Cyberfort Ltd

Managed 24x7 MXDR Security Operations Centre

Cyberfort's MXDR defends your organisation from cyber threats 24x7x365. Utilising the right combination of Microsoft Sentinel and Elastic SIEM for each customer, SOAR enables ingest efficiency, increased ROI and reduces cost . Detecting, responding, and remediating with high speed, accuracy and transparency, you'll see everything we do to defend you.

Features

• 24x7x365 monitoring, detection and response to mitigate cyber risk
• Unique multi SIEM (Microsoft and Elastic) with SOAR solution
• Coverage of all log sources, clouds, infrastructure, data and endpoints
• Dedicated Technical Account Manager as your security expert
• Full SOAR automation and ITSM integration
• ROI Reviews of ingest and efficiency
• Fully integrated and license free EDR solution included
• Scheduled and ad-hoc Threat hunting detects incidents without alerts
• Custom queries, use cases, dashboards, reporting and automation playbooks
• Threat Modelling to align the service to each customers risks

Benefits

• Unique cost management between multiple vendors saves you cost
• Included EDR agent available at no extra cost saves cost
• Active responses under your governance stop threat actors reducing risk
• Tailoring service to your cyber risk reduces risk and cost
• Dedicated TAM works with you to improve your security posture
• Utilise all your existing security investments increasing ROI
• Reduce your compliance effort, delivering custom dashboards/reports
• Reduce risks responding quickly and accurately to events
• Actively support the earning and development of your resources
• No requirement to change your SIEM/tooling for our service

£2,000 a unit a month

• Education pricing available
• Free trial available

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at bidmanagement@cyberfortgroup.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

272132360634684

Contact

Cyberfort Bid Team
01635 015600
bidmanagement@cyberfortgroup.com

Service scope

• Software add-on or extension: Yes
• What software services is the service an extension to: Microsoft Sentinel & Elastic SIEM
• Cloud deployment model: Public cloud
• Service constraints: No constraints
• System requirements: None

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Cyberfort’s will triage all requests within 30 minutes and respond according to the incident priority
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: WCAG 2.1 AAA
• Phone support: Yes
• Phone support availability: 24 hours, 7 days a week
• Web chat support: Web chat
• Web chat support availability: 24 hours, 7 days a week
• Web chat support accessibility standard: WCAG 2.1 AA or EN 301 549
• Web chat accessibility testing: Keyboard shortcuts, captions and transcriptions, screen reader, voice control, magnify screen content, use high contrast colour
• Onsite support: No
• Support levels: We only have one level of support 24x7x365 with full technical account management, analysis and engineering; ; Please refer to our Service Definition, for more details on our service management and commitments.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: Your technical account manager will engage as part of the onboarding project, providing advice, guidance and familiarisation and continue to support throughout the life of the service to maximise ROI and speed of usability
• Service documentation: Yes
• Documentation formats: PDF
• End-of-contract data extraction: The customers Microsoft data is retained in their Azure tenancy meaning that it is resident within their environment and hence does not require extracting. The elastic data is resident in AWS, and can be extracted as part of the offboarding project. All reporting data can be downloaded from Jira
• End-of-contract process: As part of an offboarding plan, a consultative approach will be built to transfer/delete the data as required. The elastic SIEM can either be migrated to customer ownership, or deleted, as agreed during offboarding. If Microsoft Sentinel is in use, the customer simply defederates Cyberfort from the lighthouse connectivity and removes any guest access authorisation. Microsoft Sentinel remains as is and continues to function collecting logs and detecting incidents according to the existing detection queries, workbooks and playbooks which are all retained by the client.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
• Application to install: Yes
• Compatible operating systems:
  • Android
  • IOS
  • Linux or Unix
  • MacOS
  • Windows
  • Windows Phone
  • Other
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: No differences
• Service interface: Yes
• User support accessibility: None or don’t know
• Description of service interface: Microsoft Sentinel uses the azure portal or azure app, Elastic uses the browser interface, jira has browser support or a dedicated app
• Accessibility standards: WCAG 2.1 AA or EN 301 549
• Accessibility testing: Keyboard shortcuts, captions and transcriptions, screen reader, voice control, magnify screen content, use high contrast colour
• API: Yes
• What users can and can't do using the API: The Microsoft service runs in the clients Microsoft Azure meaning all azure API's are available, The Elastic SIEM is a hosted environment, and does not support API's, however jira also supports API, which we can integrate with your ITSM
• API documentation: Yes
• API documentation formats: Other
• API sandbox or test environment: Yes
• Customisation available: Yes
• Description of customisation: The Microsoft service runs in the clients Microsoft Sentinel, meaning that clients can customise as they choose, the Elastic service also provides user customisable dashboards.

Scaling

• Independence of resources: Cyberfort carefully measures resource/impact of multiple customers, and structured 3year plan mapping of capacity to the resources available. Our service is designed to deliver efficient incident management for both multiple customers and multiple incidents, reducing repetitive manual tasks, and enabling humans to leverage ML and AI in partnership, enabling scalability during times of high incidents. We operate on call capabilities to provide specialist support, and an extensive flood-in capability from within Cyberfort's business of cybersecurity experts that are utilised during major outbreaks or multiple incidents. This is underpinned by regular capacity management reviews, measuring both current reality and future trends.

Analytics

• Service usage metrics: Yes
• Metrics types: All data in azure can be reported on as required, additionally incident data is reported as part of the incident, and in monthly reporting, SLA's, service performance
• Reporting types:
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Conforms to BS7858:2019
• Government security clearance: Up to Developed Vetting (DV)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: Yes
• Datacentre security standards: Supplier-defined controls
• Penetration testing frequency: At least once a year
• Penetration testing approach: ‘IT Health Check’ performed by a CHECK service provider
• Protecting data at rest:
  • Physical access control, complying with another standard
  • Encryption of all physical media
• Data sanitisation process: Yes
• Data sanitisation type:
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

• Data export approach: Data can be exported, utilised for dashboards and then leveraged by the client (for example in powerbi) in any way that they require.
• Data export formats:
  • CSV
  • Other
• Other data export formats:
  • PDF
  • CSV
  • TSV
  • JSON
  • Parquet
• Data import formats:
  • CSV
  • Other
• Other data import formats:
  • PDF
  • CSV
  • TSV
  • JSON
  • Parquet
  • Raw text
  • CEF
  • Syslog

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • TLS (version 1.2 or above)
  • Other
• Other protection between networks: Elastic agent recieves configuration over encyrpted connection, and persists this data at rest, in transit encryption via SSL/TLS with OS approporiate encryption enabling offline persistence. Where Microsoft utilised, the service resides in subscription within clients Microsoft tenant, in this instance we do not transfer data directly to our network, however The Defender for Endpoint and Azure Monitor Agent both transmit using TLS 1.2 is protected in transit. The Defender for Endpoint agent utilises tamper protection on endpointsprotecting data and ability to disable the host. The Azure Monitor Agent used for non-MS/Endpoint devices can also be protected utilising Defender for endpoint
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • Other
• Other protection within supplier network: Our service operates under the principle of least privilege, in the elastic area, this access is granted and maintained by Cyberfort, and within the Microsoft environment granted by the client to the data within their Sentinel and Defender environments, this access is granted via Azure lighthouse and Microsoft guest access, and is fully auditable, reputable and owned by the client. ; Additionally we mandate secure build devices that are managed intune, all hosts have EDR and SIEM monitoring, and all identities are defended by conditional access and monitoring

Availability and resilience

• Guaranteed availability: Cyberfort's Service availability for the service itself (SOC) is 99.9, the service on elastic SIEM has SLA's available at, and on Microsoft Sentinel and Azure, whose SLA's are available at https://www.microsoft.com/licensing/docs/view/Service-Level-Agreements-SLA-for-Online-Services?lang=1, the service credits in this case are between Microsoft and the customer.
• Approach to resilience: Cyberfort's MXDR service is built on a combination of Elastic SIEM, utilising the AWS environment to provide resilience and availability, and (where appropriate and beneficial) Microsoft Sentinel, utilising the Microsoft Azure platform to enable Microsoft logging and correlation performance. Cyberfort monitors the availability of the platforms using the inbuilt service notifications for the Elastic SIEM, Azure portal and all relevant services. The availability and performance of all service components are monitored by the Cyberfort Engineering teams. Our architecture is designed to maximise availability and resilience, including features provided by Elastic (e.g. agent persistence in monitoring should connectivity be lost) and by Microsoft (e.g. Agents spool data in the event of destination loss, and those created by Cyberfort (including resilience and recovery built into our backup and restore pipelines)
• Outage reporting: Through the notifications and priorities agreed with the customer, including dashboards, emails, phone calls and the ability to subscribe to both Elastic (https://status.elastic.co/) and azure (https://learn.microsoft.com/en-us/azure/service-health/alerts-activity-log-service-notifications-portal) alerts directly.

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Username or password
• Access restrictions in management interfaces and support channels: For Jira and the Elastic SIEM environment, users are provided by a username with modern password policy requirements and MFA which is JML managed in exactly the same way as Cyberfort user accounts are managed. For Microsoft Sentinel the customer manages this according to their own processes as the service runs within their environment (with specific relevance to G-Cloud found at https://learn.microsoft.com/en-us/azure/compliance/offerings/offering-uk-g-cloud)
• Access restriction testing frequency: At least every 6 months
• Management access authentication:
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Username or password

Audit information for users

• Access to user activity audit information: Users contact the support team to get audit information
• How long user audit data is stored for: User-defined
• Access to supplier activity audit information: Users contact the support team to get audit information
• How long supplier audit data is stored for: At least 12 months
• How long system logs are stored for: At least 12 months

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: BSI
• ISO/IEC 27001 accreditation date: Current certification accredited: 15/04/2024-17/04/2024
• What the ISO/IEC 27001 doesn’t cover: Cyberfort was first registered to ISO27001 in August 2019. At our recertification audit in 2023, there were no nonconformities or observations. 2024 Continual assessment visit resulted in no nonconformities or observations.
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: Yes
• Who accredited the PCI DSS certification: 2 Sec Consulting
• PCI DSS accreditation date: Current certification accredited on: 09/10/2023
• What the PCI DSS doesn’t cover: Requirement 3 Requirement 4 Appendix A1 Appendix A2
• Cyber essentials: Yes
• Cyber essentials plus: Yes
• Other security certifications: Yes
• Any other security certifications:
  • NHS Data Security and Protection Toolkit
  • NCSC IT Health - CHECK Service Provider
  • CREST Cyber Incident Response, Vulnerability Assessment & Penetration Testing
  • NCSC Assured Cybersecurity Consultancy - Risk Assessment/Management, Audit & Review

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards:
  • ISO/IEC 27001
  • Other
• Other security governance standards: ISO/IEC 9001; ISO/IEC 14001; ISO/IEC 45001; Cyber Essentials Plus; PCI DSS
• Information security policies and processes: As an ISO 27001 accredited company, Cyberfort recognise the importance of Information Technology (IT) and its impacts on Information Security and have designed our ‘IT Information Security Policy’ to ensure correct and secure operations are maintained across or organisation. The policy applies to all our operations and all that we do, including 3rd parties, recruitment, IT security, and physical security amongst other subjects. ; ; To ensure that the importance of each information security area is not missed or vague, we use separate policies and procedures for each information security area and where applicable, including; business continuity, breach management, physical and environment security, HR resource security, incident management, asset management, access control, supplier relationships, and information management policies. ; ; Cyberfort’s Data Protection & Compliance Director is responsible for managing and directing our Information Security efforts within this organisation and that our policies are approved at board level. ; ; The IT Information Security Policy is reviewed annually as a matter of course, considering our organisational or technical infrastructure, legislation, and incident reviews. An Information governance and compliance team is in place with clear roles of responsibilities to manage and maintain the compliancy frameworks within the business.

Operational security

• Configuration and change management standard: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Configuration and change management approach: Cyberfort's change management policy is documented and audited as part of our ISO27001 accreditation and ensures all changes are auditable and subject to the correct level of scrutiny based on the potential risk and impact.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: Cyberfort use continual vulnerability monitoring to alert us to threats in real-time and in the face of constant changes to our services. An annual infrastructure assessment is commissioned to perform more detailed analysis. Vulnerabilities rated critical or high are patched or mitigated within 14 days, and those rated medium and low are patched or mitigated within 30 days
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: Cyberfort deploy next generation endpoint security agents which constantly assess the behaviour of the servers and endpoints for malicious or threatening activity. Threats are notified to out 24x7x365 Service Desk for remediation.
• Incident management type: Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
• Incident management approach: Cyberfort operate ISO27001 and ITIL process for Incident Management, with defined paths for escalation which are dependant on Impact and Urgency. Users can report Incidents by Email, Telephone or Self Service Portal. Incident Reports are provided via Email.

Secure development

• Approach to secure software development best practice: Supplier-defined process

Public sector networks

• Connection to public sector networks: Yes
• Connected networks:
  • Public Services Network (PSN)
  • Police National Network (PNN)
  • NHS Network (N3)
  • Joint Academic Network (JANET)
  • Scottish Wide Area Network (SWAN)
  • Health and Social Care Network (HSCN)

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Covid-19 recovery
  • Tackling economic inequality
  • Equal opportunity
  • Wellbeing

  Fighting climate change

  Cyberfort support and act on fighting climate change through our Environmental Management System (EMS) which meets the requirements of our ISO:14001 certification. We have initiated programs designed to increase the energy efficiency of our operations, reduce waste, and protect the environment in communities where we work. Our environmental goals and achievements are published in our Carbon Reduction Plan (CRP), which is aligned to the requirements of CCS PPN 06/21. ; Our social value strategy addresses MAC 4.1 & 4.2 with the following commitments: ; Effective stewardship of the environment; We are committed to become a net-zero and environmentally conscious company by conserving energy, minimising consumption, reducing, and preferring low pollution materials, maximising environmental efficiency, whilst ensuring waste is managed and controlled. ; We support our environmental targets with the following initiatives: ; • Continue to reduce our carbon emissions, including 100% renewable energy, power saving modes, light replacement programmes, hybrid/remote working and cycle to work incentives. ; • Reduce water consumption, including water filter systems off the mains instead of using water providers, consider Water Butts around site as an alternative for gardening, and detection of increased water consumption to identify any leaks in facilities. ; • Adopt strategies to promote, reuse, recycle, recover energy and disposal of waste sent to landfill, including initiatives to reduce our plastic waste and targets for recycling of waste. ; • Deliver initiatives to support our environments, ensuring that we are protecting and encouraging native plants and wildlife. We’ve already introduced a small flock of sheep to our Ash site to help make our site more environmentally friendly, and at our Newbury site we limit operations to specific times to ensure protection of nightjars which is a protected wildlife species. ; • Consider who we purchase goods and services from ensuring providers are targeting net-zero initiatives and offer sustainable product and services

  Covid-19 recovery

  Cyberfort support and act on Covid-19 recovery by encompassing initiatives that force for positive change. We have aligned the activities of our business by considering sustainability through the decisions we make as a business, including the way we operate, employ staff, engage with communities, and procure products and services, allowing us to cultivate a more sustainable, resilient, and inclusive society.; Our social value strategy addresses MAC 1.1, 1.3, 1.4 & 1.5 with the following commitments: ; Help local communities to manage and recover from the impact of COVID-19; We support Covid-19 recovery with the following initiatives: ; • Throughout the pandemic and to date we’ve maintained a recruitment drive, often offering positions to individuals affected by the impacts of Covid-19 in the industry.; • We upskill people new to Cyber via supporting Apprenticeship schemes.; • We remove any barriers for disadvantaged groups by adjusting our recruitment and selection processes and excluding bias.; • We promote health and wellbeing in the workplace, ensuring all our people have healthy lifestyles, thrive, and that they feel supported with the tools they need from us to be at their best. Including Mental Health First Aiders, confidential, and free-of-charge, support and benefits to all, including counselling and Private Medical Insurance.; • Since the pandemic we recruit fully remote or hybrid working roles, which allows us to tap into wider talent pools and therefore ensure we are accessing the best candidates without any locational barriers. ; • We are committed to working with small, diverse, high-quality business to procure goods and services, structuring our supply chain selection process in a way that ensures fairness and encourages participation by new and growing businesses.

  Tackling economic inequality

  Cyberfort support and act on tackle economic inequality, through supporting new businesses, new employment opportunities and development of new skills. ; Our social value strategy addresses MAC 2.2 & 2.3 with the following commitments: ; Create new businesses, new jobs and new skills; We are committed to ensuring that everyone is given the opportunity to develop in accordance with their ability, ambition and opportunities available, providing recruitment, training, development and progression opportunities to encourage everyone to reach their fullest potential.; We support tackling economic inequality with the following initiatives: ; • Attract, recruit, develop and retain the very best people at all levels.; • Upskill people new to Cyber via supporting Apprenticeship schemes.; • Actively support educational attainment across our workforce, including training to address skills gaps resulting in recognised qualifications.; • Support young people in the development of their passion for technology, introducing them to cybersecurity, and providing initiatives that support schools and colleges. ; Our social value strategy addresses MAC 3.1, 3.4 & 3.5 with the following commitments: ; Increase supply chain resilience and capacity; We are committed to work fairly and responsibly with our supply chain and ensure that we manage and identify cyber security risks. ; We support tackling economic inequality with the following initiatives: ; • Collaborating throughout the supply chain to adopt a fair and responsible approach to working with suppliers and partners.; • Supply chain selection process identifies opportunities to sub-contract with a diverse range of businesses, including new businesses, entrepreneurs, start-ups, SMEs, and VCSEs.; • We have measures within supply chain selection process to mitigate and manage cyber security risks within our supply chain, e.g. including NCSC cyber risk regime and Cyber Essentials/Plus certifications.

  Equal opportunity

  Cyberfort support and act on equal opportunities, fostering an inclusive culture that values people as individuals with diverse opinions, cultures, lifestyles and circumstances. All employees are covered by our Equality, Diversity & Inclusion Policy, which applies to all areas of employment including recruitment, selection, training, deployment, career development, and promotion. ; Our social value strategy addresses MAC 5.1 & 5.2 with the following commitments: ; Reduce the disability employment gap; We support the disability employment gap with the following initiatives: ; • We are signatories of the Armed Forces Covenant.; • We are a Disability Confident Employer and founding members of Neurodiversity in Business. ; • Our recruitment practices ensure we are disarming any barriers people with disabilities may face in the hiring process.; • Developing and supporting people with disabilities in gaining the skills they need to succeed.; Our social value strategy addresses MAC 6.1, 6.2 & 6.3 with the following commitments: ; Tackle workforce inequality; We support the tackling workforce inequality with the following initiatives: ; • Take reasonable and appropriate steps to encourage job applications from as diverse a range of people as possible and recruiting people with an impairment or disability.; • Decisions made relating to a person's promotion or career development must be free from discrimination.; • We provide training, development and progression opportunities to all staff supporting career aspirations. ; • Our Employee Resource Groups include Women’s Network, Inclusion Committee and Neurodivergent Community Group, providing forums for people who have a passion for, or a connection with, a particular aspect of equality, diversity and inclusion.; • Whilst not required under the Modern Slavery Act 2015 to have a policy, we have a zero–tolerance approach and have implemented a modern slavery policy.

  Wellbeing

  Cyberfort support and act on health and wellbeing through our Occupational Health and Safety (OH&S) policy in alignment with our ISO:45001 certification. We actively work on initiatives to promote health and wellbeing in the workplace, ensuring all our people have healthy lifestyles, thrive, and that they feel supported with the tools they need from us to be at their best. ; Our social value strategy addresses MAC 7.1 & 7.2 with the following commitments: ; Ensuring positive physical and mental health in the workforce, ensuring our people have healthy lifestyles.; We support our workforce with the following initiatives: ; • Mental Health First Aiders – We have 9 fully trained Mental Health First Aiders within our workforce. ; • Wellbeing Benefits – we provide confidential, and free-of-charge, support and benefits to all, including confidential counselling and support service available 24/7, 365 days a year and Private Medical Insurance with extra to cover employees for Mental Health support.; • Our Wellbeing Hub (on the Cyberfort SharePoint) provides various resources, self-help tools and guides to help individuals stay well and includes any previous recordings from workshops that have been run. ; Our future goals include: ; • Certified to ISO:45003 standard in 2024, which focuses on the “mental health” and “wellbeing” aspects of health and safety.; • Strengthening our commitments through 6 standards of the Mental Health at Work Commitment in 2024, to ensure that we continue to provide the right support as and when needed.

Pricing

• Price: £2,000 a unit a month
• Discount for educational organisations: Yes
• Free trial available: Yes
• Description of free trial: Cyberfort offer a PoC of our SOC service where Microsoft technologies are already in use and deployed

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at bidmanagement@cyberfortgroup.com. Tell them what format you need. It will help if you say what assistive technology you use.