2T Security Ltd

Evolve Security Automation

Evolve delivers on-demand specialist security capabilities that augment your teams, build security capabilities into your business, and maximize security budgets delivering greater coverage and improved security posture of your business.

This removes the need to hire additional employees, enabling your existing team to focus their time on strategic security activities.

Features

• Automated Penetration Testing
• Automated Leaked Password Monitoring
• Automated SIEM with EDR
• Automated Incident Response
• Automated DNS Sinkhole
• Automated Cyber Threat Intelligence

Benefits

• Unlimited EDR endpoints
• Rapid deployment of security tooling
• Increase frequency and quality of penetration testing
• Pay as you go feature use
• Demonstrate compliance with CAF, NIST, ISO27001, MITRE, and other frameworks
• Fully managed service available
• Faster response to incidents including evidence collection

£5,000 a licence a year

• Free trial available

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at tony.badsey-ellis@2t-security.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

172352389464617

Contact

Antony Badsey-Ellis
07711 037701
tony.badsey-ellis@2t-security.com

Service scope

• Software add-on or extension: No
• Cloud deployment model: Public cloud
• Service constraints: Safari web browser only has limited support
• System requirements:
  • Google Chrome
  • Mozilla Filefox
  • Microsoft Edge

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: We aim to respond within one hour for critical issues
• User can manage status and priority of support tickets: No
• Phone support: Yes
• Phone support availability: 24 hours, 7 days a week
• Web chat support: No
• Onsite support: No
• Support levels: Critical – Initial Response within 2 hours - Max. Target Resolution Time 12 hours; Major – Initial Response within 4 hours - Max. Target Resolution Time 24 hours; Minor – Initial Response within 24 hours - Max. Target Resolution Time Next release
• Support available to third parties: No

Onboarding and offboarding

• Getting started: Online training is available, along with full online user documentation. ; ; Full design and implementation service is available in combination with 2T Security's 'Security Monitoring' and 'Security Architecture' G-Cloud services.
• Service documentation: Yes
• Documentation formats: HTML
• End-of-contract data extraction: User can connect to the platform via an API and extract the specific data they require - This needs to be extracted whilst their contract is valid.
• End-of-contract process: An Evolve engagement will include a number of consultancy days, for supporting client staff, as well as a subscription to the platform. The subscription is annual. We encourage customers to create a call-off contract so that they have the ability to engage us on an ad hoc basis for particularly complex integrations or migrations to alternative products ; ; If a customer chooses not to renew their subscription, they will no longer be able to use the platform.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Firefox
  • Chrome
• Application to install: No
• Designed for use on mobile devices: No
• Service interface: No
• User support accessibility: None or don’t know
• API: Yes
• What users can and can't do using the API: Users cannot make service impact changes through the API, however access to data in the platform is available via http based API.
• API documentation: Yes
• API documentation formats:
  • HTML
  • PDF
  • Other
• API sandbox or test environment: No
• Customisation available: Yes
• Description of customisation: The output from the Evolve platform is consumed through online searches and dashboards. These are customisable to meet users situation awareness needs. ; ; The platform as a whole contains a marketplace/app store where users can activate pre-defined use cases that enable rapid response to emerging threats.

Scaling

• Independence of resources: Evolve uses cloud native features to scale automatically as usage changes over time.

Analytics

• Service usage metrics: Yes
• Metrics types: Evolve's core metrics are:; ; - Availability; - Data Throughput; - End user activity/searches; - Billing; - Capacity
• Reporting types:
  • API access
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

• Supplier type: Reseller providing extra features and support
• Organisation whose services are being resold: Threat Intelligence

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: Up to Developed Vetting (DV)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations:
  • United Kingdom
  • European Economic Area (EEA)
• User control over data storage and processing locations: Yes
• Datacentre security standards: Managed by a third party
• Penetration testing frequency: At least every 6 months
• Penetration testing approach: In-house
• Protecting data at rest:
  • Physical access control, complying with CSA CCM v3.0
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Encryption of all physical media
  • Scale, obfuscating techniques, or data storage sharding
  • Other
• Other data at rest protection approach: Evolve takes a multi-tiered approach to protecting data at rest. As well as taking advantage of AWS's own encryption features, Evolve uses additional encryption for customer specific data.
• Data sanitisation process: No
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

• Data export approach: Users may export data via the following methods:; ; API calls; PDF reports; Download CSV
• Data export formats:
  • CSV
  • Other
• Other data export formats:
  • JSON
  • XML
  • Original Source format
  • XLSX
• Data import formats:
  • CSV
  • Other
• Other data import formats:
  • JSON
  • XML
  • Syslog
  • Evolve has an extensible data-parser supporting most text based formats

Data-in-transit protection

• Data protection between buyer and supplier networks: TLS (version 1.2 or above)
• Data protection within supplier network: TLS (version 1.2 or above)

Availability and resilience

• Guaranteed availability: Evolve offers a 99.999% service level agreement
• Approach to resilience: The service is designed to be hosted on Amazon Web Services. Native AWS features are used to ensure the service meets its SLA
• Outage reporting: Service outages are generally communicated via email alerts

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Username or password
  • Other
• Other user authentication: Single Sign On
• Access restrictions in management interfaces and support channels: Client maintains full administrative rights, and can delegate this role to any number of defined users.
• Access restriction testing frequency: At least every 6 months
• Management access authentication:
  • 2-factor authentication
  • Username or password
  • Other
• Description of management access authentication: Single Sign On

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: User-defined
• Access to supplier activity audit information: Users have access to real-time audit information
• How long supplier audit data is stored for: User-defined
• How long system logs are stored for: User-defined

Standards and certifications

• ISO/IEC 27001 certification: No
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: No
• Cyber essentials plus: No
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: No
• Security governance approach: Evolve follows IS27001 practices, and is in the process of gaining full certifcation.
• Information security policies and processes: Evolves security policies follows the ISO27001

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: Change control through code release in staged promotion of production cloud instances.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: Penetration tests run quarterly and on every major build of the product, as well as ongoing production environment testing
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: As well as using AWS's standard features for protective monitoring, the Evolve platform itself is a protective monitoring platform, and is used internally for this purpose.
• Incident management type: Supplier-defined controls
• Incident management approach: As soon as suspicious activity is identified, EvolveIR (Incident Response Tool) launches procedures to ensure the incident is contained as quickly as possible to minimise any impacts to your organisation. Being a provider of incident response services, when a security breach occurs, evidence is automatically collected and analysed for a deep technical investigation to quickly identify Indicators of Compromise (IOCs) on the target systems. ; ; Users may report suspected incidents to their Account Manager.; ; A written report is provided in response to any major incidents.

Secure development

• Approach to secure software development best practice: Supplier-defined process

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Covid-19 recovery
  • Tackling economic inequality
  • Equal opportunity
  • Wellbeing

  Fighting climate change

  At 2T Security we are fully committed to continuously improving our environmental performance, examples of which include:; 1. We assist the development of Science, Technology Engineering, and Maths (STEM) at a grassroots level and are proud to sponsor Harrington Sixth Form School who take part in the GreenPower racing series. This supports our wider sustainability aims to use renewable energy sources.; 2. Where practical, travelling via the least impactful method for a given journey e.g., rail versus flying, public transport versus car.; 3. Using ecologically friendly solutions to meet our business needs.; 4. Managing waste generated from our business operations according to the principles of reduction, re-use, and recycling.; 5. Purchasing office consumables that are from a sustainable source, reducing the reliance on single-use items, and by recycling all paper products, ink, or toner cartridges.; 6. Becoming a net producer of sustainable energy, and supplement by only purchasing energy from “green” providers.; 7. Leased or owned company cars must have zero emissions.; 8. Working with suppliers who share our environmental aims.; 9. Measuring and making public our energy consumption, generation, and environmental impact, reviewing results, and looking at how we can improve.; 10. Complying, as a minimum, with all relevant environmental legislation as well as other environmental requirements.; 11. We refine our Social Value Method Statement and associated Action Plan on a regular basis.

  Covid-19 recovery

  2T Security has worked closely with Test & Trace (now UKHSA) programme over the last 3 years, and we continue to take Covid-19 very seriously. We remain committed to the wider Covid-19 recovery and some examples of this include:; 1. SMEs were significantly impacted by Covid-19, and this is why we support local businesses and Small to Medium Enterprise (SMEs), where possible, preferring them to larger or global suppliers. ; 2. Align to the Prompt Payment Code, which ensures that SMEs are paid within 30 days of receipt of an invoice.; 3. Taking an approach that doesn't view supply chain partners just as vendors but as collaborators working towards the successful end delivery to customers, behaving responsibly and delivering with mutual respect.; 4. We refine our Social Value Method Statement and associated Action Plan on a regular basis.

  Tackling economic inequality

  At 2T Security we are fully committed to tacking economic inequality, examples of which include:; 1. Implementing strategies to benefit the lives and wellbeing of those affected by our activities within the localities and communities. We have demonstrated this by assisting the development of Science, Technology Engineering, and Maths (STEM) at a grass roots level. As such, we are proud to sponsor Harrington Sixth Form School who take part in the GreenPower racing series. GreenPower Education trust is a charity organisation seeking to kick start careers in engineering. This also supports our wider sustainability aims to use renewable energy sources.; 2. We ensure we offer fair rates of pay, above the national average and minimum requirements.; 3. Offering summer placements to university students, helping to inspire future generations.; 4. Promote workforce diversity by targeting harder-to-reach and under-represented groups and communities. ; 5. Provide accessible, entry-level employment and training opportunities for local people and develop future talent. ; 6. Promote Fairness, Inclusion, and Respect (FIR) principles.; 7. We refine our Social Value Method Statement and associated Action Plan on a regular basis.

  Equal opportunity

  At 2T Security we are fully committed to continuously improving equal opportunities, examples of which include:; 1. Providing opportunities for those disadvantaged, for example employing a Ukrainian refugee to assist us with our ISO27001 certification.; 2. Deliver with transparency, supporting knowledge sharing, improving visibility and efficiency.; 3. Value everyone’s voice, regardless of role or where they reside in the supply chain.; 4. Respect and welcome diversity, relishing difference, ensuring everyone is treated equally, underpinned by our equal opportunities and diversity policy.; 5. Collaborate with people who uphold the same social values, ethical business practices and environmental ambitions.; 6. An active participant in the CyberFirst scheme since 2019, providing experience to summer students and year-in-industry students, and recruiting graduates to support their professional cyber security journey.; 7. Proudly providing sponsorship of the CyberFirst Girls Competition 2024, supporting, and encouraging woman in Cyber careers.; 8. Our resources have experience with job coaching in the community, helping those less fortunate get back into work, something we hope to continue to build on.; 9. Providing training and qualification opportunities to our people, supporting future development and progression.; 10. Working with charities and making charitable donations, for example our recent support of Osprey Leadership foundation, who work to inspire and enable young conservation leaders.; 11. We refine our Social Value Method Statement and associated Action Plan on a regular basis.

  Wellbeing

  At 2T Security we take health and wellbeing very seriously, examples of which include:; 1. Taking an integrative approach that doesn't view supply chain partners just as vendors but as collaborators working towards the successful end delivery to customers, behaving responsibly and delivering with mutual respect.; 2. Strive to be entrepreneurial in spirit and help new organisations, as well as our people, flourish.; 3. We support a healthy work life balance, supporting our employees with families and their wellbeing, focusing on delivery outcomes above the hours spent at a desk.; 4. Look to reduce ill health and improve wellbeing, underpinned by our health and wellbeing policy.; 5. We refine our Social Value Method Statement and associated Action Plan on a regular basis.

Pricing

• Price: £5,000 a licence a year
• Discount for educational organisations: No
• Free trial available: Yes
• Description of free trial: Trial accounts allow usage of the Evolve platform for a limited period of time. Rights are reserved to restrict access to certain features.

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at tony.badsey-ellis@2t-security.com. Tell them what format you need. It will help if you say what assistive technology you use.