EN / ES

Insights

Insights from the front line of cyber defence

Research, detection engineering notes, and incident response lessons learned.

Talk to our experts

6 May 2025

Stealth-State Actors: Silent Persistence, Slow Exfiltration, and Cloud-Based C2

In contrast to ransomware operators and high-noise cybercriminals, a growing class of state-aligned threat actors operate with quiet precision. These stealth-state actors, including groups such asSilent Ransom (Silk Typhoon),Gallium, andAPT27, specialise in long-term infiltration, passive surveillance, and the gradual exfiltration of valuable information. Their methods favour persistence over disruption and rely on low-volume, low-frequency exfiltration techniques coupled with legitimate cloud services as their command and control channels.

Read article

4 May 2025

Continuous Threat Exposure Management

Cyber threats today evolve at breakneck speed, outpacing traditional defences. In theUK, ransomware has become the most significant cyber threat to organisations and even a national security risk. The numbers paint a stark picture:over 550 UK organisations have fallen victim to ransomware attacksas tracked on ransomware leak sites. Worse, this count has doubled since 2022, indicating an aggressive upward trend. Attackers aren’t picky – businesses of all sizes and sectors are in their crosshairs. Traditional, reactive security measures (like occasional vulnerability scans or annual pen tests) can no longer cope with this “always-on” threat environment. This is where Continuous Threat Exposure Management (CTEM) steps in.

Read article

3 May 2025

Open-Source Tools for SOC Analysts

Security Operations Centre (SOC) analysts leverage various open-source tools to monitor threats, investigate incidents, and automate responses. Below is a structured list of commonly used open-source tools, categorised by their primary function. Each tool’s core capabilities, typical SOC use cases, notable strengths, and integration support are described in formal British English.

Read article

3 May 2025

PCI DSS 4.0: Significance for Retailers and the Value of SOC-as-a-Service

Every credit card swipe or tap is a moment of trust in today’s retail environment. Customers trust their payment data is safe, and businesses rely on standards to uphold that security. PCI-DSS – the Payment Card Industry Data Security Standard – is the cornerstone of protecting cardholder information. This industry standard, governed by the major card networks, defines how organisations must secure credit and debit card data. In March 2024,PCI-DSS version 4.0came into effect, marking the most significant PCI-DSS overhaul of these requirements in over a decade. For retailers, PCI DSS v4.0 is more than a compliance update; it represents a shift towards continuous, robust security practices in the face of evolving cyber threats. This article explains what PCI-DSS is, why version 4.0 introduces meaningful changes that merchants must address, and how a Security Operations Centre (SOC) as a Service, a crucial tool, can help retail businesses meet v4.0 compliance, improve security monitoring, and defend against emerging threats.

Read article

2 May 2025

DragonForce Threat Actor Profile

DragonForce is a cyber threat group that has rapidly evolved from hacktivist beginnings into a prolific ransomware operation. Active since mid-2023, it initially engaged in ideologically driven attacks but later shifted focus tofinancially motivated extortion. In recent months, DragonForce has made headlines by claiming responsibility for disruptive cyberattacks against major UK retailers including Marks & Spencer (M&S), the Co-op supermarket, and luxury storeHarrods. The gang employs amulti-extortionmodel: not only do they encrypt victims’ data, but they also steal sensitive information and threaten to leak it on their dark web site if ransoms are not paid. As of May 2025, DragonForce’s leak site listed over 150 victim organisations globally, marking it as one of the most active ransomware groups of the past year.

Read article

29 Apr 2025

SOC365: The Backbone of SOC as a Service

UK Cyber Defence’s SOC365 is a cutting-edgeSecurity Information and Event Management (SIEM)service platform that forms the backbone of the company’s SOC-as-a-service offering. Designed in formal collaboration withWazuh– a renowned open-source security platform – SOC365 combines open-source innovation with bespoke enhancements to deliver a comprehensive managed SOC solution. In essence, SOC365 leverages Wazuh as its foundation, augmenting it with Cyber Defence’s advanced components to provide round-the-clock threat monitoring, detection, and response. This article explores the evolution of SOC365 over the past year, from its open-source roots in Wazuh and other SIEM tools to the custom features UK Cyber Defence has developed, including an integrated EDR/XDR agent, a network detection appliance, and aninternal AIfor intelligent alert correlation. We also discuss key milestones in the platform’s development, such as dramatic reductions in incident response times and successful deployments across industries, and how SOC365 helps organisations meet strict security compliance standards like ISO 27001, NIST, DORA, and GDPR. We highlight why SOC365 has become an effective and user-friendly solution for IT leaders such as CISO’s, IT managers, and security engineers seeking top-tier cyber defence.

Read article

25 Apr 2025

What is SOC?

In today’s rapidly evolving cyber threat landscape, organisations in high-risk sectors – from financial services and banking to legal, logistics, and research – are increasingly asking: “What is SOC?”. A Security Operations Centre (SOC) is a dedicated hub of people, processes, and technology focused on 24/7 cybersecurity monitoring and incident response. In the UK, senior decision-makers such as CISOs, IT managers, Security Engineers, and CTOs recognise that having a robust SOC is essential for protecting sensitive data and maintaining trust. This article provides a detailed, educational overview of what a SOC is and how it operates, tailored for a professional audience. We will explore the SOC’s definition and purpose, its history and evolution, core components and functions, the key roles on a SOC team, and the technologies they use. We’ll also discuss the business benefits of having a SOC, compare building an in-house SOC versus using an outsourced SOC-as-a-Service, and examine how UK Cyber Defence’s “Detect, Defend, Disrupt” approach sets it apart from competitors like Quorum Cyber and Arctic Wolf. Finally, we’ll look at future trends in SOC development and cyber defence, and conclude with guidance on leveraging SOC-as-a-Service to enhance your organisation’s security posture.

Read article

21 Apr 2025

Role of Defense Security Services in Today’s World

As our world becomes increasingly complex, the need to protect people, assets, and information has surged to the forefront of public consciousness. These services are more than just a shield—they are vital partners in fostering peace of mind and ensuring safety in everyday life. Cyber Defence services, such as ourSOC365SOC as a Service, are indispensable in maintaining order and trust, from guarding critical infrastructure to safeguarding corporate interests. By leveraging advanced technologies such asartificial intelligence, and specialised training, they can identify vulnerabilities and address potential risks before they escalate. As we delve into the essential role of these services, we will uncover how they protect us and form the backbone of safe communities. Join us in exploring how defence security services are unlocking a safer future, resonating with the urgent needs of modern society.

Read article

18 Apr 2025

Unlocking Cybersecurity: The Ultimate Guide to SOC as a Service for Your Business

As organisations strive to safeguard their sensitive data, the concept of aSecurity Operations Centre (SOC) as a Serviceis emerging as a crucial solution. This comprehensive guide will unravel the intricacies of SOC as a Service, empowering you to transform your cybersecurity strategy. Whether you’re a small startup or a large corporation, understanding how outsourcing your security operations can bolster your defences is essential. Discover how SOC as a Service can protect your business from potential breaches and enhance your operational efficiency, allowing you to focus on what you do best—growing and thriving in your industry. Unlock the secrets to a robust cybersecurity framework and gain the confidence to navigate the evolving threat landscape.

Read article

13 Apr 2025

Ransomware Surge in the UK: Strengthening Our Collective Cyber Defence

The United Kingdom is currently witnessing a concerning escalation in ransomware attacks, as detailed in a recent article published byThe Register. According to the UK government’s latest Cyber Security Breaches Survey, ransomware incidents have doubled in frequency, impacting around 1% of all UK organisations—approximately 19,000 businesses. This dramatic increase highlights an urgent need for robust, proactive cyber defence measures.

Read article

9 Apr 2025

Mastering Threat Hunting: The Future of Threat Hunting

As we conclude our comprehensive series on a proactive cyber defence, it’s crucial to anticipate the future landscape ofthreat hunting. The rapidly evolving threat environment and advancements in technology demand a forward-thinking approach. Here, we examine emerging trends, innovative technologies, and proactive strategies organisations must adopt to stay ahead in cybersecurity with a robustdetectanddefendstrategy.

Read article

7 Apr 2025

8Base Ransomware Group – Threat Actor Profile

8Base is a rapidly emerging double extortion ransomware group that rose to prominence in mid-2023, following a dramatic surge in victim disclosures and leak site activity. The group has attracted attention for its visually distinctive leak site, aggressive extortion messaging, and strategic reuse of code and infrastructure from other ransomware families—most notably Phobos and RansomHouse.

Read article