Ve3 Global Ltd

SIEM as a Service - Managed Detection and Response (MDR) (Azure Sentinel or IBM QRadar)

Our service provides round-the-clock monitoring of your IT Infrastructure to detect, investigate, notify & respond to incidents & potential threats affecting your organization. Using SIEM as a Service, VE3 provides MDR, powered by IBM QRadar & Microsoft Sentinel with real-time log analytics, threat hunting and advanced SOAR technology

Features

• 24/7 monitoring and identification of threat detection
• Threat Response - 24/7 threat containment and triaging
• Weekly security operations meetings, led by Senior Analysts
• SIEM Technology - Powered by IBM QRadar / Microsoft Sentinel
• Daily, weekly and monthly reports with granular statistical graphing

Benefits

• 24/7 Incident response by GCIH certified incident handlers.
• Incident Containment & Triage Contain threats via incident playbooks
• Cloud Native: Azure, AWS, Office365, Oracle Cloud & more.
• Reduced Cost & Complexity & up/ downscale effortlessly.
• Improved Speed of detection & response.

£175 to £850 a unit

• Education pricing available

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at prime@ve3.global. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

110052508650584

Contact

Nikhil Alex
02045520840
prime@ve3.global

Service scope

• Software add-on or extension: Yes, but can also be used as a standalone service
• What software services is the service an extension to: Security Monitoring for threat detection and incident response for all Software services
• Cloud deployment model: Private cloud
• Service constraints: Planned maintenance for software upgrades scheduled on Quarterly basis on Thursday UK morning hours for over 30 minutes. This does not affect security log collection. It only affects real-time monitoring during upgrade activity.
• System requirements:
  • Local host for Event Collector
  • Local host for WinCollect (Windows Event Collector)
  • Site to Site VPN

User support

• Email or online ticketing support: Yes, at extra cost
• Support response times: For existing clients we have response time of 15mins for Security Incidents and Service tickets with P1 severity.; ; For all other requests we respond within 30mins.
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: None or don’t know
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), 7 days a week
• Web chat support: Yes, at an extra cost
• Web chat support availability: 9 to 5 (UK time), 7 days a week
• Web chat support accessibility standard: None or don’t know
• How the web chat support is accessible: Web Chat is accessible for existing clients. Through our web chat, client can raise service requests for additional information about incident tickets, incident investigation or generate ad-hoc reports.
• Web chat accessibility testing: Web chat testing for assistive technology users is yet to be performed.
• Onsite support: Yes, at extra cost
• Support levels: 1. We provide incident response support to all our customers. Critical and major incidents are support by our L3/L4 level Engineers and Minor are supported by L2 Engineers.; 2. Additionally, clients can raise service requests with our team for support, ad-hoc reports or any specific queries. Depending on the severity of the service requests, SOC team responds within the SLA period.; 3. We also have dedicated Service Delivery Manager (SDM) identified for each customer. He/She is responsible for quality of service, coordination, escalations and to ensure timely delivery of our services to the client.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: Dedicated Service Delivery Manager (SDM) is appointed for every customer. SDM will setup a meeting with clients to help them understand the process to get started. This is followed by online training along with sharing user documentation.
• Service documentation: Yes
• Documentation formats: PDF
• End-of-contract data extraction: Once the contract ends, The Team will extract client data and share it with client in password protected file.
• End-of-contract process: At the end of the contract, we inform client about the cut-off date and time of the service. Post that we extract client data and share it with client. After this we off-board client from the SIEM platform.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: No difference in services and features.
• Service interface: Yes
• User support accessibility: None or don’t know
• Description of service interface: 1. Users can subscribe to different types and levels of services once Onboarded on our platform.; 2. Every customer is provided with Admin rights to select the type of service and the level of service he/she wants to subscribe to; 3. Users can not perform activities such as on-boarding of Log Sources, Use-case additions/modification, Off-boarding of Log Sources, schedule ad-hoc reports
• Accessibility standards: None or don’t know
• Description of accessibility: Following activities are permitted on web interface; 1. Create and responding to security incidents raised on our incident management platform - VE3; 2. Create and respond to service requests for ad-hoc incident investigation, reports and specific details to SOC team; 3. Run custom SIEM queries any time; 4. Create custom dashboard and monitor any time; 5. Upload or download scheduled and ad-hoc reports any time
• Accessibility testing: N/A
• API: Yes
• What users can and can't do using the API: APIs are provided to support integration with client side ticketing system. Using API's following operations can be performed:; 1. Fetching details for the ticket; 2. Submitting request tickets; 3. Modifications to open tickets; 4. Fetching reports
• API documentation: Yes
• API documentation formats: PDF
• API sandbox or test environment: Yes
• Customisation available: Yes
• Description of customisation: Customisation is possible for count and type of devices to be integrated under MDR service

Scaling

• Independence of resources: We configure threshold limit for every customer to ensure that there is NO impact, because of sudden resource demand from other clients. Additionally we have dedicated team 24x7 to continuously monitor platform resource utilization to ensure that all clients have sufficient buffer for sudden/spikes in demands.

Analytics

• Service usage metrics: Yes
• Metrics types: Incident SLA metrics; Service Request SLA metrics; Mean Time to Respond (MTTR); Service Up-time
• Reporting types:
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

• Supplier type: Reseller providing extra features and support
• Organisation whose services are being resold: Sentinel

Staff security

• Staff security clearance: Conforms to BS7858:2019
• Government security clearance: Up to Developed Vetting (DV)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: Yes
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least every 6 months
• Penetration testing approach: In-house
• Protecting data at rest:
  • Physical access control, complying with CSA CCM v3.0
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Physical access control, complying with another standard
  • Scale, obfuscating techniques, or data storage sharding
  • Other
• Other data at rest protection approach: Additionally, data collected is protected from tampering by using hasing function in IBM QRadar. This prevents tampering of data when stored or backed-up.
• Data sanitisation process: Yes
• Data sanitisation type: Explicit overwriting of storage before reallocation
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

• Data export approach: Users can raise service request to export data. Exported data will be shared with customer up loading it on the client platform
• Data export formats:
  • CSV
  • Other
• Other data export formats: XML
• Data import formats:
  • CSV
  • Other
• Other data import formats: XML

Data-in-transit protection

• Data protection between buyer and supplier networks: IPsec or TLS VPN gateway
• Data protection within supplier network: TLS (version 1.2 or above)

Availability and resilience

• Guaranteed availability: Our SLA for SIEM platform is 99%. For any SLA breach, users are compensated by giving equal number of service credits.
• Approach to resilience: Available on Request
• Outage reporting: All Planned outages are reported by opening a service request with individual customers who gets alerted by emails.; ; Email alerts are sent immediately for unplanned outages to inform clients about outages. Also update emails are sent every 30 minutes to inform customers about progress, expected ETA and recovery, including root cause analysis (RCA) as applicable.

Identity and authentication

• User authentication needed: Yes
• User authentication: 2-factor authentication
• Access restrictions in management interfaces and support channels: Access to management interface and support channels is provided on need-to-know and need-to-do basis. Access to management interface and support channels is provided only through VPN and protected with two-factor authentication. Access to this interface are monitored 24x7 for anomalies by SOC Team.
• Access restriction testing frequency: At least every 6 months
• Management access authentication:
  • 2-factor authentication
  • Dedicated link (for example VPN)

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: At least 12 months
• Access to supplier activity audit information: Users have access to real-time audit information
• How long supplier audit data is stored for: At least 12 months
• How long system logs are stored for: At least 12 months

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: Staunchly Management and system service limited
• ISO/IEC 27001 accreditation date: 06/01/2024
• What the ISO/IEC 27001 doesn’t cover: N/A
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: Yes
• Other security certifications: Yes
• Any other security certifications:
  • ISO 9000-1
  • ISO 20000-1
  • ISO 14000-1
  • ISO 22301

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: ISO/IEC 27001
• Information security policies and processes: We follow information security policies which are in compliant with ISO27001 standard, SANS CIS Security Guidelines and NIST Cyber Security Framework. Details can be provided on request.; ; We have identified a dedicated CISO responsible for manage information security at the organization level. CISO reports to Information Security Forum (ISF) which is chaired by COO.; ; Policy compliance is verified by multiple ways:; 1. External Audit - Yearly; 2. External ISO27001 Audit - Yearly; 3. Internal Audit - Yearly; 4. Vulnerability Assessment - monthly; 5. Penetration Testing - biannual; 6. PCI DSS ASV Scanning - quarterly; 7. SOC Monitoring 24x7

Operational security

• Configuration and change management standard: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Configuration and change management approach: Standardized methods and procedures based on ITIL guidelines are used for efficient and timely handling of all changes to platform components and their configuration. A change request is documented formally on the platform with information such as • Business driver(s) • Impact on business processes, systems and security impact • Change Schedule • Impacted Configuration Items (CI) • Change & Rollback procedure The documented Change Requests are submitted to the Change Advisory Board (CAB) for review. Any security impact due to the change is also assessed and discussed in CAB meeting
• Vulnerability management type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Vulnerability management approach: We have a dedicated team responsible for vulnerability management. This team is responsible to schedule multiple security tests such as: 1. Host Discovery scan 2. Authenticated Vulnerability Scan 3. Misconfiguration Scan 4. Policy Compliance 5. Web Application Security Testing 6. Source Code Review. Results of the tests are thoroughly analyzed and shared with the engineering team with proposed remediation. As practice all critical vulnerabilities are fixed within 24 hours and for rest monthly patching cycle is applied. The team keeps tap of all potential threats by looking for alerts on our commercial threat intelligence platform for the technologies we use.
• Protective monitoring type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Protective monitoring approach: Our infrastructure is protected with industry leading preventive and detective security technologies to detect cyber attacks from external and internal network. We have 24x7 SOC monitoring team with experienced SANS certified cyber incident handler. Our SOC is powered by real-time analytics & IBM QRadar with advanced Correlation & ML to detect complex threats.With documented and full tested incident playbooks & IBM Resilient as SOAR platform, our team can perform detection, analysis & notification of critical cybersecurity incidents within 15 minutes.
• Incident management type: Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
• Incident management approach: Incident management takes a high priority for us, managed exclusively by Security Incident Response Team (SIRT). SIRT Team consists of identified team members from Senior Management, IT, CISO, HR, Legal, Administration and Operations Team. We have pre-defined processes to handle most common incidents and well documented plans to handle major incidents. These are tested at regular intervals by table-top exercise and simulations. Users can report incidents by sending an email to a dedicated SIRT email id or by reporting to CISO of their immediate managers. Incident reports are shared by email to the identified stakeholders and on demand.

Secure development

• Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Covid-19 recovery
  • Tackling economic inequality
  • Equal opportunity
  • Wellbeing

  Fighting climate change

  Our G-Cloud service provision is deeply committed to fighting climate change, recognizing the urgent need for collective action to address environmental challenges. Here's how our services deliver against this social value theme: ; ; Environmental Sustainability in Operations: ; ; We prioritize running efficient operations to reduce emissions and minimize environmental impacts. This includes implementing energy-efficient practices, optimizing resource usage, and adopting renewable energy sources wherever possible within our data centers and infrastructure. ; ; Promoting Sustainable Practices: ; ; VE3 actively engages with our suppliers and clients to promote sustainable business practices. Through our services, we advocate for the adoption of environmentally friendly technologies, responsible sourcing, and waste reduction strategies, thereby reducing carbon footprints across the supply chain. ; ; Responsible by Design Framework: ; ; Our G-Cloud services adhere to a 'Responsible by Design' framework, ensuring that environmental considerations are integrated into the development and deployment of digital solutions. By prioritizing environmental protection and minimizing negative impacts, we strive to deliver sustainable outcomes for our clients. ; ; Training and Education: ; ; VE3 invests in training and education programs focused on environmental sustainability. Through initiatives like the Sustainability Quotient (SQ) training, we equip our teams with the knowledge and skills to adopt climate-smart behaviors and implement environmentally conscious practices in their work. ; ; Community Engagement: ; ; We actively engage with communities to support environmental objectives and promote climate action. By partnering with local organizations and stakeholders, we contribute to initiatives aimed at addressing climate change, such as tree planting programs, clean energy projects, and environmental education campaigns.

  Covid-19 recovery

  Our G-Cloud service provision plays a crucial role in supporting the COVID-19 recovery effort by facilitating resilience, adaptation, and innovation in the face of unprecedented challenges. Here's how our services contribute to the recovery process: ; ; Remote Work Enablement: ; ; VE3's digital solutions empower organizations to transition to remote work seamlessly. By providing secure and reliable cloud-based infrastructure, collaboration tools, and remote access solutions, we enable businesses to maintain productivity while ensuring the safety and well-being of their employees. ; ; Business Continuity Planning: ; ; We assist organizations in developing and implementing robust business continuity plans to mitigate disruptions caused by the pandemic. Our services include data backup and recovery solutions, disaster recovery planning, and resilience testing to ensure operational continuity in the face of unforeseen events. ; ; Digital Transformation Acceleration: ; ; VE3 accelerates digital transformation initiatives to help organizations adapt to the new normal. By modernizing legacy systems, implementing cloud-based technologies, and digitizing processes, we enable businesses to optimize efficiency, improve agility, and remain competitive in a rapidly evolving landscape. ; ; Healthcare Support Solutions: ; ; We provide specialized healthcare support solutions to assist frontline workers and healthcare organizations in responding to the COVID-19 crisis. This includes telemedicine platforms, patient management systems, and data analytics tools to enhance patient care, streamline operations, and support decision-making processes. ; ; Economic Stimulus through Innovation: ; ; VE3 fosters innovation and entrepreneurship to stimulate economic recovery in the aftermath of the pandemic. Through our G-Cloud services, we support startups, small businesses, and enterprises in developing and deploying innovative solutions that address emerging challenges, create new opportunities, and drive economic growth.

  Tackling economic inequality

  We recognize the importance of tackling economic inequality and are committed to leveraging our G-Cloud service provision to address this pressing social issue. Here's how our services contribute to tackling economic inequality: ; ; Access to Affordable Technology: ; ; We strive to make cutting-edge technology accessible and affordable to all, regardless of economic status. By offering scalable and cost-effective cloud-based solutions, we enable organizations, including small and medium-sized enterprises (SMEs) and underserved communities, to access the tools and resources they need to compete in the digital economy. ; ; Skills Development and Training: ; ; VE3 invests in skills development and training programs to empower individuals with the knowledge and expertise needed to thrive in the digital age. Through initiatives like online courses, certifications, and workshops, we equip people from diverse backgrounds with the skills required for high-demand roles in technology and innovation, thereby enhancing their employability and economic prospects. ; ; Support for Minority-Owned Businesses: ; ; We actively support minority-owned businesses and entrepreneurs by providing access to mentorship, networking opportunities, and resources to help them grow and succeed. Through initiatives like supplier diversity programs and partnerships with minority business organizations, we promote inclusion and diversity in the technology sector and contribute to creating more equitable economic opportunities. ; ; Digital Inclusion Initiatives: ; ; VE3 is committed to promoting digital inclusion and bridging the digital divide by ensuring that everyone has access to essential digital services and technologies. We collaborate with governments, nonprofits, and community organizations to implement initiatives such as digital literacy programs, affordable internet access schemes, and community technology centers, thereby empowering underserved populations and promoting economic equity. ; ; Fair and Transparent Procurement Practices: ; ; We adhere to fair and transparent procurement practices to create opportunities for businesses of all sizes and backgrounds to participate in government contracts and procurement processes.

  Equal opportunity

  We recognize the importance of tackling economic inequality and are committed to leveraging our G-Cloud service provision to address this pressing social issue. Here's how our services contribute to tackling economic inequality: ; ; Access to Affordable Technology: ; ; We strive to make cutting-edge technology accessible and affordable to all, regardless of economic status. By offering scalable and cost-effective cloud-based solutions, we enable organizations, including small and medium-sized enterprises (SMEs) and underserved communities, to access the tools and resources they need to compete in the digital economy. ; ; Skills Development and Training: ; ; VE3 invests in skills development and training programs to empower individuals with the knowledge and expertise needed to thrive in the digital age. Through initiatives like online courses, certifications, and workshops, we equip people from diverse backgrounds with the skills required for high-demand roles in technology and innovation, thereby enhancing their employability and economic prospects. ; ; Support for Minority-Owned Businesses: ; ; We actively support minority-owned businesses and entrepreneurs by providing access to mentorship, networking opportunities, and resources to help them grow and succeed. Through initiatives like supplier diversity programs and partnerships with minority business organizations, we promote inclusion and diversity in the technology sector and contribute to creating more equitable economic opportunities. ; ; Digital Inclusion Initiatives: ; ; VE3 is committed to promoting digital inclusion and bridging the digital divide by ensuring that everyone has access to essential digital services and technologies. We collaborate with governments, nonprofits, and community organizations to implement initiatives such as digital literacy programs, affordable internet access schemes, and community technology centers, thereby empowering underserved populations and promoting economic equity. ; ; Fair and Transparent Procurement Practices: ; ; We adhere to fair and transparent procurement practices to create opportunities for businesses of all sizes and backgrounds to participate in government contracts and procurement processes.

  Wellbeing

  Environmental Sustainability: We are committed to environmental sustainability as a core component of wellbeing. By prioritizing eco-friendly practices, resource conservation, and carbon reduction efforts in our operations and services, we contribute to creating a healthier and more sustainable environment. We prioritize the wellbeing of individuals and communities in all aspects of our G-Cloud service provision. ; ; User-Centric Design: VE3 designs our G-Cloud services with a user-centric approach, prioritizing usability, accessibility, and intuitive design. By focusing on the needs and preferences of users, we create digital experiences that enhance overall wellbeing by reducing frustration, stress, and cognitive load. ; ; Health and Safety Protocols: We implement robust health and safety protocols to protect the wellbeing of employees, clients, and partners. This includes adherence to strict security standards, data privacy regulations, and compliance with industry best practices to ensure the safety and integrity of our digital infrastructure and services. Promotion of Work-Life ; ; Balance: VE3 recognizes the importance of work-life balance in maintaining overall wellbeing. Through our G-Cloud services, we enable remote work, flexible scheduling, and collaboration tools that empower individuals to achieve a healthy balance between their professional and personal lives, leading to greater job satisfaction and wellbeing. ; ; Mental Health Support: We prioritize mental health support for our employees and clients by offering resources, programs, and initiatives aimed at promoting mental wellbeing. This includes access to counseling services, mindfulness training, stress management workshops, and employee assistance programs designed to support individuals in times of need. Community ; ; Engagement and Social Impact: VE3 actively engages with communities to address social determinants of health and promote holistic wellbeing. Through partnerships, philanthropic initiatives, and volunteer efforts, we support local organizations and projects focused on improving access to healthcare, education, housing, and other essential services that contribute to overall community wellbeing.

Pricing

• Price: £175 to £850 a unit
• Discount for educational organisations: Yes
• Free trial available: No

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at prime@ve3.global. Tell them what format you need. It will help if you say what assistive technology you use.