Raytheon Systems Limited

Raytheon Advanced Cyber Solutions (ACS) Virtual Security Operating Centre (V-SOC)

Raytheon’s V-SOC service takes a new approach to managed security by automating much of the traditional Managed Security Services model through its Automated Threat Intelligence Platform (ATIP) and allowing analysts to spend their time conducting advanced analytics and network hunting for threats that can circumvent traditional security controls.


  • Advanced analytics and machine learning technologies.
  • Experienced threat-hunters analyse network and host data for threats
  • Vendor agnostic. We work with your existing systems.
  • Our service supports and integrates into our clients.
  • We work alongside existing security teams.
  • All data stays within the customer environment.


  • Proprietary Automated Threat Intelligence Platform technology.
  • Tuning performed on client tools stays with the client.
  • Advanced detection and proactive threat hunting.
  • 24/7 coverage.
  • Extensive expertise in best-of breed toolsets.
  • Focuses on advanced threats, tactics, techniques and procedures.
  • Leverages client’s current security toolset.
  • Maintains client control over sensitive security data.
  • Works alongside client to mature existing security posture.


£458 to £2750 per person per day

Service documents

G-Cloud 10


Raytheon Systems Limited

David Cheung

0161 452 1409


Service scope

Service scope
Service constraints Raytheon need to implement a Virtual Private Network to allow analysts to view customer data. This service will not be usable on air-gapped systems.

The customer will need to have security systems in place on desired networks in order to use this service.
System requirements
  • Virtual Private Network Access
  • Terminal Server with client to access their security systems

User support

User support
Email or online ticketing support Email or online ticketing
Support response times Typical response:
Notification of receipt: approximately 15 minute
Response to support email: Critical priority as soon as possible. Standard priority approximately 24 hours.

Responses at weekend are lowered.
User can manage status and priority of support tickets No
Phone support No
Web chat support No
Onsite support Yes, at extra cost
Support levels Email support provided as standard. Increased levels of support may be available through discussions with customer. All customers are assigned a Technical Account Manager and a Support Engineer who are able to manage the support relationship with the customer.
Support available to third parties No

Onboarding and offboarding

Onboarding and offboarding
Getting started Raytheon provide a visibility check and set up service with the customer, to ensure that the correct logs and feeds are set up. There is no training needed for the customer.

Raytheon work with the customer to design the methodology for raising and managing incidents as per the customer's needs.
Service documentation No
End-of-contract data extraction There is no data to extract. All data is kept in the customer's systems.
End-of-contract process At the end of a contract, Raytheon would remove its proprietary tool, ATIP, from the customer's systems. Raytheon would also remove the Virtual Private Network from its and the customer's systems.

Using the service

Using the service
Web browser interface No
Command line interface No


Scaling available Yes
Scaling type Automatic
Independence of resources Demand is monitored and analysts are assigned to the customer based on demand to ensure a consistent level of service.
Usage notifications No


Infrastructure or application metrics No


Supplier type Not a reseller

Staff security

Staff security
Staff security clearance Conforms to BS7858:2012
Government security clearance Up to Developed Vetting (DV)

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations United Kingdom
User control over data storage and processing locations Yes
Datacentre security standards Managed by a third party
Penetration testing frequency At least once a year
Penetration testing approach In-house
Protecting data at rest
  • Physical access control, complying with another standard
  • Encryption of all physical media
Data sanitisation process Yes
Data sanitisation type Hardware containing data is completely destroyed
Equipment disposal approach A third-party destruction service

Backup and recovery

Backup and recovery
Backup and recovery No

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
Data protection within supplier network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

Availability and resilience
Guaranteed availability The availability of the designed service is agreed with the client and implemented with the application vendors and hosting providers.
Approach to resilience The Virtual Security Operating Centre has resiliency built into its design. More information available on request.
Outage reporting Any outages are reported via email.

Identity and authentication

Identity and authentication
User authentication Other
Other user authentication The customer users do not access the service.
Access restrictions in management interfaces and support channels The customer users do not access the service. Support channels are operated via email and a designated technical account manager.
Access restriction testing frequency At least once a year
Management access authentication Other
Devices users manage the service through Dedicated device on a segregated network (providers own provision)

Audit information for users

Audit information for users
Access to user activity audit information No audit information available
Access to supplier activity audit information Users contact the support team to get audit information
How long supplier audit data is stored for At least 12 months
How long system logs are stored for At least 12 months

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification Yes
Who accredited the ISO/IEC 27001 BSI
ISO/IEC 27001 accreditation date 23/03/2017
What the ISO/IEC 27001 doesn’t cover Raytheon R0 network.
ISO 28000:2007 certification No
CSA STAR certification No
PCI certification No
Other security certifications Yes
Any other security certifications
  • Cyber Essentials Plus
  • ISO 9001:2008

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance certified Yes
Security governance standards ISO/IEC 27001
Information security policies and processes As laid down in ISO 27001 and List-X/STRAP, Raytheon ensures full compliance with respective requirements. Raytheon's computer network, R0, holds Cyber Essentials Plus certification. Site Information Assurance (IA) Security Managers (IASMs) ensure that all security and IA policies and processes are complied with. Responsibility for IA and security lies with Chief Security Officer (CSO) and Chief Information Security Officer (CISO). IASMs also have responsibility for physical security / alarms / access control. Security management plans, and Concept of Operations are available for each Raytheon site.

Operational security

Operational security
Configuration and change management standard Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Configuration and change management approach Raytheon have a defined set of internal governance processes as per our ISO27001:2013 [certified] & ISO9001:2015 accreditation programmes to manage change and configuration control, which have been reviewed and approved by external accreditors.
Vulnerability management type Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Vulnerability management approach IT Healthchecks are carried out on Raytheon's internal network, R0, on a annual basis. All Project Unique Environments (PUEs) once constructed, will be penetration tested to ensure compliance with current requirements. On PUEs, patches are deployed on a quarterly basis. Any critical patches are engaged within 48 hours. Information about potential threats is provided by the Ministry of Defence Joint Cyber Unit Computer Emergency Response team and is supplemented by other sources (Microsoft, Red Hat, etc.)
Protective monitoring type Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Protective monitoring approach Raytheon use IBM's Q-Radar Security Information and Event Management (SIEM) to collate log data from an agreed set of server and network based end-points. Log files are pulled to a number of 'collectors' deployed across the enterprise which collate security, system, network, application and database logs in near-real time (c. 300 per second). Log files are sent to the Raytheon Security Operating Centre (SOC) analyst, who analyses the logs for anomalies and / or potential breaches. In the event suspicious activities are detected, the SOC analyst initiates and incident response commensurate with the nature of the event.
Incident management type Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
Incident management approach Incidents are reported to the Raytheon IT Service Desk. Thereafter, the security controller and/or a member of Information Assurance (IA) Security and Compliance (IASC) is charged with conducted a severity vs. impact assessment. Both the incident report and severity / impact assessment are transferred to the incident management database (accessible only by the IASC team) before the security manager and/or Head of IASC determine whether the incident can be resolved locally or requires escalation to the Senior Leadership Team. Incidents are reported to the relevant externally authority within two workind days.

Secure development

Secure development
Approach to secure software development best practice Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Separation between users

Separation between users
Virtualisation technology used to keep applications and users sharing the same infrastructure apart No

Energy efficiency

Energy efficiency
Energy-efficient datacentres Yes


Price £458 to £2750 per person per day
Discount for educational organisations No
Free trial available No


Pricing document View uploaded document
Skills Framework for the Information Age rate card View uploaded document
Terms and conditions document View uploaded document
Return to top ↑