ESET UK Limited

ESET Threat Intelligence, Telemetry & Intelligence Feeds

ESET’s Threat Intelligence service provides global knowledge gathered by ESET experts on targeted attacks, botnet activity detection, advanced persistent threats (APTs), zero-days and botnet activities. Our comprehensive services offer real-time monitoring, threat analysis, potential risk detection, potential risk mitigation and actionable insights before they can impact your operations.

Features

• MALICIOUS FILES FEED - Realtime Malware information, IOC characteristics.
• DOMAIN FEED - Block malicious domains, names, ip addresses
• URL FEED Block malicious addresses and hosting domain insights
• BOTNET FEED Tracks botnets activity, Command & Control servers
• Botnet tracking targets, includes detections, hash, last alive
• IP FEED understand malicious IP prevalence, block malicious Ips
• APT FEED Real time threat landscape alerting, proactive security.
• APT THREAT REPORTING - Access detailed PDF reports,
• Threat reports, threat hunting, data on adversaries and their activities.
• Vulnerability intelligence through attack vector analysis, understand threat actor behaviour

Benefits

• Metadata-rich and detailed feeds, reduced false positives
• Low-size data, high relevancy data, deduplicated and confidence-scored data
• Advanced filtering, threat vectors, researcher insights and security intelligence
• Market-leading, especially in botnet data, botnet data intelligence, botnet visibility
• Low maintenance requirements due to curated content and threat data
• Real-time feeds - prevalent, updated and real-time IoCs
• Seamless integration process, our threat intelligence solutions within your environment.
• Customized reports, analyses, tailored threat insights aligning to your needs
• Improved security posture, supply chain and real time monitoring,
• Real-time alerting, real-time monitoring, security operations intelligence, threat investigation

£39,000 to £234,000 a unit a year

• Free trial available

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at gabriel.leroux@eset.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

114550873054463

Contact

Gabriel Le Roux
01202 405405
gabriel.leroux@eset.com

Service scope

• Software add-on or extension: No
• Cloud deployment model: Public cloud
• Service constraints: Customer must have their their own SIEM, SOAR or TIP platform
• System requirements:
  • Internet Access
  • SIEM, SOAR or TIP Platform

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Typically within one working day
• User can manage status and priority of support tickets: No
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: No
• Onsite support: No
• Support levels: Standard Support is included from 8:30 to 17:00 MON - FRI in the form of a ticketing system.
• Support available to third parties: No

Onboarding and offboarding

• Getting started: We offer full documentation and initial training on how to integrate into your platforms.
• Service documentation: Yes
• Documentation formats: HTML
• End-of-contract data extraction: The service stops working, we hold no user data.
• End-of-contract process: Any supplied feeds cease to work, contract ends, and the customer chooses to keep any historical data.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
• Application to install: No
• Designed for use on mobile devices: No
• Service interface: Yes
• User support accessibility: None or don’t know
• Description of service interface: Our feeds are delivered in either TAXII 1.1 or TAXII 2.1 and can be in the form of JSON or STIX 2.1
• Accessibility standards: None or don’t know
• Description of accessibility: We have not tested the feeds for accessibility
• Accessibility testing: We have not tested the interface for accessibility
• API: No
• Customisation available: No

Scaling

• Independence of resources: N/a

Analytics

• Service usage metrics: No

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Staff screening not performed
• Government security clearance: None

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: European Economic Area (EEA)
• User control over data storage and processing locations: Yes
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least once a year
• Penetration testing approach: In-house
• Protecting data at rest:
  • Physical access control, complying with CSA CCM v3.0
  • Other
• Other data at rest protection approach: Data at rest are encrypted with Azure encryption by default:; https://learn.microsoft.com/en-us/azure/security/fundamentals/encryption-overview. We can provide more details upon a request.
• Data sanitisation process: Yes
• Data sanitisation type:
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

• Data export approach: This would be done through the customer's own SIEM, SOAR or TIP platform
• Data export formats: Other
• Other data export formats:
  • Not offered
  • Would be done through customer's own SIEM, SOAR, TIP platform
• Data import formats: Other
• Other data import formats:
  • Not offered
  • Would be done through customer's own SIEM, SOAR, TIP platform

Data-in-transit protection

• Data protection between buyer and supplier networks: Other
• Other protection between networks: Authentication tokens are used when the feeds are configured.
• Data protection within supplier network: TLS (version 1.2 or above)

Availability and resilience

• Guaranteed availability: Our target is to provide 99.5% service availability. Our effort and well-defined processes drive this endeavour. In the event of an ESET PROTECT (console) service outage, endpoints remain secure and unaffected. With ESET Professional Services we guarantee Response Time based incident severity level: Critical - 2 hours, Serious - 4 hours, Common - 1 workday.
• Approach to resilience: Datacenters hosting instances themselves are hosted in Azure. We store data in 2 geo-locations within the selected instance region. More information is available on request.
• Outage reporting: We inform console administrators about maintenance in advance in the console itself. Status of the service is monitored actively. Public dashboard is available at https://status.eset.com

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Username or password
• Access restrictions in management interfaces and support channels: We apply least privileges principle. Only defined staff are eligible to access the data and based on support case only.
• Access restriction testing frequency: At least once a year
• Management access authentication:
  • 2-factor authentication
  • Username or password

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: User-defined
• Access to supplier activity audit information: Users have access to real-time audit information
• How long supplier audit data is stored for: User-defined
• How long system logs are stored for: User-defined

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: SGS United Kingdom Ltd.
• ISO/IEC 27001 accreditation date: 05/10/2018
• What the ISO/IEC 27001 doesn’t cover: Extend of mandatory certified part: 1. Extend of Integrated Management System mandatory certified part implementation is bordered by: a. Location (ESET HQ, offices in Bratislava, H1 hosting); b. All organizational units of ESET, included in core processes, subprocesses and all process which support the core processes (Management process, Core processes, Supporting processes); c. All organizational units of ESET Group, included in development, operation and delivery of cloud solution management processes and subprocesses (ESET Protect HUB, ESET Protect Cloud, ESET Business Account, Cloud MDM, ESET MSP Administrator, ESET Cloud Offie Security, ESET Dynamic Threat Defense, ESET Inspect Cloud). 2. Information and communication systems being used in processes defined in par. b. and information and communication systems which supports them. There are no organizational units, processes, assets, information, information and communication systems nor localities excluded from scope as defined in part. 1.
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: Yes
• Other security certifications: Yes
• Any other security certifications: Data Protection Registration Certificate (ICO)

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards:
  • ISO/IEC 27001
  • Other
• Other security governance standards: ISO 9001
• Information security policies and processes: We stick to ISO 27001 standard and have information security policy in place. We have CISO and Internal security team who is responsible for internal processes definition, alignment with best security principles. Employees are periodically trained in security and must report any security incident via agreed channels.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: Change is prepared and planned together with all relevant teams including QA and security and approved by necessary stakeholders, depending on nature of change. Software or configuration changes are prepared and deployed over DEV environment. Once basic, mostly automated, tests are passed and desired functionality is delivered by change, the change is deployed to TEST environment where more rigorous testing including integration testing is performed automatically or manually. After successful testing the change is deployed over PROD.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: Services are periodically scanned for vulnerabilities when introduced to production. One part of vulnerability assessment system is checking missing patches. In case of any missing patches we prepare new "gold" image which is deployed on DEV/TEST environment to undergo internal tests and vulnerability assessment. Right after a verification image is deployed to PRODUCTION environment. Patches are applied as soon as possible or in patching windows. We use our own security research along with 3rd party vulnerability resources and also OSINT.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: We have monitoring systems like perimeter firewalls, IDS, OS hardening and internal SOC team. Response to potential incident is defined in internal policies. Measures found during lessons learned are applied. We have 24/7 internal security monitoring to ensure all incidents are addressed and responded.
• Incident management type: Supplier-defined controls
• Incident management approach: This is covered in Incident Response Procedures. Incidents response process is divided into 6 phases that cascade to incident closure - preparation, identification, containment, eradication, recovery, Lessons learned. Users can report incidents via ESET's ticketing system ( VIA Tech Support) . Incident reports are available to incident stakeholders only (IT, Internal security etc.)

Secure development

• Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  • Equal opportunity
  • Wellbeing

  Equal opportunity

  ESET’s Code of Ethics and Integrity is based on ESET values and reflects the culture of; integrity and high standards to which we hold ourselves. It is an important resource to; help us, as employees, to make the right decisions and take actions that are consistent; with ESET’s vision, mission, values, and our pledge to society. Everything we do,; we try to do honestly and transparently. We honour our commitments and take; responsibility for all our actions. We obey the law, act in accordance with regulations; and ensure that our partners and clients can always rely on us.

  Wellbeing

  As an employer we aim to create and promote a workplace environment that supports and promotes the well-being of all employees. We understand that exercise, mental health and well-being go hand in hand.

Pricing

• Price: £39,000 to £234,000 a unit a year
• Discount for educational organisations: No
• Free trial available: Yes
• Description of free trial: Web Portal to show all data you would see and how you can implement it into your own systems.
• Link to free trial: This is on request

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at gabriel.leroux@eset.com. Tell them what format you need. It will help if you say what assistive technology you use.