26 01732 759725 With the completion of its fifth acquisition of 2025, Redsquid claims to have become the first B Corp-certified managed services provider and Cyber Essentials Governing Body to have its own fully integrated SOC with a 24/7 MDR capability powered by its own proprietary automation technology. There are a lot of elements in this formulation, but there is no doubt that the addition of Cyberseer’s SOC brings new capabilities to the fast-growing MSP, which through 11 acquisitions in the last two years has increased its headcount to 125 and its customer base to 1,800 and extended its geographic coverage from the M25 to Scotland. Cyberseer was founded in 2014 by Adrian Hunt and Garath Lauder to provide advanced threat detection and response based upon machine learning and behavioural analysis pioneered by Darktrace, set up the year before in 2013. “We took Darktrace on very early on,” explains Hunt. “I think we were number two for them as a partner, and we built a service around that. Then, over time, we’ve added a small stable of other products based on what we consider to be bestof-breed – Exabeam, Microsoft Sentinel and, on the EDR front, CrowdStrike and Microsoft Defender. We also have Google SecOps.” Using this small set of products, Cyberseer provides a range of services including managed detection & response, managed SIEM, managed EDR, managed NDR and incident response enhanced with its own capabilities, notably its proprietary automation platform, ASPECT. ASPECT connects to the APIs of a client’s cybersecurity solutions, takes out information flagged as interesting, applies its proprietary scoring logic to them, automatically manages and responds to low-level alerts and escalates ones that require deeper analysis to a team of forensic analysts. “Our analysts are what we consider Level 3. We don’t have screen watchers. I know that’s quite a derogatory term, and I don’t mean it to be, but we don’t have people who sit there looking at screens, clicking on alerts, going this needs to be raised up to someone. We rely on the technology to do that. We rely on our rules and our logic. We’ve been doing this for multiple years now and we know it works. We have blind pen‑tests, and we never miss anything, which is down to the front-end technologies, the onboarding that we do, our rule sets and ASPECT escalating things to the right people,” explains Hunt. Standardised workflow “Some people call ASPECT a SOAR (Security Orchestration, Automation and Response) but I started designing it in 2017, before things like SOAR existed, to automate the process of taking the information that these front-end technologies produce when finding the needle in the haystack and applying a standardised workflow to it that does away with the tedious things that an analyst needs to do whenever something comes in, such as external IP address enrichment. We take all of that away and standardise it and enforce it, so when we actually escalate that up to the on-call analyst, they have full context around what is going on. “ASPECT is really good at what it does. Our acknowledgement time is less than a minute, and just over 14 minutes for the resolution, which includes escalation to the customer. Our analysts are very comfortable escalating to whoever is on the end of the phone and taking them through the process. With some, we just hand it off to them to deal with, but others will require more hand-holding.” Another important element in Cyberseer’s success, alongside ASPECT and the expertise of its analysts, is a comprehensive onboarding process when it looks at a customer’s environment, tunes that environment and deploys its own models and its own rules to ensure everything works as it should. According to Hunt, this also helps build trust with the client. “A lot of our customers will ring us and just ask us for some advice around security. They don’t need to, they’ve got other consultants, but they trust us. And that’s really key in this industry, particularly at two o’clock in the morning when it’s all gone wrong, having someone on the end of the phone who knows you, who knows your environment, who’s not going to give you any waffle but is going to talk to you sensibly and get you to that point where you are in a resolution phase,” he explains. Increased workload Cyberseer currently has 11 staff and 22 customers, the smallest of which has just under 200 people and the largest several thousand. As part of Redsquid, its workload will increase substantially as the MSP retires its previous SOC elements and, over a period of time, migrates customers to Cyberseer while also marketing its services to more of the Group’s 1,800 Redsquid’s fifth acquisition of 2025 puts it in a league of its own Cyberseer brings new capabilities to Redsquid CYBERSECURITY Adrian Hunt
RkJQdWJsaXNoZXIy NDUxNDM=