Insights & Blog

Insights 17 February 2026

What Should a Board Expect from a Modern SOC Provider?

Cyber security has moved from the server room to the boardroom. Regulators, insurers, and shareholders now expect boards to demonstrate active oversight of cyber risk — and for most organisations, that means understanding what their Security Operations Centre provider is actually delivering. This article sets out the ten areas every board should scrutinise when evaluating a modern SOC provider, from detection engineering and threat intelligence to transparent reporting, compliance alignment, and measurable outcomes.

SOC Board Governance Managed Security

Peter Bassill

Insights 16 February 2026

LockBit 5.0: New Version Targets Windows, Linux, and ESXi Systems

LockBit has returned with its most ambitious release yet. Version 5.0 introduces purpose-built payloads for Windows, Linux, and VMware ESXi hypervisors, a rewritten codebase with advanced anti-analysis capabilities, and an expanded affiliate programme. This article provides a comprehensive threat intelligence assessment of LockBit 5.0, its technical capabilities, attack chains, and the defensive measures organisations must adopt to protect themselves.

ransomware lockbit threat intelligence

Peter Bassill

Insights 12 February 2026

How SOC as a Service Supports FCA, DORA and NIS2 Compliance

The regulatory environment for cyber security has undergone a fundamental shift. The FCA's PS21/3 operational resilience framework is now fully enforceable, DORA has been in effect since January 2025, and NIS2 transposition is reshaping obligations across the EU — with the UK's own Cyber Security and Resilience Bill following close behind. For organisations navigating these overlapping requirements, a well-structured SOC as a Service engagement is no longer a convenience. It is a compliance enabler. This article maps the specific requirements of each framework to the capabilities a modern managed SOC should deliver.

SOC FCA DORA

Peter Bassill

Insights 10 February 2026

Integrating EDR, XDR and SIEM Within a Managed SOC

The modern security operations landscape is drowning in acronyms — EDR, XDR, SIEM, SOAR, NDR, MDR — each promising to solve the detection and response problem. For organisations working with a managed SOC provider, the question is not which technology to choose, but how these technologies should work together to deliver unified visibility, high-fidelity detection, and rapid response across the entire attack surface. This article cuts through the marketing noise and examines the practical architecture of how EDR, XDR and SIEM integrate within a well-engineered managed SOC, where each technology adds value, where the overlaps create either strength or waste, and what the board and security leadership should understand about the stack beneath their SOC service.

SOC EDR XDR

Peter Bassill

Insights 5 February 2026

How Alert Fatigue Destroys Security Teams — and How Managed SOC Solves It

The modern SOC is drowning. Industry research consistently reports that organisations receive thousands of security alerts per day, that the majority are false positives, and that analysts are leaving the profession faster than the industry can replace them. Alert fatigue is not a minor inconvenience — it is a structural vulnerability that attackers actively exploit. When every alert looks the same, none of them look important. This article examines the mechanics of alert fatigue, its quantifiable cost to organisations, and the specific practices a well-engineered managed SOC deploys to break the cycle — because the solution is not working harder, but building a fundamentally different operational model.

SOC Alert Fatigue Analyst Burnout

Peter Bassill

Insights 2 December 2025

Hidden Google Play Adware Drains Devices and Disrupts Millions of Users

A major Android adware operation, now known asGhostAd, has been uncovered after spreading quietly through Google Play and affecting millions of users across East and Southeast Asia. Although the apps involved appeared benign at first glance, they concealed aggressive advertising engines that ran continuously in the background, degrading device performance, draining batteries, and causing widespread frustration for victims. The scale of this campaign, combined with the sophistication of its persistence mechanisms, marks it as one of the more impactful adware incidents seen on the platform in recent years.

Peter Bassill

Insights 2 December 2025

Over 2,000 Holiday-Themed Fake Stores Target Shoppers During Black Friday and Festive Sales

The holiday shopping season has become one of the most lucrative periods of the year for cybercriminals. Alongside legitimate Black Friday and Christmas offers, threat actors are now operating large, co-ordinated networks of fake online stores designed to steal payment card details and personal information at scale.

Peter Bassill

Insights 13 October 2025

Why OWASP Matters: The Cornerstone of Modern Web Application Security

In today’s digital landscape, web applications are the backbone of business operations, customer engagement, and data exchange. However, with this reliance comes increased risk. Cyber threats targeting web applications are more sophisticated and frequent than ever. From data breaches to ransomware attacks, organizations face mounting pressure to secure their digital assets.

Moises Salas Lopez

Insights 3 October 2025

What is a VPN? A Beginner’s Guide to Online Privacy

In today’s digital world, online privacy and security have never been more important. Whether you’re browsing at home, working remotely, or connecting to free Wi-Fi at a café, your data can be exposed to hackers, advertisers, and even your internet service provider (ISP). This is where aVPN (Virtual Private Network)comes in.

Moises Salas Lopez

Insights 24 September 2025

IRPs in Action: How Tabletop Exercises Prepare Your Team for Real Threats

AnIncident Response (IR) tabletop exerciseis a discussion-based simulation where team members walk through a hypothetical cybersecurity incident. Unlike full-scale drills, tabletop exercises do not require actual system disruption. Instead, they focus on evaluating how your team responds to scenarios such as data breaches, ransomware attacks, or insider threats.

Moises Salas Lopez

Insights 21 September 2025

What Collins Aerospace should have had in place

When common‑use becomes common risk: what Collins Aerospace should have had in place before Europe’s airports went dark

Peter Bassill

Insights 15 September 2025

Securing the Hybrid Workforce: Challenges, Compliance, and Best Practices

A hybrid workforce is a workplace model where employees divide their time between remote work and on-site work. This flexible setup has become a standard for many organizations, delivering benefits such as greater productivity, lower costs, and improved employee satisfaction.

Moises Salas Lopez