What you can cancel on Monday

Stop buying security in pieces.
Start being actually protected.

The average SMB with 40 endpoints pays for standalone antivirus, a managed firewall, annual pen tests, vulnerability scanning, dark web monitoring, and Cyber Essentials certification — all from different vendors, none of them talking to each other.

SOC in a Box replaces or surpasses every one of those line items with a single service, watched 24/7 by a named analyst backed by eight years of AI. The maths aren't close.

Standalone EDR £1,800/yr
Managed firewall £3,600/yr
Annual pen test £4,500/yr
Awareness training £500/yr
Vulnerability scanning £2,400/yr
DLP £1,060/yr
Dark web monitoring £600/yr
Cyber Essentials £3,200/yr
Cyber Liability Insurance £500/yr
Your current piecemeal security spend £18,160/yr
SOC in a Box — Medium (50 assets) £7,200/yr
Your annual saving £10,960/yr

Figures based on a typical 40-person professional services firm (South East England, 2025 pricing survey).

Pricing

Not the cost of a SOC.
The cost of not having one.

Avg. breach cost

£15,300

Average cost of a cyber breach for a UK SMB (DCMS 2024).

ICO fines

£8k–£175k

Typical ICO fines for SMBs following a reportable data breach.

Lost business

Incalculable

Client trust, reputational damage, and contract losses after a breach.

SOC in a Box

39p

per asset per day

From 39p per asset per day. Cancel anytime.

£335/month

Up to 25 assets · 44p per asset per day

  • Physical or virtual appliance
  • 24/7 monitoring by SOC365
  • Named analyst
  • EmilyAI triage (8 years in production)
  • SMB Data Loss Prevention
  • DecoyPulse deception sensors
  • Active cyber defence
  • Vulnerability management
  • Threat intelligence
  • Attack surface management
  • Cyber Essentials certification
  • Cyber Liability Insurance
  • Confidence Score dashboard
  • Incident response
CREST-certified MoD supply chain approved Cyber insurance included Cancel anytime

Want us to handle the entire deployment? See the concierge service — available on any plan.

Frequently asked questions

Questions we get asked every week.

Most clients cancel or don't renew: standalone EDR/antivirus, managed firewall monitoring, annual penetration tests, vulnerability scanning subscriptions, security awareness training platforms, dark web monitoring services, Cyber Essentials certification fees, and separate cyber liability insurance policies. SOC in a Box replaces or surpasses all of these.

EmilyAI is our AI-augmented triage engine, in production since 2018. It pre-processes every alert, eliminates 92% of noise, enriches context with threat intelligence, and hands your human analyst only the signals that matter. Eight years of production data means fewer false positives and faster response than any vendor who launched their “AI” last year.

Sensitive data classification, exfiltration monitoring (USB, cloud, email, shadow IT), pre-built policies for legal, accountancy, healthcare and professional services, insider threat detection with per-user behavioural baselines, and board-ready monthly reporting. Designed for small teams — not 10,000-seat enterprises.

Five working days from scoping call to fully monitored. Day 1: scoping call. Day 2: appliance ships (next-day UK mainland delivery; virtual appliance available within 1 hour). Day 3: plug in and connect — under one hour to go live. Day 4: tuning, baseline, and DecoyPulse positioning. Day 5: 24/7 monitoring live with your named analyst.

No. SOC in a Box runs on the same SOC365 platform that protects MoD supply chain contractors and regulated enterprises. Same detection engine, same analyst team, same EmilyAI. The only difference is packaging and pricing — designed to make enterprise-grade security accessible to SMBs.

Cancel anytime. No lock-in, no exit fees, no minimum term beyond the current month. We keep clients by delivering value, not by trapping them in contracts.

Proactive threat hunting, dark web monitoring, attack surface management, vulnerability management with real-world exploitability prioritisation, and active remediation — including endpoint isolation, indicator blocking, and containment using your pre-approved response playbooks. We don’t just watch. We hunt.

Continuous scanning of dark web marketplaces, criminal forums, paste sites, and Telegram channels for your credentials, domains, email addresses, and data. When a match is found, your named analyst alerts you immediately and takes pre-agreed action — password resets, access revocation, or escalation.

Continuous discovery of your external-facing assets — domains, subdomains, exposed services, open ports, shadow IT, and third-party integrations. You see what an attacker sees. Updated continuously, not once a year in a pen test report. Findings are triaged by your analyst and integrated into your Confidence Score.

Yes. SOC in a Box includes Cyber Essentials certification consulting, audit preparation, and the badge. Once certified, the government-backed Cyber Liability Insurance policy is included at no extra cost. Certification and cover from the same box.

An optional on-site deployment service available on any plan. A CREST-certified engineer comes to your site for three days — installs the appliance, deploys DecoyPulse sensors, configures DLP policies, introduces your named analyst, and hands over a fully operational SOC. You don’t lift a finger.

One box. One analyst. One invoice.
Eight years of AI behind it.

Book a 30-minute scoping call. We'll map your current security spend, show you what you can cancel, name your analyst, and quote your price — with no obligation.

Book your scoping call

5 working days to live monitoring · Next-day UK delivery · Cancel anytime