CDW Limited

CDW BlueVoyant - Managed Detection and Response Security Services (MDR)

BlueVoyant provides a comprehensive range of Managed Detection and Response services. BlueVoyant’s 24×7 SOC provides MDR and SIEM management services for Microsoft Sentinel and Defender, Splunk and leading EDR tools from Microsoft, SentinelOne and CrowdStrike

Features

• BlueVoyant Modern SOC for Microsoft Sentinel,Splunk Cloud and Enterprise
• Microsoft and M365 Security (E5) Defender Workloads
• Detection As A Service (Sentinel One, Microsoft Defender)
• Managed SIEM including continuous content updates
• Fully Managed, Detection and Response services
• 24x7 /365 SOC monitoring both hybrid and full-outsource SOC models
• Proactive threat hunting, Threat Intelligence and Threat Research
• Real time reporting and dashboards in our client portal
• 100% cloud-based
• deployment services to help deploy new or enhance existing implementations

Benefits

• Maximizing best-practice use and Integration of market leading tools
• Analysis and tuning log data reducing SIEM ingestion and costs
• Training and development opportunities for customer security teams.
• Ability to leverage cloud-scale feature enhancements.
• Architecture Minimises data leaving customers environment reduces supplier lockc-in
• Managed and tuned for monitoring and response to emerging threats
• Ongoing hunts formulated by experts looking for evidence of breaches
• ITSM integration for case management using customers staff and tools
• Maximise Investment in Microsoft Tooling ( E5 / Sentinel )
• Security Automation and AI

£118,716 a unit a year

• Education pricing available

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at tenders@uk.cdw.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

258423790480955

Contact

Andy Wood
0161 837 7744
tenders@uk.cdw.com

Service scope

• Service constraints: Maintenance Windows: BlueVoyant may schedule maintenance outages for BlueVoyant software which enables log collection with 24-hours’ notice to designated Client contacts. SLAs shall not apply during maintenance outages and therefore are not eligible for any SLA credit during these periods. Emergency Maintenance: In the circumstance of immediate necessary changes, BlueVoyant may initiate an emergency maintenance window. When this situation occurs, BlueVoyant will use commercially reasonable efforts to provide notice and minimize the impact to Clients.
• System requirements:
  • Services are SaaS offerings therefore no hardware/software costs
  • Customers require their own Microsoft/Splunk licensing
  • Minimum set of log collection sourcetypes that must be monitored.

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Standard service requests (applies to all non-change and non-incident tickets) submitted via the Portal, Email, or via telephone will be subject to “acknowledgment” (either through the BlueVoyant ticketing system, email or telephonically) within four (4) hours from the time stamp on the Service Request ticket created by the BlueVoyant Platform.
• User can manage status and priority of support tickets: No
• Phone support: Yes
• Phone support availability: 24 hours, 7 days a week
• Web chat support: No
• Onsite support: No
• Support levels: Standard service requests (applies to all non-change and non-incident tickets) submitted via the Portal, Email, or via telephone will be subject to “acknowledgment” (either through the BlueVoyant ticketing system, email or telephonically) within four (4) hours from the time stamp on the Service Request ticket created by the BlueVoyant Platform. The support team comprises 10+ positions located in the US and Europe, covering 24/7 support hours.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: Introduction Phase: The introduction phase facilitates information gathering and begins with project kickoff. Client Experience Team: At the beginning of Client deployment, a BlueVoyant technical account manager will be assigned to the Client. Threat Profile: In order to provide organizational-specific threat intelligence, BlueVoyant will collect information about the Client to better understand potential threats. Approved Response Plan: The Client and BlueVoyant will discuss and agree upon rules of engagement for service operation. Provisioning Phase: The provisioning phase is focused on deployment of the advanced endpoint software to endpoint visibility and response actions. WavelengthTM User Onboarding: BlueVoyant will conduct Wavelength training for Client users. Deployment Audit: Once all advanced endpoint software has been deployed and are functioning, an audit is performed to ensure the software has been correctly deployed on all the correct systems and managed detection and response services are ready to commence. Tuning Phase: BlueVoyant will use the first 14-30 days post-installation to identify a baseline of the Client environment and tune the managed detection and response services. Inventory of Assets: Once the advanced endpoint software has been deployed, identification and contextualisation of assets can occur.
• Service documentation: Yes
• Documentation formats: PDF
• End-of-contract data extraction: All data, alerts, reports, connectors and playbooks will remain within the customer's environment.
• End-of-contract process: BlueVoyant will assist in the removal of the BlueVoyant access and ensure the health of the environment prior to doing so. In addition, BlueVoyant will include full knowledge transfer at the onset and upon termination of the solution. This includes a review of all service components initiated through the project.

Using the service

• Web browser interface: Yes
• Using the web interface: BlueVoyant provides Service Management reporting through our client portal, Wavelength, where summary reports on incidents, opened tickets and other operational data can be accessed. - Dashboards: Available through Wavelength, dashboards representing a variety of content including but not limited to event volume, alert volume, detected assets, and analyst response actions. - Reports: Available through Wavelength, reports include Client environment content related to alerts, incidents, indicators, assets, and vulnerabilities.
• Web interface accessibility standard: None or don’t know
• How the web interface is accessible: None, though we build with 508 Compliance in mind
• Web interface accessibility testing: The service is a combination of both Microsoft and BlueVoyant developed technology. The end-user toolset and interface are browser based, meaning that accessibility tools both in the Browser and Operating System can be used when accessing the platform.; ; BlueVoyant and Microsoft leverage modern web standards such as HTML5 and support a wide range of modern browsers; ; The platform is designed to include accessibility features that conform to the Web Content Accessibility Guidelines; ; Microsoft software is also tested internally (before public release) to a user base of over 200,000 consisting of Employees/Contractors/Partners with feedback specific to accessibility being captured and assessed.
• API: Yes
• What users can and can't do using the API: Microsoft Sentinel REST APIs allow you to create and manage data connectors, analytic rules, incidents, bookmarks, and get entity information. TMK Azure has an API that help users to query data.
• API automation tools:
  • Ansible
  • Puppet
• API documentation: Yes
• API documentation formats: PDF
• Command line interface: No

Scaling

• Scaling available: Yes
• Scaling type: Automatic
• Independence of resources: Automated playbooks run in the BlueVoyant SOC platform benefit from continuous enhancement as incident triage and investigation occurs. This enables the BlueVoyant SOC to maintain a high degree of automation and keep response times low and scale to meet customer demand with no affect on other users. BlueVoyant SOC is cloud-native and as such as near limitless scaling capability.
• Usage notifications: Yes
• Usage reporting:
  • API
  • Email

Analytics

• Infrastructure or application metrics: No

Resellers

• Supplier type: Reseller providing extra support
• Organisation whose services are being resold: BlueVoyant

Staff security

• Staff security clearance: Conforms to BS7858:2019
• Government security clearance: Up to Security Clearance (SC)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: Other locations
• User control over data storage and processing locations: Yes
• Datacentre security standards: Managed by a third party
• Penetration testing frequency: At least once a year
• Penetration testing approach: Another external penetration testing organisation
• Protecting data at rest:
  • Physical access control, complying with CSA CCM v3.0
  • Encryption of all physical media
  • Scale, obfuscating techniques, or data storage sharding
  • Other
• Other data at rest protection approach: Plain-text protocols not used in network management. ● Management traffic separated from user traffic. ● Network Device management interfaces are on a management network. ● Console ports used for device management are secured by a username/password or other CISO-approved method. ● Network management services transition from SNMPv1, v2, v2c to SNMPv3 (or other option that does not use plaintext community strings). ● Prohibited protocols will include LDAP without use of TLSv1.2, FTP, telnet, remote host protocols, SSHv1, SSLv1, SSLv2, SSLv3"
• Data sanitisation process: Yes
• Data sanitisation type: Hardware containing data is completely destroyed
• Equipment disposal approach: A third-party destruction service

Backup and recovery

• Backup and recovery: No

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • Private network or public sector network
  • TLS (version 1.2 or above)
  • Other
• Other protection between networks: ● Network confidentiality controls include the use of encryption and device authentication to protect the confidentiality of transmitted information. ● Network segmentations are logically and/or physically separated into functional zones that are a grouped by infrastructure platforms, information systems and end-user devices. ● Functional zones are further subdivided into security zones, an association of information systems and services with similar security controls. ● Networking platforms and information systems associated with a particular security zone have the same trust level and approval. ● Egress points limit the number of external connections to the Internet. Egress points are controlled and monitored centrally.
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

• Guaranteed availability: BlueVoyant provides service level uptime of 99.9%. Service levels are reported within the BlueVoyant Customer Portal (Wavelength) and are also reviewed monthly through the Monthly Service Reviews led by the Client Success Manager.
• Approach to resilience: We use CI/CD as well as container orchestration. This allows us to rapidly replicate services through out our hosting cloud if need be. We maintain multiple independant VPNs to connect to our cloud infrastructure.
• Outage reporting: Via both email alerts and the customer facing portal (Wavelength)

Identity and authentication

• User authentication:
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Username or password
• Access restrictions in management interfaces and support channels: Clients will provide a list of identified users and their email addresses for access to WavelengthTM and SOC. Client users will receive an onboarding email to access Wavelength and will configure multi-factor authentication with their device.
• Access restriction testing frequency: At least every 6 months
• Management access authentication:
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Username or password
• Devices users manage the service through: Directly from any device which may also be used for normal business (for example web browsing or viewing external email)

Audit information for users

• Access to user activity audit information: Users receive audit information on a regular basis
• How long user audit data is stored for: User-defined
• Access to supplier activity audit information: Users receive audit information on a regular basis
• How long supplier audit data is stored for: User-defined
• How long system logs are stored for: User-defined

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: Citation
• ISO/IEC 27001 accreditation date: 01/03/2023
• What the ISO/IEC 27001 doesn’t cover: N/A
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: No
• Other security certifications: Yes
• Any other security certifications: SOC2

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: ISO/IEC 27001
• Information security policies and processes: "Our information security policies are aligned to the ISO/IEC 27001 framework. To ensure that they are followed we audit both ourselves internally and use third parties to renew our accreditations. "

Operational security

• Configuration and change management standard: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Configuration and change management approach: Please refer to BV's SDLC policy/SOC2 report for details
• Vulnerability management type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Vulnerability management approach: Bluevoyant's Vulnerability Management processes adheres to SOC 2's CC7.1 Configuration and Vulnerability Management requirement
• Protective monitoring type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Protective monitoring approach: Please refer to BV's Threat and Vulnerability Management policy
• Incident management type: Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
• Incident management approach: Please refer to BV's Incident Management E-Discovery and Cloud Forensics policy and our SOC2 report

Secure development

• Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Separation between users

• Virtualisation technology used to keep applications and users sharing the same infrastructure apart: No

Energy efficiency

• Energy-efficient datacentres: Yes
• Description of energy efficient datacentres: BlueVoyant leverage Azure datacentres which adhere to the EU code of conduct.

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Equal opportunity
  • Wellbeing

  Fighting climate change

  CDW is committed to fighting climate change and protecting the environment. CDW has made a commitment to achieve Net Zero emissions by 2040, 10 years earlier than mandated by the UK government. To achieve this, CDW has implemented (and continues to implement) initiatives to reduce our emissions and carbon footprint, all of which are underpinned by CDW’s ISO14001 certified Environmental Management System (EMS) and our beGreen program.; ; CDW’s distribution centre and our flagship offices hold ISO 14001 environmental management certifications, with our UK distribution centre also holding REGO energy certifications. In parallel with our EMS and beGreen program, CDW has invested in and implemented a range of initiatives to help tackle our contribution towards climate change across our operational activities. These initiatives include (but are not limited to):; ; -Solar panel usage. As a result, in 2021, we were able to achieve 100% renewable energy sourcing for CDW-owned buildings.; -Energy-efficient lighting solutions, including indoor and outdoor LED lighting.; -Motion sensor lighting and conveyor systems that turn off in response to inactivity.; -Water consumption solutions, including rainwater harvesting efforts.; -“Smart” HVAC systems that adjust according to business hours and seasonal temperatures.; -A ‘Pin to Print’ program enabling enhanced print queue management to reduce wasted print jobs; -A goal to achieve 100% renewable energy sourcing for electricity by 2027. In 2021, 98% of electricity consumed in the UK was from renewable sources.; ; Additionally, at our distribution centres, we have recycled:; ; -2,966 tons of packaging material; -9,794 tons of cardboard; -636 tons of paper; -Thousands of wood and plastic pallets; ; Furthermore, at a coworker level, CDW has established a ‘WE GET Our Environment’ Business Resource Group and an Environment Committee with the purpose of increasing awareness of the environmental and social strategy, and to empower coworkers to get involved in environmental initiatives.

  Equal opportunity

  CDW is committed to creating a working environment for coworkers dedicated to inclusion, diversity and equal opportunities, as detailed in our CDW Way Code, which teaches all CDW coworkers to:; ; -Always do their best to make everyone at CDW feel welcome; -Treat other coworkers with respect and dignity; -Maintain an inclusive workplace in which all coworkers can demonstrate their full potential; -Respect the unique attributes and perspectives of every coworker; ; CDW provides equal treatment and opportunity without regard to:; ; -Race; -Skin colour; -Religion; -National origin; -Gender; -Sexual orientation; -Gender identity; -Disability; -Age; ; Our commitment to equality is underpinned by six Business Resource Groups (BRGs). BRGs ensure all coworkers have a voice, build awareness, and provide support to similar groups in their communities. The BRGs include:; ; -Armed Forces Network; -Black Coworker Network; -Disability Support Network; -PRIDE+; -United Support Network; -Women’s International Network; ; CDW coworkers are empowered to reach their highest potential, and we are focused on providing them with a wide variety of tools and development opportunities to help them achieve their career aspirations at CDW, regardless of origin, background or situation. Within our learning culture, all coworkers are surrounded by comprehensive resources and support, ongoing education and skills training, and robust advancement opportunities. We offer a variety of programs to help current and future leaders build diverse teams and to help diverse coworkers develop their leadership skills so they can continue to advance in the organisation.; ; Our commitment to equal opportunities and diversity is demonstrable across our organisation. As an example, CDW’s CEO and President, Chris Leahy, is female and CDW’s Executive Committee consists of 50% female and 50% male coworkers, with 42% coming from multi ethnic backgrounds.; ; CDW is also committed to reducing the gender pay gap and produces an annual gender pay gap report - https://www.uk.cdw.com/site-tools/pay-gap-report/.

  Wellbeing

  CDW is committed to providing coworkers and their families with the knowledge necessary to make the best health and wellness choices for themselves and their families. ; ; Our approach to wellness is designed to help coworkers be safe, healthy and successful. We understand that managing work and personal life is a balancing act of shifting priorities and so we offer a variety of benefits that supports a coworker’s physical, financial, emotional and social ; wellbeing, including access to telemedicine, a suite of family benefits and a variety of wellness incentives and programs.; ; CDW provides coworkers with an Employee Assistance Program, which offers confidential, individualised coaching to help coworkers achieve personal or professional goals. It also features enhancements for crisis care, 24/7 phone support and an emergency referral system.; ; Ongoing coworker engagement is fostered through regular communications events, including: ; ; -Monthly wellness e-newsletters promoting benefits available to coworkers; -Workshops and activities focused on timely topics; -Various campaigns to raise awareness for meaningful topics throughout the year, including mental health, emotional wellbeing and heart-mind gratitude; ; As a further example of our commitment, in response to the COVID-19 pandemic, our Coworker Services team implemented “coworker calls” - informal, but regular check-ins to ensure all coworkers are caring for their mental health and receiving the support they need.; ; CDW also established ‘The CDW Community’, an initiative set up to provide coworkers with activities that they could participate in to keep them physically and mentally active, and to give them a platform for social engagement with other coworkers during a time where many were feeling isolated.; ; Following its success during COVID, the CDW Community initiative has remained operational as we exit the pandemic, continuing to provide CDW coworkers with activities and resources centric to physical and mental wellbeing, as well as sessions to support a healthy family life.

Pricing

• Price: £118,716 a unit a year
• Discount for educational organisations: Yes
• Free trial available: No

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at tenders@uk.cdw.com. Tell them what format you need. It will help if you say what assistive technology you use.