Brookcourt Solutions

Team Cymru Cyber Threat Intelligence

Team Cymru Pure Signal Recon is a Threat Intelligence query tool for cybersecurity analyst’s. It provides unique access into internet traffic telemetry from the world’s largest Threat Intelligence data ocean. Adopting an attackers view, Analysts can then identify, map and block external cyber threats regardless of their origin.

Features

• Monitor cyber Threats beyond the perimeter
• Track through dozens of proxies and VPNs to threat origin
• Search and filter across the broadest collection of global telemetry
• Correlate IP addresses and malware extracted from 10+years of data
• Batch and schedule queries
• No Hardware. No software. Instant on
• API integration
• Export to CSV, XML, XLSX or JSON

Benefits

• Trace, map and monitor cyber threat infrastructures across the globe
• Use others' attack data to defend yourself
• Reduce SOC noise, prioritize alerts, fine tune alerting rules
• Map Your Attack Surface from an external p.o.v
• Monitor third-party vendors for compromises, probing and outdated operating systems
• Accelerate investigation, attribution and compromise assessment.
• See vulnerability probing against your organisation
• Catch threats other tools miss
• Reduce down-time
• Ensure comprehensive remediation and prevent recurrence

£173,000 a licence a year

• Free trial available

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at contact@brookcourtsolutions.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 13

Service ID

283427110142312

Contact

Phil Higgins
01737 886111
contact@brookcourtsolutions.com

Service scope

• Software add-on or extension: No
• Cloud deployment model:
  • Public cloud
  • Private cloud
• Service constraints: None. Wholly operated in the cloud allows customer to just buy and turn on.
• System requirements:
  • Internet Access (Cloud Based Service)
  • Latest Versions of Browsers - Edge, Safari, Chrome, FireFox

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: 0900-1700 ET; 1400-2200 UTC
• User can manage status and priority of support tickets: No
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: No
• Onsite support: No
• Support levels: Support Hours:; 0900-1700 ET; 1400-2200 UTC; support@cymru.com; ; (Note - this is a cloud based service, requiring no onsite support capability)
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: Prior to use, Team Cymru provide online training and familiarisation sessions. User support is provided during onboarding. There are open access training videos and support documentation available. Knowledge Sharing sessions and specific training session can also be organised.
• Service documentation: Yes
• Documentation formats:
  • HTML
  • PDF
• End-of-contract data extraction: On request Team Cyrmu's will manually extract the user's information at the end of a contract.
• End-of-contract process: User off-boarding is uncomplicated as the leaving user’s account will be expired, after which it can no longer be accessed and used. Expiring an account must be requested by the customer by email after which the account is closed by a member of Team Cymru's support team. Once an account has been closed, a new account can be allocated to another user for the remaining time of the subscription.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
• Application to install: No
• Designed for use on mobile devices: No
• Service interface: Yes
• User support accessibility: None or don’t know
• Description of service interface: The service is purely accessed through the users/analysts browser of choice. The Recon Dashboard allows access to the full features of the service and is a cloud based toolset. Other additional components can be added as and when required.
• Accessibility standards: None or don’t know
• Description of accessibility: The service is purely accessed through the users/analysts browser of choice. The Recon Dashboard allows access to the full features of the service and is a cloud based toolset. Other additional components can be added as and when required.; Role access defines which toolsets are available.
• Accessibility testing: N/A
• API: Yes
• What users can and can't do using the API: What users can and can't do using the API; ; The API provides programmatic access to threat intelligence content and evidence based risk scores. The API has a straightforward RESTful design with operations for enrichment, monitoring, and correlation. Supported data types include IP addresses, domains, ASN mapping MD5 and/or SHA-1 Files hashes, It also allows API access to batch and schedule searches, with email notification. Typical use cases are network defence, cyber threat intelligence, digital forensics, and cyber analytics.
• API documentation: Yes
• API documentation formats:
  • HTML
  • PDF
• API sandbox or test environment: Yes
• Customisation available: No

Scaling

• Independence of resources: We constantly monitor system utilisation and over-provision hardware and infrastructure to handle customer data and activity in excess of 5 x normal usage.

Analytics

• Service usage metrics: No

Resellers

• Supplier type: Reseller (no extras)
• Organisation whose services are being resold: Team Cymru

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: Up to Security Clearance (SC)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: Other locations
• User control over data storage and processing locations: No
• Datacentre security standards: Supplier-defined controls
• Penetration testing frequency: At least every 6 months
• Penetration testing approach: In-house
• Protecting data at rest:
  • Physical access control, complying with another standard
  • Other
• Other data at rest protection approach: Further details available on request.
• Data sanitisation process: No
• Equipment disposal approach: In-house destruction process

Data importing and exporting

• Data export approach: Using the RESTful API. User data cn be manually exported via a direct request to Team Cymru.
• Data export formats: CSV
• Data import formats: Other
• Other data import formats: Manual

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

• Guaranteed availability: 99.5% uptime.
• Approach to resilience: Available on Request.
• Outage reporting: Service outages are very rare and are reported via e-mails and API reporting.

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Username or password
• Access restrictions in management interfaces and support channels: Role-based security enforced by application layers.
• Access restriction testing frequency: At least every 6 months
• Management access authentication:
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Dedicated link (for example VPN)
  • Username or password

Audit information for users

• Access to user activity audit information: Users contact the support team to get audit information
• How long user audit data is stored for: At least 12 months
• Access to supplier activity audit information: Users contact the support team to get audit information
• How long supplier audit data is stored for: Between 6 months and 12 months
• How long system logs are stored for: At least 12 months

Standards and certifications

• ISO/IEC 27001 certification: No
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: No
• Cyber essentials plus: No
• Other security certifications: Yes
• Any other security certifications: Team Cymru supports the Information Sharing Traffic Light Protocol

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: Other
• Other security governance standards: Responsibility for Security Governance rests at the Executive level. There are regular intra business governance assessment and reviews. Risk Management is developed in line with US governmental directives. Risks are assessed, documented, regularly reviewed and addressed continuously.
• Information security policies and processes: Team Cymru's information security policies include: ; Data classification, access policies (according to role/scope), ; Storage policy (encryption etc); Password policies (2FA etc) ; Escalation procedures.; Acceptable Encryption and Key Management Policy.; Acceptable Use Policy; Clean Desk Policy; Data Breach Response Policy; Disaster Recovery Plan Policy; Personnel Security Policy; Data Backup Policy; User Identification, Authentication, and Authorization Policy

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: All system configuration is versioned with history. Configuration Management include: Tracking of Change, Early Testing Processes, Performance Testing Processes, an Intergrade early and often" routine and an avoidance of "fixing problem with code" approach. Configuration conytrol is a senior level responsibility within Team Cymru and security assessment is completed by internal security experts. Change Management: involves requesting, approving, validating, and logging changes to systems and once again, is the responsibility of a senior member of Team Cymru's management team.
• Vulnerability management type: Undisclosed
• Vulnerability management approach: Vulnerability scanning is performed continually and make use of utilities and techniques developed both in line with best practice and making use of a vast repository of experience within the industry, both commercial and Governmental/Military. Patches are deployed as soon as available mapped to criticality.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: Identification of potential compromises is through consistent and ongoing monitoring to a depth that few organisations can match or understand. Have the ability to respond 24/7 to security incidents with escalation paths to executives.
• Incident management type: Supplier-defined controls
• Incident management approach: Common events and incidents are handles in line with internal IR policies. With irregular events and incident moved to a case-by-case approach/policy. Users (whether clients or open forum) are able to report incidents through published channels, via email, telephone or other agreed methods. Customer incident reports are sent by email to directly and indirectly affected nominated users.

Secure development

• Approach to secure software development best practice: Supplier-defined process

Public sector networks

• Connection to public sector networks: No

Social Value

• Fighting climate change:

  Fighting climate change

  https://shearwatergroup.com/environmental-policy/
• Covid-19 recovery:

  Covid-19 recovery

  On Request
• Tackling economic inequality:

  Tackling economic inequality

  On Request
• Equal opportunity:

  Equal opportunity

  On Request
• Wellbeing:

  Wellbeing

  On Request

Pricing

• Price: £173,000 a licence a year
• Discount for educational organisations: No
• Free trial available: Yes
• Description of free trial: A free trial is available on request and us typically time bound for a period of 2 - 4 weeks. During this period, the user will have full access tot he Base version of the product (unless otherwise agreed).

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at contact@brookcourtsolutions.com. Tell them what format you need. It will help if you say what assistive technology you use.