all as part of the service.

If you’ve made a commitment to putting adequate cyber security measures and controls in place the last thing you need is a large, unexpected professional services invoice, if you do become the victim of an attack.


Managed cyber security services are gaining traction as an affordable and scalable alternative to the traditional in-house procurement, deployment and management model. 

There are many benefits to choosing this approach, but deciding which managed security service to choose requires careful consideration of which service aligns most closely to the needs of a business, now and in the future.

As a quick checklist, organisations should make sure that the service they select offers the below as a minimum:

  • Addresses the three fundamental pillars of an effective cyber security defence – process, people and technology
  • Access to cyber security technology that is independently recognised as being at the forefront of its field
  • Complete transparency and visibility into how the service is performing and reporting that delivers the exact level of detail required at the Board, management and technical level
  • Proven to deliver a significant cost saving when compared to the procurement and management of an in-house solution
  • Scalability to grow with and meet the potential future needs of the business
  • Provides tangible actionable insights, and protective measures to improve your cyber security posture, beyond a simple “best practice strategy”

It should go without saying, but organisations would also be well-advised to choose a managed security service partner that is endorsed by the NCSC, and that adheres to the highest standards of information security and quality – such as ISO 27001, ISO 9001 and CREST certification.

With the as-a-Service revolution well and truly underway, adoption of CSaaS-type services is only set to increase. By doing their research upfront, and seeking to work with only the most progressive and transparent of partners, organisations have an opportunity to support the growth, resiliency and reputation of their business now, and for many years to come.

If you're going to have an effective cyber defence for a business you have to address the three key risk areas of people, process and technology. We've worked really hard over the last few years to bring together industry leading products and services into one solution to address those three areas, whilst making it affordable and easy to consume.

Peter Bowers NormCyber Ltd.

Download the PDF

All of the above information and more is available in our downloadable eBook. Fill the the form to receive your copy to peruse at your own convenience.

buyers guide