Cyber Security Operations Center (SOC) with NIS2 Compliance | HORTUS Digital

HORTUS Digital

Facebook Linkedin-in Youtube
Let’s Talk

Cyber-SOC

Most Companies That Get Breached Already Had the Right Tools

// not_another_tool.cyber-soc

CYBER-SOC IS NOT ANOTHER TOOL

01

Continuous Monitoring

Signals are reviewed and correlated, not simply collected.

02

Investigation and Response

Suspicious activity is validated and acted on before damage expands.

03

Compliance in Operation

Evidence, reporting and traceability are generated as part of daily work.

guest@hortusdigital.com:~$

Cybersecurity fails when tools, alerts and responsibilities do not work together as continuous security function

Microsoft 365, endpoint protection, firewalls and other systems already generate the signals needed to detect incidents early. But signals alone do not protect the business. Someone must continuously monitor them, understand what they mean, investigate what matters and act before damage is done.

// not_another_tool.cyber-soc

CYBER-SOC IS NOT ANOTHER TOOL

01

Continuous Monitoring

Signals are reviewed and correlated, not simply collected.

02

Investigation and Response

Suspicious activity is validated and acted on before damage expands.

03

Compliance in Operation

Evidence, reporting and traceability are generated as part of daily work.

guest@hortusdigital.com:~$
Contact Us
View Service Plans

Cybersecurity is now a management responsibility.

Execution can be outsourced. Accountability cannot.

The Real Issue

Cybersecurity is not a toolset - it is an operating capability

Most organizations invest in security tools, configurations and policies. These are necessary – but they do not create protection on their own.

Incidents do not happen in reports or audits. They happen in real time – often within minutes or hours.

Without continuous monitoring, investigation and response, even the best tools remain passive. Operational execution is what turns security tools into real cybersecurity.

  • Alerts are generated but not reviewed in time
  • Suspicious activity is visible but not investigated
  • Incidents remain unresolved until damage becomes visible
  • This is not a technology problem. It is an operational one.

Compliance is not documentation.

It is something that must work every day.

Is your business protected against cyber threats?

Discover which Cyber-SOC plan best fits your organization’s security needs.

Contact Us
View Plans

The Real Decision

You Are Not Choosing a Tool - You Are Choosing How This Capability Will Exist in Your Organization

If cybersecurity must operate continuously, the question is not what technology to deploy, but how this capability will be established and maintained.

There are many leading security technologies - CrowdStrike, Palo Alto, Microsoft, Splunk and others. They are powerful platforms. Each has its place. But they do not operate themselves.

Do you build this capability yourself or use one that already exists?

No.01 · Path A

Build Internally

Create your own security operation.

  • +Full control over tools and processes
  • Significant investment and long implementation time
  • Dependence on scarce and expensive expertise
  • Typically takes months to become operational.
  • Operation and development must be handled internally.
No.02 · Path B

Partial / Tool-Based Setup

Combine tools with internal responsibility.

  • ~Often used approach
  • ~Tools are bought and configured
  • Responsibility distributed across teams
  • Compliance requirements only partially met
No.03 · Path C
Recommended

Operational Capability

Use ready-to-operate cybersecurity as a service

  • Continuous monitoring, investigation and response
  • Defined processes and clear ownership
  • Capability available from the start
  • Compliance built into daily operation

The real choice is not between technologies.

It's between partial and fully operational capability.

NIS2 / national law subjects

Your organization is required to ensure that cybersecurity is continuously operating — not only defined in documents.

  • Ongoing monitoring
  • Incident detection and response
  • Logging and traceability
  • Structured reporting

Must work in practice and be demonstrable at any time.

Suppliers and partners

Your organization may not be directly regulated, but your most important customers likely are. They are required to assess the security posture of their suppliers. As a result, they increasingly expect proof that your cybersecurity is controlled and trustworthy.

  • Continuous monitoring
  • Incident detection and response
  • Audits and questionnaires

Without this capability organizations risk losing business opportunities.

DORA / critical infrastructure operators

Organizations in financial sector and critical environments face higher expectations.

  • Operational resilience
  • Incident classification and reporting
  • Continuity and crisis handling

Must support the business during disruption.

Your Situation

Your Situation Defines Your Requirement

The required level of cybersecurity depends on your regulatory position and your role in the market.

The risk is not choosing the wrong technology,

but choosing the wrong level.

Establish a Working Cybersecurity Operation - Without Building It

HORTUS Digital Cyber-SOC provides this capability as a ready-to-operate function – without the need to design, build or staff a security operation internally.

01

Operational by design

Continuous monitoring, investigation and response — not just deployed technology.

02

Compliance built in

Evidence, reporting and traceability are generated as part of daily work.

03

Microsoft-native

Uses signals from Microsoft 365, identity and endpoints without a complex new stack.

04

Clear responsibility

Operating, governance and execution roles are separated and transparent.

05

Fast to start

Activated in a structured way without long architecture design projects.

HORTUS Digital operates

Monitoring, investigation, response, evidence and reporting.

Management governs

Risk decisions, accountability, priorities and regulatory ownership.

IT executes

Required changes, access, remediation and infrastructure coordination.

You are not buying technology. You are putting a working cybersecurity operation in place.

Service Levels

Choose The Level That
Matches Your Responsibility

This is not a technical choice.

It defines your level of protection and
your ability to meet regulatory requirements.

#1 Monitor & Respond

€8 per unit / month Minimum €360 a month

Operational baseline

Monitoring, detection and automated response are in place - providing active protection without full compliance capability.

Contact Us

Risinājumā ietilpst:

  • 24/7 monitoring and alerting

  • Automated response with standardized SOAR playbooks

  • Identity, endpoint and email coverage

  • Basic reporting and visibility

  • Includes active response, but does not provide full investigation depth, structured reporting or compliance lifecycle. Not sufficient for NIS2 / regulatory requirements.

#2 Managed Compliance

€17 per unit / month Minimum €850 a month

Regulatory baseline

Full operational capability with integrated compliance functions. Monitoring, investigation, response and reporting as required by NIS2/national cybersecurity law.

Contact Us

Risinājumā ietilpst:

  • Everything in Plan #1

  • Full incident lifecycle management

  • Investigation and validation of incidents

  • Structured reporting and evidence generation

  • Compliance-aligned processes

  • Weekly summaries and management reporting

  • Minimum level required for NIS2 / national cybersecurity law compliance.

#3 Cyber Resilience

€45 per unit / month Minimum €3'600 a month

Operational resilience

Extended capability for resilience, continuity and crisis-level incident handling.

Contact Us

Risinājumā ietilpst:

  • Everything in Plan #2

  • Advanced incident classification in DORA context

  • Crisis coordination support

  • Business continuity alignment

  • Resilience and recovery support

  • Required for DORA-regulated and critical infrastructure environments.

Pricing is based on the number of protected units: users, devices and systems. Final scope is confirmed during initial assessment.

The risk is not choosing a provider.

The risk is choosing a level that does not match your obligations.

Foundation

Cyber-SOC as The Foundation

Cyber-SOC establishes the operational foundation of cybersecurity. Detection, response and compliance are the first step.
Contact Us
View FAQ

Additional capabilities – such as advanced identity protection, privileged access control and data recovery – are typically built on top of this foundation as organizations mature their cybersecurity posture.

  • These are delivered as separate, focused solutions.
+ Identity protection + Privileged access control + Data recovery

Understand Your Position - Before Making a Decision

In a short session, we assess your current environment, regulatory obligations and required operational cybersecurity level.
You receive a clear recommendation aligned with your actual responsibilities and risk profile.

  • Identification of your regulatory position
  • Evaluation of current capability
  • Recommended service level
  • Key gaps and next steps

Start Assessment

Clarify whether Plan 1, Plan 2 or Plan 3 matches your actual responsibility and risk position.
No preparation required
No technical deep dive
No commitment
Contact Us

FAQ

Frequently
Asked Questions

Answers to common questions about the Cyber-SOC service.

If you have additional questions,
our experts are always ready to help.

What is a SOC (Security Operations Center)?

A SOC is not a system or a tool. It is a continuous operational function that monitors, investigates, and responds to cybersecurity incidents — 24/7.