Delivering Managed SOC & Vulnerability Services
A national UK charity was managing a complex IT environment — cloud-based services, a distributed workforce, and a growing dependence on digital operations — without any formal security management programme, dedicated security tooling, or visibility of its threat landscape.
Like many organisations in the charity sector, the assumption had been that cyber threats were primarily a corporate concern. The reality, increasingly, is the opposite. Charities hold sensitive beneficiary data, process significant financial transactions, and operate with lean IT teams — making them attractive targets and, without proper controls, relatively accessible ones.
Data Defence was engaged to assess the organisation’s security posture and define a realistic, structured path to genuine cyber resilience. What followed was a two-year journey that fundamentally changed how the organisation understands and manages its security risk.
Building the foundation: managed vulnerability management.
The first service deployed from the roadmap was the Managed Vulnerability Management Service — not because it was the most visible, but because it was the most important foundation to get right. You cannot prioritise remediation without knowing what you are remediating. You cannot tune a SOC without understanding the environment it will be watching.
Data Defence’s vulnerability management approach deliberately departs from simple CVS score-following. A critical vulnerability that cannot be exploited in a given environment is not the same business risk as a medium-severity vulnerability that is exposed to the internet with no compensating controls. Our approach considers exploitability, asset criticality, compensating controls, and operational context — ensuring that remediation effort is focused where it will have the greatest impact on real risk, not theoretical severity.
Continuous scanning covered both internal infrastructure and the external attack surface. Findings were tracked in a managed programme with clear ownership, remediation timelines, and monthly reporting that showed progress over time rather than just a point-in-time snapshot. Within the first six months, the organisation had reduced its critical and high-risk findings by over 70% and had, for the first time, a complete and accurate picture of its asset estate.
Related Case Studies
- Developed a full Cyber Incident Response Policy, Plan, and Procedure
- Created technology-specific playbooks tested through live tabletop exercises
- Delivered executive and technical workshops building organisation-wide readiness
- Built a template framework enabling the client to author future playbooks independently
- Deployed a fully managed SOC
- Introduced continuous vulnerability detection
- Enhanced enterprise-wide cyber resilience
Outcomes and ongoing improvement.
The engagement delivered a transformation in security posture over a two-year period — from an organisation with no formal security programme and no threat visibility, to one with a continuously improving, proactively managed security operation.
- The work does not stop here. The roadmap continues into year three, where the focus moves to deepening ISMS governance, extending XDR coverage, and conducting the first full roadmap and maturity review. The charity now has a security programme that is not only fit for purpose today, but designed to evolve with its environment and the threat landscape.