How CyberLab Delivered Sophos Taegis MDR to East Lothian Council

Before partnering with CyberLab, East Lothian Council had a clear set of operational priorities. The council needed to enhance its ability to detect, investigate and respond to cyber threats around the clock, across a diverse and complex IT environment.

The specific challenges were:

• Real-time visibility of malicious activity across the entire digital estate.
• Faster response capability to potential threats, with reduced time from detection to containment.
• Always-on security operations, beyond the working hours of an internal IT team.
• Speed of procurement and implementation, with the ability to assess, procure and deploy an advanced MDR solution within short timescales.
• A partner with deep public sector understanding, capable of supporting rapid deployment without disrupting essential services.
• Predictable total cost of ownership, with clear and consistent budgeting for long-term security operations.

The council needed a solution that elevated its threat monitoring and incident response capability, while respecting the unique operational and financial constraints of a local authority.

Working closely with the council’s security and infrastructure team, CyberLab assessed the available Managed Detection and Response options against East Lothian Council’s specific requirements. Sophos Taegis MDR was selected as the foundation for the council’s modernised security operations capability for several reasons.

First, it delivers true 24/7 threat detection, investigation and response. Sophos security analysts work alongside CyberLab’s team to monitor activity continuously, investigate alerts at depth, and contain threats before they escalate. For a local authority that cannot staff an internal SOC around the clock, this is transformative.

Second, Sophos Taegis MDR delivers something traditional SOC and SIEM-based models often fail to provide: budget certainty. Many MDR or SIEM solutions are priced on data ingestion or consumption, leaving organisations exposed to unpredictable costs as activity grows. Taegis MDR offers a predictable total cost of ownership, with no ingestion tuning, no SIEM build complexity, and no surprise charges. For public sector finance teams managing fixed annual budgets, that predictability is essential.

Third, Sophos Taegis integrates broadly with existing security tools, helping the council maximise the value of investments already made and avoid wholesale replacement of working technology.

CyberLab supported East Lothian Council through every stage of the project, combining technical expertise with a deep understanding of public sector procurement, governance and operational realities.

Rapid Procurement and Proof of Concept

The council operated under a short procurement window. CyberLab accelerated the process through a structured proof of concept, demonstrating Taegis MDR’s capability against the council’s specific environment and use cases. This allowed informed decision-making at pace, without the delays often associated with public sector technology procurement.

Deployment and Configuration

Once selected, CyberLab fully deployed and configured Sophos Taegis MDR across the council’s environment. Integration was tailored to the council’s existing security tools, maximising coverage while avoiding duplication of capability.

Seamless Onboarding

Public sector environments cannot tolerate operational disruption. Schools, social care, planning, refuse collection and dozens of other critical services depend on the digital estate. CyberLab designed the onboarding process to be seamless, transitioning the council into a fully managed MDR operation without interruption to live services.

Ongoing Strategic Support

Beyond deployment, CyberLab continues to provide strategic support and guidance tailored to public sector challenges. The relationship is consultative by design, with CyberLab acting as an extension of the council’s internal security team rather than a transactional vendor.

The implementation of Sophos Taegis MDR has materially strengthened East Lothian Council’s security operations capability. With real-time threat insights, expert analyst guidance and streamlined incident response, the council can focus on delivering essential services with greater confidence.

The key outcomes the council has realised include:

• Improved threat visibility, providing deeper situational awareness across the digital estate.
• Increased confidence in response capability, supported by expert MDR analysts working 24/7.
• Rapid and effective deployment, enabling operational protection in a short timeframe.
• Reduced operational strain, with CyberLab acting as an extension of internal security staff.
• Proactive vigilance and early threat identification, strengthening the council’s overall security posture.
• Predictable long-term operational costs, providing the budget certainty public sector teams need.

The partnership has enabled East Lothian Council to modernise its approach to security operations and adopt a robust, future-ready MDR foundation that supports a more resilient digital infrastructure for the communities it serves.

“East Lothian Council has been working closely with CyberLab to strengthen our security operations capability. Their support in implementing Sophos Taegis as our managed detection and response solution provided significantly improved visibility of threats across our environment and increased confidence in our ability to respond swiftly and effectively.

The procurement process and proof of concept were progressed at an impressive pace, with CyberLab able to facilitate rapid turnaround and accommodate short-notice requirements without disruption. They provide added value through proactive vigilance, consistently practical support, and a genuine understanding of local authority challenges.

CyberLab’s team have been responsive, knowledgeable and easy to work with throughout. Their expertise, combined with the capabilities of the Sophos Taegis MDR platform, has delivered tangible improvements to our overall security posture.”

For council CIOs, Heads of IT and security leaders considering how to elevate their security operations:

• MDR removes the need to build an internal SOC, giving public sector teams 24/7 capability without the recruitment burden.
• Predictable pricing matters. Avoid consumption-based MDR models that expose council budgets to unpredictable variance.
• Procurement speed is achievable. With the right partner, even complex MDR deployments can be assessed, procured and operational quickly.

Public sector understanding is essential. Choose a partner who understands legacy environments, service availability constraints, and the realities of local government operations.

CyberLab works with local authorities, NHS Trusts, central government departments and public sector institutions across the UK.

Our support spans:

• Managed Detection and Response through Sophos Taegis MDR and our Security Operations Centre service.
• Cyber Essentials and Cyber Essentials Plus certification, with over 1,500 certificates issued.
• Penetration testing and red teaming through our CREST and CHECK-approved testing teams.
• Strategic cyber security consultancy as an NCSC Cyber Advisor.
• Long-term partnership and ongoing support, tailored to the operational realities of public sector teams.

We’re trusted by over 1,200 organisations, including more than 60 NHS Trusts, to protect what matters most. Our approach combines technical rigour with practical, hands-on support, helping public sector organisations build modern, resilient security operations that scale with their needs.