Netcraft

Browser Extensions for Cybercrime Protection

Netcraft has extensive experience in validating large data streams to identify malicious URLs including phishing, malware, shopping site skimming attacks, and non-consensual cryptocurrency mining. Netcraft can provide a browser extension for Government employees to use for Chrome, Firefox, Opera and Edge to protect against these threats.

Features

• Protects employees against phishing
• Protects employees against web-based malware
• Extensions for Chrome, Opera, Edge and Firefox
• Enhance built in browser protection

Benefits

• Works in the browser with limited installation requirements
• Design of extension can be customised if required
• License covers whole organisation
• Threat types can be customised

£90,000 an instance a year

• Free trial available

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at rad@netcraft.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

293296328619776

Contact

Robert Duncan
01225 447500
rad@netcraft.com

Service scope

• Software add-on or extension: No
• Cloud deployment model: Public cloud
• Service constraints: All modern web browsers supported.
• System requirements: Web Browser

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Support is provided by email and phone
• User can manage status and priority of support tickets: No
• Phone support: Yes
• Phone support availability: 24 hours, 7 days a week
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: Support is provided by electronic mail and telephone.
• Support available to third parties: No

Onboarding and offboarding

• Getting started: We provide online documentation, and also can provide a video call demonstration of the extensions
• Service documentation: Yes
• Documentation formats: PDF
• End-of-contract data extraction: N/A
• End-of-contract process: N/A

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
• Application to install: Yes
• Compatible operating systems:
  • Linux or Unix
  • MacOS
  • Windows
• Designed for use on mobile devices: No
• Service interface: No
• User support accessibility: None or don’t know
• API: No
• Customisation available: Yes
• Description of customisation: Buyers can decide what threat types they would like included in their feed.

Scaling

• Independence of resources: We scale our applications to account for load placed by all customers.

Analytics

• Service usage metrics: No

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: None

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations:
  • United Kingdom
  • European Economic Area (EEA)
• User control over data storage and processing locations: No
• Datacentre security standards: Supplier-defined controls
• Penetration testing frequency: Less than once a year
• Penetration testing approach: In-house
• Protecting data at rest: Other
• Other data at rest protection approach: We physically secure access to our data centre and backup media.
• Data sanitisation process: Yes
• Data sanitisation type: Explicit overwriting of storage before reallocation
• Equipment disposal approach: In-house destruction process

Data importing and exporting

• Data export approach: N/A
• Data export formats: Other
• Other data export formats: N/A
• Data import formats: Other
• Other data import formats: Not Applicable

Data-in-transit protection

• Data protection between buyer and supplier networks: TLS (version 1.2 or above)
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

• Guaranteed availability: If the Service is unavailable continuously for 3 (three) days or unavailable for an aggregate of 120 (one hundred and twenty) hours within the Subscription Period the customer may terminate the Service and receive a pro-rata refund for the unused period.
• Approach to resilience: Available on request
• Outage reporting: Email alerts

Identity and authentication

• User authentication needed: No
• Access restrictions in management interfaces and support channels: User Account Authentication, Multi Factor Authentication, IP ACLs
• Access restriction testing frequency: At least once a year
• Management access authentication: Username or password

Audit information for users

• Access to user activity audit information: You control when users can access audit information
• How long user audit data is stored for: At least 12 months
• Access to supplier activity audit information: You control when users can access audit information
• How long supplier audit data is stored for: At least 12 months
• How long system logs are stored for: At least 12 months

Standards and certifications

• ISO/IEC 27001 certification: No
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: No
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: No
• Security governance approach: Risk based approach.
• Information security policies and processes: Defined in our internal Policies and Procedures document

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: We have an internal change management process
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: Netcraft is a PCI approved scanning provider, and tests its own infrastructure. Patches are applied as appropriate.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: Netcraft has a Security Incident Detection and Remediation programme.
• Incident management type: Supplier-defined controls
• Incident management approach: We have an internal policy for handing incidents.

Secure development

• Approach to secure software development best practice: Supplier-defined process

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  Tackling economic inequality

  Tackling economic inequality

  Tackling economic inequality; ; Netcraft recognises the problem of economic inequality, and where it is possible and reasonable seeks to address it through 1) the creation of new jobs and skills and 2) by increasing its supply chain resilience and capacity:; ; Netcraft is proud of the employment opportunities it creates and the training it provide its employees to address the skills-gaps in the cybersecurity sector.; ; As an equal opportunities employer, the employment opportunities Netcraft creates are open to those who historically have faced barriers to employment, or come from deprived areas.; ; Netcraft supports innovation throughout their supply chain such that they can deliver higher quality goods and services.; ; Netcraft conducts all its business in an honest and ethical manner, and are committed to acting professionally, fairly and with integrity in all their business dealings and relationships.; ; Netcraft takes action to identify and manage any cyber risks that arise in the delivery of the services it provides.

Pricing

• Price: £90,000 an instance a year
• Discount for educational organisations: No
• Free trial available: Yes
• Description of free trial: We can offer a 14 day trial of the service.

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at rad@netcraft.com. Tell them what format you need. It will help if you say what assistive technology you use.