Talion is a finalist for Best SIEM Solution for the 4th year in a row

Talion is a finalist for Best SIEM Solution for the 4th year in a row

What We Do

Managed Detection & Response (MDR)

Managed Detection and Response enhances your ability to detect and respond to cyber threats faster and more accurately, thus reducing risk to your business and improving your security posture.

Managed Detection and Response

Managed Security.

Protecting Your Business.
On Your Terms.

We’ve heard it a million times, the threat landscape is ever-evolving. It’s increasingly difficult to protect your organisation, especially with the changes to working habits the pandemic forced upon us. And, cyber criminals have more avenues for attack than ever before.

What you need is a security partner. Someone that takes time to understand your business and strategic priorities. Partnering with our customers is so much more than monthly service reviews to show performance against SLA’s, it is recognition of changing business requirements and adapting to those needs to help the customer navigate the competitive landscape they operate in.

Read More

We also understand that you have already made investments in security solutions that you need to leverage and see value from. You need an always-on service, that detects threats, significantly reduces false positives, quickly, and where possible, automatically responds to attacks and provides human expertise through one-to-one collaboration to give context and guidance on how best to respond to threats.

Talion’s Managed Detection and Response service delivers all this and more. Our business started when the UK Government requested we protect a major global sporting event in 2012 – back then we were part of BAE Systems, the UK’s largest defence contractor. Today, we have the same defence grade platform, engineered to exacting standards, but we’re smaller, more innovative and agile, and easier to do business with.

Read Less

What makes our
MDR service unique?

At the heart of our MDR service is our threat-led process that focuses on understanding the customer’s business, what’s important to them and the threats they face. We create, hone and maintain threat use cases to ensure we defend against what matters to our customers. This methodology is equally applied to cloud, hybrid and on-premise networks and the threats they face. We build rule and playbook content to detect these threat use cases, and in the case of playbooks, enrich and orchestrate a response, whether that be actionable recommendations, manual actions or automated remediations.

Read More

Our process of improving detection and reponse is iterative, ongoing and threat-led. A new event source, on-premise or cloud-based, may provide data that no previous source did, opening doors to detect different Indicators of Compromise (IoCs) and therefore additional or more sophisticated threat use cases.

We pride ourselves on staying threat-relevant. Our MDR security is underpinned by our expert Threat Intelligence team. We work with multiple customers managing workloads across multiple cloud vendors and we operate a ‘Benefit One, Benefit All’ system. You will benefit from the lessons learnt across all our customers, as well as the detection content and playbooks that we have built to deal with a wide array of threat use cases.

Read Less

Managed Detection & Response (MDR) Diagram

Managed Detection & Response (MDR) - Talion
MDR Features
  • Fully managed, 24x7x365 threat monitoring service
  • Always on Security Operations Centre (SOC) staffed by highly skilled security analysts and underpinned by a market leading threat intelligence team
  • Mature SIEM and SOAR platform capabilities
  • Expertise in Security Orchestration, Automation & Repsonse: we have developed over 80 orchestration playbooks over the last 4 years
  • Continual development of threat relevant content, backed by threat intelligence & measured against SLAs
  • Threat Coverage Modelling, a transparent way to understand where you have threat coverage and where you are most vulnerable
  • We take the shortest path to remediation whether that’s actionable recommendations, manual actions or automated remediation
  • User & Entity Behaviour Analytics (UEBA) applies algorithms, statistical analysis, and machine learning to detect anomalies in user behaviour
  • Threat Hunting complements MDR’s defensive approach with a more offensive and proactive approach to discovering threats
  • Third party integrations to ensure coverage across your estate
  • We operate a “Benefit one, benefit all” service
  • Dedicated Service Delivery Manager to partner with your business and ensure the service is delivering on your changing needs
  • UK based Security Operations Centre and Senior Leadership Team
  • Robust processes, we are ISO 27001 and Cyber Essentials accredited

MDR Benefits

We provide all the tools, people, and processes to monitor and detect attacks before real damage is done.

Automate remediation

Quickly remove devices or systems from the network before they can cause damage.

Investigate & detect threats rapidly

Network traffic analysis improves network traffic visibility and in turn delivers rapid investigation and threat detection.

Understand your threat coverage

Our proprietary Threat Coverage Modelling enables customers to understand their security monitoring coverage in the context of the methods a cyber attacker would use.

Expose new threats

Using our data lake capabilities and our analysts skilled knowledge of how threat actors work we can perform automated and manual threat hunts across our entire data set.

Detect anomalous user behaviour fast

User and Entity Behaviour Analytics (UEBA) utilises machine learning and artificial intelligence to detect anomalous user behaviour that may pose an insider threat.

Understand the threat of high-risk insiders

Enhanced user monitoring detects the threats posed by high-risk insiders.

Our flexible MDR model lets you choose your level of interaction with our cyber experts.
Your data, demystified.
Side-by-side support.
Built around you.
Our flexible MDR model lets you choose your level of interaction with our cyber experts.
Security solutions you can see

We don’t do black-box solutions. You have full visibility across absolutely everything that goes on in our SOC, 24 hours a day, 7 days a week.

Protecting Your Business.

We’re your cyber security partner, which means we operate in a way that works for you, whether that’s working through responses together, or simply briefing you on the threats that really need your attention.

Built on your terms

We grow with your business, adapting to your changing needs, responding to the evolving threat, and putting control firmly back in your hands.

Ensuring threat coverage.
From Threat Coverage Modelling to Threat Hunting and Enhanced User Monitoring, our team of experts ensure we have you covered from all angles..
Threat Coverage Modelling

Talion’s TCM tool provides our clients with a view of how well their security monitoring aligns to the MITRE ATT&CK framework. TCM provides a coverage map for hundreds of threat actors or malware, including hundreds of techniques and sub-techniques—from types of scripts/shells to services exploited and evasion methods. Threat coverage is not a black and white exercise so we tell you to what degree you are covered, usually as a percentage, the TCM tool is then used on an ongoing basis to assess and improve your threat coverage.

TCM’s MITRE ATT&CK focus allows security teams to make informed decisions which are objective and independent of a security vendor’s view.

TCM provides security teams with a touchstone for establishing and defining an effective protection and monitoring strategy. By mapping the MITRE ATT&CK framework, attacks and sources customers can identify the most common techniques and use these as a basis to define protective moniitoring improvements or to validate the moniroting they have in place at any point in time. TCM focusses on the latest tactics, techniques and procedures used by attackers meaning that Talion’s customers can

  • improve their monitoring, detection and response capability
  • ensure they invest more effectively and protect their businesses against the threats that matter
Threat Hunting

Threat Hunting is the practice of proactively searching for threats on a network by detecting anomalies in normal user and network behaviour. This approach to cyber security is driven by the premise that it is impossible to prevent every single intrusion on a client’s estate. This approach drives the two main objectives for Threat Hunting:

1. Identify previously unknown or ongoing threats

2. Gain a deeper understanding of the client’s technical landscape to provide additional security value

Using our Azure based data lake capabilities and our analysts skilled knowledge of how threat actors work we can perform automated and manual threat hunts across entire data sets. Threat Hunting is designed to complement our existing monitoring services.

Enhanced User Monitoring

Talion’s Enhanced User Monitoring (EUM) service is a flexible service that monitors threats from employees and end users who may pose a particular risk to the business. The EUM service provides custom detection content from Talion to detect atypical user behaviour of User Entities of Interest. Where possible the Custom Detection Content is mapped and referenced to the MITRE ATT&CK Framework.

The EUM service is designed to provide enhanced user monitoring for two types of user:

  • Insider Threat Group – Users who pose a threat due to their employment situation.
  • Critical Users Group – Heightened monitoring for important employees who hold positions of power, influence or knowledge within the organisation or are working in high-risk environments.
Don't just take our word for it.
Senior Director – Security Operations - Talion

Talion’s model is based on people and partnership and not just technology… We spoke with others who aspired to this, but it simply wasn’t what they did; they had a much greater focus on dashboards and alerts. In contrast, the people at Talion told us: ‘We’re here when you need us – just pick up the phone. We can meet weekly, monthly – whatever works for you. We’re here to help.’ It was hugely important for us.

Senior Director – Security Operations

One of Britain’s Largest Technology Companies

Director of Information Security and Risk - Talion

Talion have been a fantastic partner to work with and I really see them as an extension of our team. Having the skillset and agility of a growing organisation but the talent and capability of a much larger organisation from which they were formed, BAE Systems, has proven a great combination. The team work hard to continuously demonstrate and add value to their customers and are always receptive to feedback.

Director of Information Security and Risk

One of North America’s largest providers of funeral and cemetery services

CEO – Large UK Telecommunications Company - Talion

This is a sort of cyber security arms race. Criminals are learning to do new things. One of the first calls I made on Wednesday was to Talion.


Large UK Telecommunications Company

CEO – FTSE 250 Company - Talion

At every level, [the team] gave us quantitative, analytical advice, in the moment, … [You] enabled us to take the business judgements that cyber security requires you to take.


FTSE 250 Company

Awards &

Talion are pleased to have been credited and shortlisted for awards by key industry organisations, including Cyber Essentials, Forbes Technology Council, and SC Awards Europe. This recognition is a testimony to the services Talion continue to offer to businesses worldwide.

Looking to maximise value and flexibility?
Learn how Talion and DEVO partner to achieve this.
Discuss your cyber security needs
Contact us below and one of our team will be in touch to answer your questions.

Call us on 0800 048 5775

Call us directly and we’ll put you in touch with the most relevant cyber expert.

Get In Touch With Us

Not currently free to call? Give us a brief description of what you’re looking for by filling out our form and we’ll email you as soon as we can.

CISO Cyber Dinner – Register Your Interest!

Thought-provoking cyber security discussion at Michelin-star restaurants across the UK.