Somerford Associates Limited

BlueVoyant - Managed Detection and Response Security Services

BlueVoyant provides a comprehensive range of Managed Detection and Response services. BlueVoyant’s 24×7 SOC provides MDR and SIEM management services for Microsoft Sentinel and Defender, Splunk and leading EDR tools from Microsoft, SentinelOne and CrowdStrike

Features

• BlueVoyant Modern SOC for Microsoft
• BlueVoyant Modern SOC for Splunk® Cloud Platform
• Detection As A Service (Sentinel One, Microsoft Defender)
• Managed SIEM including continuous content updates
• Fully Managed, Detection and Response services
• 24x7 /365 SOC monitoring both hybrid and full-outsource SOC models
• Proactive threat hunting, Threat Intelligence and Threat Research
• Real time reporting and dashboards in our client portal
• 100% cloud-based
• deployment services to help deploy new or enhance existing implementations

Benefits

• Maximizing best-practice use and Integration of market leading tools
• Analysis and tuning log data reducing SIEM ingestion and costs
• Training and development opportunities for customer security teams.
• No vendor lock-in
• Ability to leverage cloud-scale feature enhancements.
• Minimised data leaving customers environment
• Managed and tuned for monitoring and response to emerging threats
• Ongoing hunts formulated by experts looking for evidence of breaches
• ITSM integration for case management using customers staff and tools

£50,000 a licence a year

• Education pricing available

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at penny.harrison@somerfordassociates.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 13

Service ID

202203876752135

Contact

Penny Harrison
07897075103
penny.harrison@somerfordassociates.com

Service scope

• Service constraints: Maintenance Windows: BlueVoyant may schedule maintenance outages for BlueVoyant software which enables log collection with 24-hours’ notice to designated Client contacts. SLAs shall not apply during maintenance outages and therefore are not eligible for any SLA credit during these periods. Emergency Maintenance: In the circumstance of immediate necessary changes, BlueVoyant may initiate an emergency maintenance window. When this situation occurs, BlueVoyant will use commercially reasonable efforts to provide notice and minimize the impact to Clients.
• System requirements:
  • Services are SaaS offerings therefore no hardware/software costs
  • Customers require their own Microsoft/Splunk licensing
  • Minimum set of log collection sourcetypes that must be monitored.

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Standard service requests (applies to all non-change and non-incident tickets) submitted via the Portal, Email, or via telephone will be subject to “acknowledgment” (either through the BlueVoyant ticketing system, email or telephonically) within four (4) hours from the time stamp on the Service Request ticket created by the BlueVoyant Platform.
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: None or don’t know
• Phone support: Yes
• Phone support availability: 24 hours, 7 days a week
• Web chat support: No
• Onsite support: No
• Support levels: Standard service requests (applies to all non-change and non-incident tickets) submitted via the Portal, Email, or via telephone will be subject to “acknowledgment” (either through the BlueVoyant ticketing system, email or telephonically) within four (4) hours from the time stamp on the Service Request ticket created by the BlueVoyant Platform. The support team comprises 10+ positions located in the US and Europe, covering 24/7 support hours.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: Introduction Phase: The introduction phase facilitates information gathering and begins with project kickoff. ; ; Client Experience Team: At the beginning of Client deployment, a BlueVoyant technical account manager will be assigned to the Client. ; ; Threat Profile: In order to provide organizational-specific threat intelligence, BlueVoyant will collect information about the Client to better understand potential threats. ; ; Approved Response Plan: The Client and BlueVoyant will discuss and agree upon rules of engagement for service operation.; ; Provisioning Phase: The provisioning phase is focused on deployment of the advanced endpoint software to endpoint visibility and response actions.; ; WavelengthTM User Onboarding: BlueVoyant will conduct Wavelength training for Client users. ; ; Deployment Audit: Once all advanced endpoint software has been deployed and are functioning, an audit is performed to ensure the software has been correctly deployed on all the correct systems and managed detection and response services are ready to commence. ; ; Tuning Phase: BlueVoyant will use the first 14-30 days post-installation to identify a baseline of the Client environment and tune the managed detection and response services. ; ; Inventory of Assets: Once the advanced endpoint software has been deployed, identification and contextualisation of assets can occur.
• Service documentation: Yes
• Documentation formats: PDF
• End-of-contract data extraction: All data, alerts, reports, connectors and playbooks will remain within the customer's environment.
• End-of-contract process: BlueVoyant will assist in the removal of the BlueVoyant access and ensure the health of the environment prior to doing so. In addition, BlueVoyant will include full knowledge transfer at the onset and upon termination of the solution. This includes a review of all service components initiated through the project.

Using the service

• Web browser interface: Yes
• Using the web interface: BlueVoyant provides Service Management reporting through our client portal, Wavelength, where summary reports on incidents, opened tickets and other operational data can be accessed. ; ; - Dashboards: Available through Wavelength, dashboards representing a variety of content including but not limited to event volume, alert volume, detected assets, and analyst response actions. ; - Reports: Available through Wavelength, reports include Client environment content related to alerts, incidents, indicators, assets, and vulnerabilities.
• Web interface accessibility standard: None or don’t know
• How the web interface is accessible: None, though we build with 508 Compliance in mind
• Web interface accessibility testing: N/A
• API: Yes
• What users can and can't do using the API: Microsoft Sentinel REST APIs allow you to create and manage data connectors, analytic rules, incidents, bookmarks, and get entity information. TMK Azure has an API that help users to query data.
• API automation tools:
  • Ansible
  • Puppet
• API documentation: Yes
• API documentation formats: PDF
• Command line interface: No

Scaling

• Scaling available: No
• Independence of resources: Automated playbooks run in the BlueVoyant SOC platform benefit from continuous enhancement as incident triage and investigation occurs. This enables the BlueVoyant SOC to maintain a high degree of automation and keep response times low and scale to meet customer demand with no affect on other users.; ; BlueVoyant SOC is cloud-native and as such as near limitless scaling capability.
• Usage notifications: Yes
• Usage reporting:
  • API
  • Email
  • Other

Analytics

• Infrastructure or application metrics: No

Resellers

• Supplier type: Reseller providing extra features and support
• Organisation whose services are being resold: BlueVoyant

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: Up to Developed Vetting (DV)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: Other locations
• User control over data storage and processing locations: No
• Datacentre security standards: Managed by a third party
• Penetration testing frequency: At least once a year
• Penetration testing approach: Another external penetration testing organisation
• Protecting data at rest:
  • Physical access control, complying with another standard
  • Encryption of all physical media
  • Scale, obfuscating techniques, or data storage sharding
  • Other
• Other data at rest protection approach: Plain-text protocols not used in network management. ● Management traffic separated from user traffic. ● Network Device management interfaces are on a management network. ● Console ports used for device management are secured by a username/password or other CISO-approved method. ● Network management services transition from SNMPv1, v2, v2c to SNMPv3 (or other option that does not use plaintext community strings). ● Prohibited protocols will include LDAP without use of TLSv1.2, FTP, telnet, remote host protocols, SSHv1, SSLv1, SSLv2, SSLv3"
• Data sanitisation process: Yes
• Data sanitisation type: Hardware containing data is completely destroyed
• Equipment disposal approach: A third-party destruction service

Backup and recovery

• Backup and recovery: No

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • Private network or public sector network
  • TLS (version 1.2 or above)
  • Other
• Other protection between networks: ● Network confidentiality controls include the use of encryption and device authentication to protect the confidentiality of transmitted information.; ● Network segmentations are logically and/or physically separated into functional zones that are a grouped by infrastructure platforms, information systems and end-user devices.; ● Functional zones are further subdivided into security zones, an association of information systems and services with similar security controls.; ● Networking platforms and information systems associated with a particular security zone have the same trust level and approval.; ● Egress points limit the number of external connections to the Internet. Egress points are controlled and monitored centrally.
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

• Guaranteed availability: BlueVoyant provides service level uptime of 99.9%. Service levels are reported within the BlueVoyant Customer Portal (Wavelength) and are also reviewed monthly through the Monthly Service Reviews led by the Client Success Manager.
• Approach to resilience: We use CI/CD as well as container orchestration. This allows us to rapidly replicate services through out our hosting cloud if need be. We maintain multiple independant VPNs to connect to our cloud infrastructure.
• Outage reporting: Via both email alerts and the customer facing portal (Wavelength)

Identity and authentication

• User authentication:
  • 2-factor authentication
  • Username or password
• Access restrictions in management interfaces and support channels: Clients will provide a list of identified users and their email addresses for access to WavelengthTM and SOC. Client users will receive an onboarding email to access Wavelength and will configure multi-factor authentication with their device.
• Access restriction testing frequency: At least every 6 months
• Management access authentication:
  • 2-factor authentication
  • Dedicated link (for example VPN)
  • Username or password
• Devices users manage the service through: Directly from any device which may also be used for normal business (for example web browsing or viewing external email)

Audit information for users

• Access to user activity audit information: Users receive audit information on a regular basis
• How long user audit data is stored for: User-defined
• Access to supplier activity audit information: Users receive audit information on a regular basis
• How long supplier audit data is stored for: At least 12 months
• How long system logs are stored for: User-defined

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: QMS
• ISO/IEC 27001 accreditation date: 01/04/2021
• What the ISO/IEC 27001 doesn’t cover: N/A
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: Yes
• Other security certifications: Yes
• Any other security certifications:
  • SOC2
  • GDPR

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: ISO/IEC 27001
• Information security policies and processes: Our information security policies are aligned to the ISO/IEC 27001 framework. To ensure that they are followed we audit both ourselves internally and use third parties to renew our accreditations.

Operational security

• Configuration and change management standard: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Configuration and change management approach: Please refer to BV's SDLC policy/SOC2 report for details
• Vulnerability management type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Vulnerability management approach: Bluevoyant's Vulnerability Management processes adheres to SOC 2's CC7.1 Configuration and Vulnerability Management requirement
• Protective monitoring type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Protective monitoring approach: Please refer to BV's Threat and Vulnerability Management policy
• Incident management type: Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
• Incident management approach: Please refer to BV's Incident Management E-Discovery and Cloud Forensics policy and our SOC2 report

Secure development

• Approach to secure software development best practice: Conforms to a recognised standard, but self-assessed

Separation between users

• Virtualisation technology used to keep applications and users sharing the same infrastructure apart: No

Energy efficiency

• Energy-efficient datacentres: Yes
• Description of energy efficient datacentres: BlueVoyant leverage Azure datacentres which adhere to the EU code of conduct.

Social Value

• Fighting climate change:

  Fighting climate change

  As an organisation that works closely with the public sector, Somerford is keen to demonstrate our commitment to supporting the achievement of the Net Zero target of greenhouse gas emissions by 2050.; ; Management and staff at Somerford have been conscious of our impact upon the environment even before the Climate Change Act was introduced, and we’ve adopted environmentally friendly practices as the business has grown. Consequently, Somerford ‘s business already has a reasonably low carbon footprint, and will continue to strive for further reductions wherever possible because this is beneficial for our business, our stakeholders and the environment.; ; We will use our influence as a value added reseller of leading edge software products and supporting professional services to select supplier-partners whose own carbon reduction philosophy and plans are aligned with ours, and who can show commitment to the Net Zero target. In practical terms, this means we participate in a carbon-net-zero supply chain in the delivery of the solutions from our supplier-partners to our customers.; ; For further details, please see our Carbon Reduction Plan online at https://www.somerfordassociates.com/carbon-reduction-policy-and-plan/
• Covid-19 recovery:

  Covid-19 recovery

  During the Covid-19 pandemic, our robust business continuity measures, prudent fiscal policy, and the benefits of a highly flexible team, meant we were well prepared for the difficulties ahead. ; ; Staff wellbeing has been at the forefront of our Covid-19 recovery plans, taking care of their physical and mental health, including;; ; * home working to avoid unnecessary exposure to the virus; * providing safe office space where staff personal circumstances dictated; * regular contact, albeit remotely, to prevent isolation; * organised e-based social events to maintain interaction; ; ; As a result we have been able to:; ; * give uninterrupted service to our customers; * move our staff to home working; * avoid compulsory redundancies and minimised furlough; * in 2020, gain an 11% increase in revenues; * continue to grow the workforce by over 10% in the same year; * take on new partners to enhance our solutions portfolio; * invest in staff education to meet future customer needs. ; ; Changes in business practices due to Covid-19 have shown that flexible work patterns can be very effective, and we’re unlikely to fully return to our previous style of working. ; ; Our solutions have also helped customers to cope with their changing work patterns too - supporting their Covid recovery by providing the infrastructure, tooling and monitoring to support their own remote, flexible and sustainable ways of working.
• Tackling economic inequality:

  Tackling economic inequality

  Somerford is a healthily growing business, and actively strives to create employment opportunities that are inclusive of all socio-economic groups. For example:; ; * In the past 5 years, 20% of our staff entered our employment from leaving school, college or university;; * We have supported 12 apprenticeships;; * We run an internal academy scheme to build a broad range of technical skills in those who have the inherent skills, attitude and capability to become our next generation of experts;; * We actively participate in the Armed Forces Covenant Scheme and help to redeploy and reskill leavers from the Armed Forces. So far, 16 staff have joined us in this way;; * The ethnic mix of our staff is more diverse than that of our local community.; ; Strong technical skills are key to the delivery of services to our customers, so we’ve invested heavily in staff training - in 2020 alone, staff successfully completed over 100 technical courses.
• Equal opportunity:

  Equal opportunity

  Somerford is an equal opportunities employer and does not discriminate on the grounds of gender, sexual orientation, marital or civil partner status, pregnancy or maternity, gender reassignment, race, colour, nationality, ethnic or national origin, religion or belief or age.; ; We do not discriminate on the grounds of disability. We take particular care to respect the rights of those with disabilities, throughout all stages of recruitment and employment. We make reasonable adjustments to ensure those with disabilities are not disadvantaged in the workplace, eg. adjusting working hours or providing special equipment to help to do their job.
• Wellbeing:

  Wellbeing

  Somerford is committed to promoting and supporting the wellbeing of all of its staff. We aim to create a culture which focuses on prevention of issues in the workplace that can adversely affect staff health and wellbeing, and where issues are identified, they are managed promptly before they can have a detrimental impact.; ; This includes:; * providing staff with clarity and purpose regarding their job role;; * ensuring staff have the capability, training, support and encouragement to conduct their role confidently and effectively;; * providing a physical working environment that is suitable for the work to be carried out effectively;; * encouraging staff to maintain a sensible work-life balance;; * minimising the stressful impacts of work;; * ensuring bullying and harassment have no place in the working environment;; * managing sickness and absence effectively;; * considering requests for career breaks and sabbaticals;; * providing medical assistance to staff;; * encouraging employee fitness;; * promoting dignity at work.

Pricing

• Price: £50,000 a licence a year
• Discount for educational organisations: Yes
• Free trial available: No

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at penny.harrison@somerfordassociates.com. Tell them what format you need. It will help if you say what assistive technology you use.