BlueFort Security Ltd

Trellix ETP Email Security Cloud AVAS Edition

Cloud based email security platform .
A signatureless Multi-Vector Virtual Execution™ (MVX) engine
which analyzes email attachments and URLs against a comprehensive cross-matrix of operating systems, applications and web browsers. Threats are identified with minimal noise, and false positives are nearly nonexistent

Features

• Comprehensive inbound and outbound email security
• Integrates with any third party email provider
• Consolidates email security stack with a comprehensive single vendor solution
• Outbound scanning
• Uses custom YARA rules to manage and enhance detections
• Provide contextual insights to prioritize and accelerate response
• Retroactively identify spear-phishing attacks
• Prevents access to phishing sites by rewriting malicious URL

Benefits

• Cloud based, easy to install
• Integrates seamlessly with cloud-based email systems such as Microsoft
• Minimal noise, reduces operational expense

£30.00 to £150.00 a user a year

• Education pricing available
• Free trial available

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at Dave.Henderson@bluefort.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

198268172457413

Contact

David Henderson
01252 917000
Dave.Henderson@bluefort.com

Service scope

• Software add-on or extension: No
• Cloud deployment model:
  • Public cloud
  • Private cloud
  • Community cloud
  • Hybrid cloud
• Service constraints: N/A
• System requirements:
  • Internet Connectivity
  • Standard Browser Interface

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: A variety of response times ranging from 8x5 - 24 x 7 are available upon request.
• User can manage status and priority of support tickets: No
• Phone support: Yes
• Phone support availability: 24 hours, 7 days a week
• Web chat support: Web chat
• Web chat support availability: 9 to 5 (UK time), 7 days a week
• Web chat support accessibility standard: None or don’t know
• How the web chat support is accessible: Portal based ticket escalation linked to pre-registered usernames.
• Web chat accessibility testing: N/A
• Onsite support: Yes, at extra cost
• Support levels: Essential, Enhanced and Premier Support Options. All delivered with 24 x 7 x 365 Technical Support. Inclusive Professional Services and training credits included. Engineering response including Customer Success Man ager and Technical Account Manager options also available. Premium dependent upon term.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: Remote or onsite provisioning and onboarding. Management training, handover and documentation,
• Service documentation: Yes
• Documentation formats:
  • HTML
  • ODF
  • PDF
• End-of-contract data extraction: Request end of term service termination. Policy and content controls available to be exported on demand.
• End-of-contract process: Contract when coupled with a support and service plan, provides for baseline service and inclusive PS. Outside of this further resource, training, additional seats and term lengths are at extra cost.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 11
  • Firefox
  • Chrome
  • Safari
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: N/A
• Service interface: Yes
• User support accessibility: None or don’t know
• Description of service interface: Browser based management interface secured by MFA or complex password.
• Accessibility standards: None or don’t know
• Description of accessibility: Granular and role based managment.
• Accessibility testing: N/A
• API: Yes
• What users can and can't do using the API: Configure through management interface. Modify submission process for uploading new content for inspection.
• API documentation: Yes
• API documentation formats:
  • PDF
  • Other
• API sandbox or test environment: Yes
• Customisation available: No

Scaling

• Independence of resources: Fully resilient and scaleable on demand infrastructure.

Analytics

• Service usage metrics: Yes
• Metrics types: First response time ; Average resolution time ; Other metrics available upon request.
• Reporting types: Reports on request

Resellers

• Supplier type: Reseller providing extra support
• Organisation whose services are being resold: FireEye (Trellix)

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: Up to Developed Vetting (DV)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations:
  • United Kingdom
  • European Economic Area (EEA)
  • Other locations
• User control over data storage and processing locations: No
• Datacentre security standards: Managed by a third party
• Penetration testing frequency: At least once a year
• Penetration testing approach: Another external penetration testing organisation
• Protecting data at rest: Physical access control, complying with another standard
• Data sanitisation process: Yes
• Data sanitisation type: Explicit overwriting of storage before reallocation
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

• Data export approach: Upon request.
• Data export formats: CSV
• Data import formats: CSV

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • Private network or public sector network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
• Data protection within supplier network: TLS (version 1.2 or above)

Availability and resilience

• Guaranteed availability: Available upon request.
• Approach to resilience: Available upon request.
• Outage reporting: Dashboard and partner email alerts.

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Username or password
• Access restrictions in management interfaces and support channels: Available upon request.
• Access restriction testing frequency: At least once a year
• Management access authentication:
  • 2-factor authentication
  • Username or password

Audit information for users

• Access to user activity audit information: Users contact the support team to get audit information
• How long user audit data is stored for: User-defined
• Access to supplier activity audit information: Users contact the support team to get audit information
• How long supplier audit data is stored for: User-defined
• How long system logs are stored for: User-defined

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: Yes
• ISO/IEC 27001 accreditation date: 2019 UKAS
• What the ISO/IEC 27001 doesn’t cover: Further details available upon request.
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: Yes
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: ISO/IEC 27001
• Information security policies and processes: Available upon request.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: Available upon request.
• Vulnerability management type: Undisclosed
• Vulnerability management approach: Available upon request.
• Protective monitoring type: Undisclosed
• Protective monitoring approach: Available upon request.
• Incident management type: Undisclosed
• Incident management approach: Available upon request.

Secure development

• Approach to secure software development best practice: Supplier-defined process

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  • Tackling economic inequality
  • Equal opportunity
  • Wellbeing

  Tackling economic inequality

  Through partnering with BlueFort, you will be actively supporting the creation of employment and training opportunities designed to help address the shortage of cyber security skills within the UK. Each additional contract provides a new opportunity for BlueFort to:; • Increase the amount of specialist cyber security roles within the business. Over 80% of our current workforce are in specialist cyber security roles. In line with our own growth plan, our target is to increase the amount of specialist roles by 50% by 2028. ; • Encourage the uptake of cyber security careers for school leavers and undergraduates. We commit to partnering with local schools and higher educational institutions. Our target is to offer 4 industry placements per year from 2025. ; In addition to the above, BlueFort’s service also actively supports the creation of diverse supply chains. We partner with a wide variety of specialist technology vendors and contractors to deliver our service. Each contract provides additional opportunities for new businesses, start-ups, and SMEs within the cyber security sector to grow and continue to innovate. ; • We support innovation and disruptive technologies. Our solution portfolio is continuously updated and reviewed.

  Equal opportunity

  BlueFort are actively working towards improving workforce inequality. Women and minorities are for example currently underrepresented within the cyber security industry. For example, fewer than 25% of cyber security professionals currently come from minority backgrounds. Each additional contract provides a new opportunity for BlueFort to work towards achieving our equal opportunities targets. We are currently: ; • Working with local educational institutions to promote the uptake of STEM qualifications amongst underrepresented groups. We commit to providing key staff to attend National Careers Week events at local educational institutions, with the aim to raise awareness of the benefits of work within the industry. ; • Working to increase the number of women in cyber security roles within the business. Our target is to increase the number of women in specialist roles by 75% by 2028. In order to remove key barriers, BlueFort have committed to ensure that all roles continue to be able to be worked remotely, that we continue to implement fair compensation practices, and that we offer enhanced family friendly benefits (including occupational family leave arrangements). ; • Our Equal Opportunities and Respect at Work Policy confirms our commitment to eliminating discrimination, victimisation, harassment (as defined by the Equality Act 2010) and bullying. Our Diversity and Inclusion Policy outlines our expectations of employees in their behaviours to others. To underline our commitment to equality, we have a dedicated Equality Complaints Procedure, designed to deal with such complaints in a way that makes all individuals, including those from minority groups, feel more comfortable raising concerns.

  Wellbeing

  BlueFort takes the health and wellbeing of its workforce seriously. We provide a range of wellbeing benefits and aim to treat employees who are sick with dignity and respect, providing support, and (if appropriate and practicable) workplace adjustments that may assist that individual to continue productive employment with the Company. BlueFort currently partner with Vitality to support our goal to build a healthier and happier workforce. Via Vitality Private Medical Insurance and Vitality at Work Business, we provide staff with a comprehensive health and wellbeing service offering that helps to address some of the leading causes of workplace absence, as well as offering many proven health and wellbeing benefits (including GP consultations and mental health treatment, including Cognitive Behavioural Therapy and counselling).

Pricing

• Price: £30.00 to £150.00 a user a year
• Discount for educational organisations: Yes
• Free trial available: Yes
• Description of free trial: You can trial FireEye ETP through BlueFort demo and PoC services. this will be typically for 14 days. This can be converted to a full license for easy migration on order.

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at Dave.Henderson@bluefort.com. Tell them what format you need. It will help if you say what assistive technology you use.