Alcon Cyber Defence Center delivers scalable, intelligent, always-on security operations built for the modern enterprise — across three powerful service tiers.
Alcon's AI-Driven Next-Gen SOC as a Service delivers enterprise-grade security operations across three distinct tiers — each designed to match your organisation's maturity, operational requirements, and risk appetite.
Essential monitoring and detection for organisations starting their security operations journey.
24×7 analyst-driven operations with SOAR automation and guided Incident Response.
AI/ML-powered autonomous security with managed, policy-driven Incident Response and continuous tuning.
The threat landscape has never been more complex. In-house security teams face mounting pressure without the tools, talent, or coverage to keep pace.
Attack volume and sophistication continue to accelerate across all sectors.
Security teams are overwhelmed by high-volume, low-context alerts.
Most organisations lack continuous visibility outside business hours.
In-house teams struggle to investigate and validate threats at scale.
Without structured workflows, response times remain dangerously slow.
Regulatory requirements demand documented security operations and reporting.
Manual detection alone cannot match the speed of modern threats.
Security investment must scale with organisational maturity and risk appetite.
Measurable security value across every stage of your organisation's cyber maturity journey.
Always-on monitoring across your environment, 24×7.
AI/ML-driven detections reduce time-to-detect across all tiers.
Analyst-reviewed alert triage reduces noise and false positives.
Three tiers designed to grow with your security maturity.
Advanced analytics and autonomous workflows at the ADVANCED tier.
Choose BASIC, PREMIUM, or ADVANCED to match your risk profile.
Expand with IR, Threat Hunting, VAPT, and more.
Structured reporting, SLAs, and governance at every tier.
Each tier is designed to match your organisation's maturity, operational requirements, and risk appetite.
A structured view of capabilities available across each service tier.
| Capability | Basic | Premium | Advanced |
|---|---|---|---|
| Core Monitoring | |||
| SOC Monitoring Coverage | 8×5 | 24×7 | 24×7 |
| Human Analyst Oversight | Limited | ||
| Threat Detection + AI/ML | |||
| Alert Triage | |||
| Threat Intelligence Enrichment | |||
| Automated Investigation | |||
| Detection & Response | |||
| Custom Use Cases | |||
| SOAR | |||
| Incident Response Support | Add-On Only | ||
| Endpoint ZeroTrust Policy Control | |||
| Threat Advisories | |||
| Custom Integrations | |||
| VAPT | |||
| Advanced / Autonomous | |||
| Autonomous / Policy-Driven Response | |||
| UEBA | |||
| Threat Hunting | |||
| Executive Reporting / Risk Consulting | |||
A structured, repeatable workflow ensures every security event is captured, triaged, investigated, and resolved.
Onboarding of log sources, SIEM integration, and data normalisation.
24×7 event monitoring, correlation, and anomaly detection.
Automated and analyst-assisted triage to prioritise actionable events.
Contextual validation of alerts to confirm true positives.
Automated and analyst-led investigation with threat intelligence.
Guided or managed response actions via SOAR playbooks.
Structured service reporting weekly, monthly, or quarterly.
Ongoing detection tuning and continuous improvement.
Every tier produces structured, documented outputs. Reporting depth and investigation detail increase progressively with each tier.
| Deliverable | Basic | Premium | Advanced |
|---|---|---|---|
| Alert Notifications | Included | Included | Included |
| Triage Outputs | Included | Included | Included |
| Investigation Reports | Basic | Analyst-reviewed | Expert-led |
| Incident Reports | On request | Included | Included |
| Monthly Service Report | Included | Included | Included |
| Weekly Report | Not included | Included | Included |
| Quarterly Executive Report | Not included | Not included | Included |
| Threat Advisory Notifications | Not included | Included | Included |
| Service Review Meeting | Quarterly | Monthly | Monthly |
| Risk Review & Consulting | Not included | Not included | Quarterly |
| Onboarding Documentation | Standard | Guided | Priority + tailored |
Structured SLA framework, tiered reporting cadence, and regular governance reviews at every level.
All add-on packs can be purchased at contract start or activated mid-contract — giving customers the flexibility to evolve their security posture.
Structured IR support for BASIC tier organisations or those requiring enhanced response capability beyond their current tier.
Proactive, analyst-led threat hunting to identify hidden threats and advanced persistent activity within your environment.
Tailored reporting outputs designed to meet specific stakeholder, board, or regulatory requirements.
Vulnerability Assessment and Penetration Testing to identify and prioritise exposure across your attack surface.
Strategic risk consulting support including risk reviews, advisory outputs, and governance alignment for leadership teams.
Development of custom log source parsers and integrations to extend SIEM coverage beyond standard supported sources.
Framework components and documentation areas developed to support full service operationalisation, customer onboarding, and ongoing governance.
Documented SOC process flows and methodology followed in service delivery.
Platform capability overview covering all integrated tools and technologies.
High-level service architecture diagram illustrating the full stack.
Structured deliverables documentation aligned to each tier.
Defined service level agreements and key performance indicators per tier.
Reporting templates, cadence, and distribution framework.
Shared team structure showing analyst roles, escalation paths, and coverage model.
Defined escalation paths for incidents, service issues, and critical events.
Contact and escalation call tree for operational support.
Clearly documented assumptions, service disclaimers, and out-of-scope activities.
Alcon's AI-Driven Next-Gen SOC as a Service provides organisations with the security operations capability, intelligence, and resilience needed to defend against modern threats — at every stage of their cyber maturity journey.