Question 1

What is a CISO?

Accepted Answer

A Chief Information Security Officer (CISO) is responsible for setting and leading the organisation’s cyber security strategy. Their role is to align cyber risk management with business priorities, ensuring risks are understood, managed and communicated clearly at an executive level.

They act as a bridge between technical teams and the board, providing insight, assurance and strategic direction.

Question 2

Are on-premise firewalls still required if I move to SASE?

Accepted Answer

It depends on the desired architecture. On-premise firewalls may remain to be used to simply ensure resilient access to SASE services through SD-WAN or may used for LAN segmentation in support of the wider security architecture. Typically requirements for on-premise firewall are greatly reduced which will save licensing costs and management overheads. In some cases only a router may be desirable.

Question 3

How are security policies managed and updated in a SASE environment?

Accepted Answer

Policies are centralised in a cloud management plane, allowing administrators to apply rules across all users, devices, sites and cloud workloads. Updates propagate automatically without manual configuration on individual endpoints.

Question 4

What role does Cloud Access Security Broker (CASB) play in a SASE architecture?

Accepted Answer

CASB monitors and enforces security policies for cloud applications, ensuring data protection, compliance, and visibility into shadow IT activity within a SASE framework.

Question 5

How does SASE improve performance for remote users compared to traditional VPNs?

Accepted Answer

SASE routes traffic through distributed cloud points of presence, reducing latency and improving connection reliability for remote and hybrid teams, while still enforcing security policies.

Question 6

Can SASE enforce identity-based access across multiple cloud providers?

Accepted Answer

Yes. SASE applies consistent access policies across AWS, Azure, Google Cloud, and other platforms, ensuring that authentication and authorisation are aligned with Zero Trust principles.

Question 7

How does SASE combine SD-WAN and security services?

Accepted Answer

SASE integrates networking (SD-WAN) with security controls such as SWG, CASB, FWaaS and ZTNA, delivering both connectivity and protection from a single cloud-managed platform. SD-WAN can also be achieved standalone without SASE to provide for resilient internet capabilities.

Question 8

How does micro-segmentation work within a Zero Trust architecture?

Accepted Answer

Micro-segmentation divides the network into isolated zones, enforcing strict access control at the application and workload level. This limits lateral movement if an account or device is compromised. Its often fairly simple to further segment user to user communications limiting the “blast radius” in the event of a single user device being compromised.

Question 9

What methods are used to continuously verify user and device trust?

Accepted Answer

Verification relies on multiple signals, including device posture, location, user behaviour, access history and threat intelligence. Policies adapt in real-time to reduce risk exposure. Many solutions can even utilise signals from other solutions such as anti-malware or threat intelligence platforms.

Question 10

Can Zero Trust integrate with existing Identity and Access Management (IAM) systems?

Accepted Answer

Yes. Zero Trust works alongside IAM solutions, enabling strong authentication, single sign-on and centralised policy enforcement without replacing current infrastructure. Its always worth checking that your ZTNA solution of choice supports your existing Identify solution.

Question 11

How does Zero Trust handle multi-cloud and hybrid environments?

Accepted Answer

Zero Trust solutions can enforce identity-based policies consistently across on-premises, private and public cloud workloads. Continuous verification ensures secure access regardless of where resources reside. A ZTNA solution may be implemented centrally to do this or through the amalgamation of various ZTNA capable tools depending on the environment and requirements.

Question 12

What is the difference between Zero Trust Network Access (ZTNA) and traditional VPNs?

Accepted Answer

ZTNA grants access based on identity and device posture rather than network location. Traditional VPNs adopt a "castle and moat” style whereby access is granted once to allow access to internal resources. A ZTNA approach on the other hand continuously reviews access rights, limits lateral movement and provides granular access control to applications rather than the full network.

Question 13

What role does a SOC play in secure networking?

Accepted Answer

A Security Operations Centre (SOC) provides continuous monitoring, detection, and response across network and cloud environments. In a secure networking strategy, a SOC ensures that access controls, segmentation, and configurations remain effective over time. Our purpose-built SOC, known as vSOC, helps identify suspicious behaviour, detect misconfigurations, and respond quickly to incidents, reducing both risk and dwell time.

Question 14

How does micro-segmentation reduce cyber risk?

Accepted Answer

Micro-segmentation reduces cyber risk by dividing networks into smaller, isolated segments based on function and sensitivity. This limits lateral movement within the environment, meaning that if an attacker gains access to one area, their ability to move to other systems is restricted. Micro-segmentation is especially valuable for protecting critical assets, sensitive data, and regulated workloads.

Question 15

What is SASE and how does it improve network security?

Accepted Answer

Secure Access Service Edge (SASE) is a cloud-based security model that combines networking and security services into a single framework. It improves network security by delivering consistent access controls, threat protection, and monitoring regardless of user location. SASE is particularly effective for organisations with remote users, cloud applications, and hybrid infrastructure, as it reduces complexity while improving visibility and control.

Question 16

How does Zero Trust networking differ from traditional network security?

Accepted Answer

Traditional network security assumes trust once a user is inside the network, often relying on VPNs and perimeter defences. Zero Trust removes this assumption by continuously verifying users, devices and access requests. Access is granted based on identity, context and risk rather than location. This reduces the risk of credential misuse, limits lateral movement and provides stronger protection for cloud and remote access scenarios.

Question 17

What is secure networking and why is it important?

Accepted Answer

Secure networking is an approach to network security that combines modern access controls, monitoring, and architecture to protect users, data, and infrastructure across distributed environments. It is important because traditional perimeter-based security models are no longer effective in cloud-first and hybrid organisations. Secure networking reduces attack surfaces, improves visibility, and limits the impact of breaches by enforcing identity-based access and continuous verification across the network.

Question 18

How do I get access to the vSOC Connect Console?

Accepted Answer

Access is provided as part of your managed services with Data Connect. To get started, book a demo or speak to one of our experts to explore how the platform console can support your organisation.

Question 19

How does the console support decision-making at the board level?

Accepted Answer

The vSOC Connect Console empowers boards with clear, visual insight into cyber maturity, progress, and investment impact. Through benchmarking, heatmaps, and Gantt charts, it shows exactly where resources are being directed and what progress is being made. Executives can access board-ready reports at any time, while all users have ongoing support available directly through the portal.

Question 20

Can I customise my dashboard in the vSOC Connect Console?

Accepted Answer

Absolutely. You can tailor your dashboard view to focus on the metrics that matter most to you, enabling more efficient prioritisation and quicker access to key insights.

Question 21

Is the vSOC Connect Console suitable for non-technical users?

Accepted Answer

Yes. The console is designed with all stakeholders in mind, offering an intuitive, user-friendly interface and clear reporting dashboards ideal for both technical and executive-level users.

Question 22

How does the console help with compliance, like Cyber Essentials Plus?

Accepted Answer

The vSOC Connect Console supports your compliance journey by providing continuous monitoring, tracking certification readiness in real time, and highlighting where your organisation falls short. Compliance alone can lead to complacency, so our approach helps you understand what actions are needed and ensures ongoing improvement. With access to technical support throughout the year, our services also provides a roadmap for strengthening security and addressing gaps you might not know to discuss.

Question 23

Which services are available through the console?

Accepted Answer

You can access the full suite of vSOC managed services via the console, including:

vSOC Assure (Cyber Risk Management)
vSOC CERT (Cyber Essentials Review Toolkit)
vSOC Recon (Vulnerability Management)
vSOC Manage (Managed Firewall)
vSOC Alert (Managed Detection & Response)
vSOC Aware (Security Awareness Training)

Question 24

What is the vSOC Connect Console?

Accepted Answer

The vSOC Connect Console is our centralised cyber security platform that provides full visibility, control, and actionable insights across all your managed services. It acts as your organisation's cyber security command centre.

Question 25

What kind of organisations do you partner with?

Accepted Answer

We work with a wide range of partners, including managed service providers, IT consultancies, and security resellers. Whether you’re looking to expand your service offering or strengthen client security, we’re here to support you.

Question 26

What are the benefits of partnering with Data Connect?

Accepted Answer

As a partner, you gain access to our expert security team, the vSOC Connect Console, and a suite of managed services you can offer to your own clients. We provide sales enablement support, co-branded collateral, and ongoing technical assistance to help you grow your business.

Question 27

How do I become a Data Connect partner?

Accepted Answer

Becoming a partner starts with a conversation. Get in touch with our partnerships team to discuss your goals and explore how we can work together. We carefully evaluate all potential partners and technologies to ensure alignment, focusing on organisations that share our cyber security values and want to bring customers the right solutions.

Question 28

What certifications and experience does the Data Connect team have?

Accepted Answer

Our team is made up of subject matter experts with extensive hands-on experience and a wide range of industry-recognised certifications. Unlike IT-focused providers, everything we do is centred on security. We’re not a compliance organisation - we bridge the gap between technical detail and practical security, ensuring every decision supports a stronger, more resilient posture.

Question 29

Can I speak with a current Data Connect customer before signing up?

Accepted Answer

Absolutely. While we prioritise our clients’ privacy and security, we’re happy to arrange a direct conversation between you and one of our existing customers. Just get in touch to set up a call.

Question 30

What is the vSOC Connect Console and how does it work?

Accepted Answer

The vSOC Connect Console is your central hub for managing all cyber security activity in one place. It allows you to oversee projects, allocate tasks, and track progress across every service. The platform brings together internal performance data and third-party metrics, such as penetration testing results, to give stakeholders a clear, real-time view of where you stand and what actions are needed next.

Question 31

Who typically uses Data Connect’s services?

Accepted Answer

We work with organisations that want to better understand their current security position and gain external verification of their defences. Many have capable IT teams but lack dedicated security specialists. In a landscape where threats are constantly evolving, we help them make the most of what they have, close critical gaps, and gain the reassurance that their “doors and windows” are properly secured.

Question 32

What makes Data Connect different from other cyber security providers?

Accepted Answer

We build lasting relationships through exceptional service and trusted expertise. Our high customer retention rate reflects our commitment to helping and supporting our clients every step of the way. We deliver managed services through our own vSOC Connect Console, combining our managed services with technical excellence to provide outstanding value, visibility, and long-term partnership.

Question 33

What is a retrohunt?

Accepted Answer

New rules can be run against all data within the platform, enabling searches for newly identified IOCs across retained data (up to 12 months).

Question 34

How long are logs and events retained in the platform?

Accepted Answer

They are retained for a standard period of 12 months in fully searchable hot storage, ensuring fast access and immediate availability for queries, audits, or operational needs throughout that time.

Question 35

How are events collected into the platform?

Accepted Answer

Typically a physical or virtual forwarder will be deployed onsite to collect and forward logs into SecOps. Cloud-to-cloud API pulls are also widely available for various cloud applications. SecOps provides flexible, secure paths to get every event into the platform without opening inbound firewall ports or deploying heavy agents.

Question 36

How long does it take to get fully deployed?

Accepted Answer

Initial setup is quick and Data Connect will help support customers in onboarding log sources, rule tuning typically then takes 2–4 weeks.

Question 37

Where is your Security Operations Centre (SOC) based?

Accepted Answer

Our SOC is based in the UK, where it's closest to our customers.

Question 38

Which log sources, SaaS apps, clouds and security tools do you integrate with out-of-the-box?

Accepted Answer

We integrate with 600+ connectors including Google Cloud, AWS, Azure, Microsoft 365, Azure, Okta, CrowdStrike, Palo Alto Networks and Cisco.

Question 39

Can penetration testing cover all areas of our business?

Accepted Answer

Yes. We assess networks, applications, cloud infrastructure, APIs, physical premises, and staff awareness through red teaming, social engineering, and advanced breach simulations—providing a complete view of your attack surface.

Question 40

How do we maximise the value of a penetration test?

Accepted Answer

By addressing basic security controls first, you reduce easy wins and allow testers to focus on deeper, more complex vulnerabilities—unlocking the greatest insight and strengthening your overall security posture.

Question 41

How does penetration testing improve security beyond identifying vulnerabilities?

Accepted Answer

Our approach goes further than finding flaws. Combined with vSOC Assure, it provides strategic actionable insights, strengthens processes, and guides ongoing improvements across your IT environment.

Question 42

Why choose CREST-accredited penetration testing?

Accepted Answer

CREST accreditation ensures our testers operate to the highest standards of skill, ethics, and methodology, giving you confidence in the reliability of findings and compliance with audit, regulatory, and supply chain requirements.

Question 43

What are the outcomes of a cyber attack?

Accepted Answer

What can happen if your organisation is targeted by a cyber attack?

Cyber attacks can result in a wide range of consequences, including:

Malware and ransomware infections - Data breaches and loss of personal or customer information - Supply chain compromises - System sabotage or operational disruption - Theft of intellectual property or funds - Reputational damage and loss of customer trust.

Training staff to recognise early warning signs helps prevent these outcomes and builds a proactive line of defence.

Question 44

What to expect from basic security training?

Accepted Answer

A strong security awareness programme needs to teach you how to spot threats like phishing and social engineering. It builds awareness, safe habits, and empowers you to act as a human firewall, protecting both company and personal data. As a minimum, training should include password security, GDPR, clean desk policies, oversharing of personal information, information security and computer accessibility.

Question 45

How often should we run security awareness training?

Accepted Answer

We recommend running training throughout the year, reinforced with regular phishing simulations and relevant content. Our team helps you define a sustainable cadence that aligns with your risk profile and organisational culture.

Question 46

Can you track who is vulnerable and who needs extra support?

Accepted Answer

Yes. The vSOC Connect Console provides data on user engagement and performance. You can identify which users are excelling, who needs further training, and where to focus remediation for maximum impact.

Question 47

How is training content delivered and kept engaging?

Accepted Answer

We use a wide range of formats - including videos, quizzes, games, posters, and newsletters - to keep content fresh and accessible. Training is gamified and aligned to current threats to ensure ongoing engagement and long-term knowledge retention.

Question 48

What types of phishing simulations do you run?

Accepted Answer

Our simulations reflect real-world attack vectors - including credential harvesting, malicious attachments, QR code scams, and spear phishing. These exercises are designed to mimic modern threats, helping your team identify and report suspicious activity with confidence.

Question 49

How is vSOC Aware different from off-the-shelf training platforms?

Accepted Answer

Unlike generic awareness tools, vSOC Aware is a fully managed service delivered by experienced cyber security professionals. We tailor each programme to your organisation’s risk profile, incorporate real-world simulations, and provide campaign insights that drive measurable behaviour change.

Question 50

Can we get Cyber Essentials if we aren&#8217;t based in the UK?

Accepted Answer

Yes because Cyber Essentials is an internationally recognised standard. We have helped many international organisations achieve Cyber Essentials. In many cases, these businesses want certification to increase credibility within the UK market.

Question 51

How can I check my Cyber Essentials certificate status?

Accepted Answer

You can quickly and easily find the information through the Cyber Essentials Certificate Search if you’d like to check a Cyber Essentials or Cyber Essentials Plus certification. This useful tool can be found on the IASME website and can tell you your certification numbers, what’s included in scope and the date of certification because for many businesses they'll have two dates, one for Cyber Essentials and another for Cyber Essentials Plus.

Better yet, you can use this tool to check on other organisations you may be working with right now or who you’re thinking about working with in the future, this will allow you to determine if the business has solid technical controls in place.

Question 52

What does the Cyber Essentials Plus audit look like?

Accepted Answer

The Cyber Essentials Plus audit is an independent verification of the controls to which you will attest to within the Cyber Essentials questionnaire. The auditor will run technical tests on a sample set of devices and the end users for these devices must be present. So long as the Cyber Essentials questionnaire has been answered correctly, your organisation should be able to pass the Cyber Essentials Plus standard.

Question 53

Does vSOC Recon cover remote or off-network devices?

Accepted Answer

Absolutely. Our agent-based technology allows continuous monitoring of devices even when they’re off-network. This is essential for hybrid and remote workforces, ensuring that no device falls outside your security perimeter.

Question 54

Can vSOC Recon help with compliance requirements?

Accepted Answer

Yes. The vSOC Connect Console provides compliance-focused dashboards and reporting for standards like Cyber Essentials, ISO 27001 and PCI DSS. It also highlights high-risk vulnerabilities that could result in compliance failure, helping you address them before audits or assessments.

Question 55

How often should vulnerability scans be run?

Accepted Answer

Point-in-time scanning (e.g. monthly or quarterly) can leave you exposed between scans. vSOC Recon delivers real-time scanning and reporting, helping you reduce exposure windows and stay ahead of evolving threats.

Question 56

How is vSOC Recon different from other vulnerability scanners?

Accepted Answer

Many tools just report vulnerabilities based on CVSS scores; vSOC Recon also considers exploitability, asset criticality and business impact to prioritise remediation efforts. vSOC Recon combines real-world threat intelligence, SOC analyst support, and strategic guidance to turn results into meaningful actions.

Question 57

What are the 5 core technical controls within Cyber Essentials?

Accepted Answer

The five core controls are:
Boundary Firewalls & Internet Gateways | Secure Configurations | Access Controls | Malware Protection | Security Updates

However, due to the complexity and ever-evolving nature of the threat landscape, not all of the Cyber Essentials requirements fit neatly into these five controls. The reason for this is the scheme's aim being to keep organisations protected against the most common cyber attacks, which can only be achieved if the NCSC and IASME regularly revise the criteria as a defence against emerging threats.

Question 58

What are Cyber Advisors?

Accepted Answer

A Cyber Advisor is a specialist who offers advice and assistance to organisations aiming for the Cyber Essentials certification. They assist organisations in understanding the certification process, evaluating their existing security protocols, and establishing the required safeguards to fulfil the certification criteria. To become a Cyber Advisor, a person needs to meet a strict criteria themselves and pass tests proving their expertise. Plus, they have to work for a company who is accredited as an Assured Service Provider.

Due to the rigorous testing, the advisors have thorough knowledge of cyber security best practices and can customise their advice to address the unique needs and challenges of each organisation. Advisors collaborate closely with organisations to pinpoint vulnerabilities, formulate a plan to achieve the certification and work with you throughout the implementation stage to ensure your business is meeting the Cyber Essentials framework.

Data Connect are proud to be an Assured Service Provider and have Cyber Advisors on hand to help organisations with the certification process.

Question 59

How long does it take to achieve Cyber Essentials certification?

Accepted Answer

Time frames vary, but with tools like vSOC CERT, most organisations can achieve certification within a very short time, depending on the scope. The main reason for failing to achieve certification are vulnerabilities and the inability to identify and fix them. CERT has a tool to help with this, and ongoing monitoring ensures you stay compliant year-round.

Question 60

How often does Cyber Essentials need to be renewed?

Accepted Answer

Cyber Essentials and Cyber Essentials Plus certifications are valid for 12 months. Reassessment is required annually to maintain compliance. If aiming for Plus, it is mandated that you get this within 3 months of certifying for Cyber Essentials.

Question 61

Can managed firewall services integrate with Managed Detection &#038; Response (MDR)?

Accepted Answer

Yes. You can optionally add vSOC Alert, our MDR service powered by Google SecOps, directly into your firewall management plan. This delivers deeper threat detection across your network.

Question 62

How quickly can you respond to a firewall issue or outage?

Accepted Answer

Our team provides regular monitoring, we detect problems proactively and respond swiftly to minimise risk and downtime. We are proud to have an average response time for support requests of under 25 minutes via the vSOC Connect Console.

Question 63

What’s the difference between co-managed and fully managed firewall services?

Accepted Answer

In a co‑managed model, you retain some in-house control over your firewall, while we provide expert oversight, updates, and support. Our team of experts delegates everything; configuration, patching, monitoring, and incident response to our certified team, providing a turnkey solution.

Question 64

How does vSOC Assure compare our risk to industry standards?

Accepted Answer

We incorporate industry data to show how your cyber maturity stacks up against industry peers, helping contextualise your risk profile and highlight opportunities for competitive resilience.

FAQs

What is a CISO?

Your Details

Popular Searches

FAQs

What is a CISO?

Share

Get in Touch

Talk to an expert

Your Details