Stop attackers before they reach the boardroom.
Senior-led detection, response and prevention. We protect your people, devices, identities and data the way a modern adversary tries to breach them.
FACG runs a follow-the-sun Security Operations Centre across the UK and Pakistan, staffed by analysts holding CISSP, GCIH, GCFA and OSCP. We are tooling agnostic and integrate with your existing Microsoft, AWS, Google or on-premise estate, so security stops being a parallel universe and starts being part of how the business runs.
Every engagement starts with a written threat model and gap assessment so spend is justified, not assumed. From there we deploy detections that map to MITRE ATT&CK, write incident response runbooks tailored to your environment, and rehearse them with you twice a year. When a real incident lands you are not reading playbooks for the first time at 3am.
We also act as your virtual CISO. That means board-ready reporting, vendor security reviews, cyber insurance evidence packs and quarterly tabletop exercises. The brief is simple: reduce risk in measurable terms and give leaders a story they can defend.
Capabilities included
Managed SOC, 24/7
Wazuh, Microsoft Sentinel or Splunk tuned to your estate, with named senior analysts and a 15 minute response SLA on P1.
Endpoint detection & response (EDR)
Microsoft Defender, CrowdStrike Falcon or SentinelOne deployed, baselined and continuously hunted.
Identity & access hardening
MFA, Conditional Access, privileged identity management, joiner-mover-leaver automation and risky sign-in remediation.
Vulnerability management
Authenticated scanning, internal and external, prioritised by exploitability and business impact, not just CVSS.
Penetration testing
Web, network and cloud assessments delivered by CREST-aligned testers with retest included.
Incident response retainer
Pre-arranged contract, evidence-grade forensics, ransom negotiation support and regulator and insurer liaison.
Phishing simulation & training
Quarterly simulated campaigns plus role-based learning paths for finance, exec and developer teams.
Cloud security posture
CSPM for Azure and AWS, hardening guardrails, IAM least-privilege reviews and encryption baselines.
Email & collaboration security
Defender for Office 365, DMARC enforcement, SharePoint and Teams external sharing controls.
Tools we work with
Vendor-neutral. We pick the right fit for your scale, budget and existing investment.
Our delivery process
Baseline
Threat model, asset inventory and gap assessment against ISO 27001 Annex A and CIS Controls v8.
Deploy
Roll out detections, EDR and identity controls in 2 to 4 weeks with weekly progress checkpoints.
Operate
24/7 monitoring, monthly hunting sprints, quarterly purple-team exercises and continuous tuning.
Report
Monthly metrics, quarterly board pack, annual maturity score against a recognised framework.
What lands on your desk
Every engagement produces concrete artefacts you own and can show to your board, auditor or buyer.
- Written threat model and risk register reviewed every quarter
- SIEM with at least 60 high-fidelity detections mapped to MITRE ATT&CK
- EDR deployed on 100% of endpoints with weekly health and posture report
- Incident response runbooks for the top 12 scenarios applicable to your business
- Quarterly phishing simulation results with department-level breakdown
- Annual penetration test report with retest included
- Board-ready security pack with KPIs, KRIs and budget justification
- Cyber insurance evidence pack maintained on demand
Common questions
Do we have to rip and replace our existing security tools?
Almost never. We are vendor neutral and prefer to extract more value from what you already pay for. The first 30 days are usually about tuning, not buying.
How fast can the SOC be live?
For a typical 25 to 50 user organisation we are ingesting logs and alerting in 10 working days. Full coverage including identity, endpoint and cloud usually takes 4 to 6 weeks.
What happens during a real incident?
You call one number. A senior analyst takes ownership in 15 minutes or less, drives containment, coordinates evidence preservation and gives you and your insurer a documented timeline.
Can you support Cyber Essentials Plus and ISO 27001?
Yes. We have helped over 30 organisations pass Cyber Essentials Plus on first attempt and run full ISO 27001 implementation programmes including internal audit.
Get a no-cost cyber posture review
A 60 minute session with a senior analyst. You walk away with a written summary, top 5 risks and a prioritised remediation plan. No obligation, no sales pitch.