Skip to main content

Help us improve the Digital Marketplace - send your feedback

Nettitude Limited

Cortex XSIAM

Cortex XSIAM unifies best-in-class security operations functions, including EDR, XDR, SOAR, ASM, UEBA, TIP, SIEM, and more. Cortex XSIAM also centralizes all of your security data and uses machine learning data models designed specifically for detecting and stopping known and unknown security incidents.

Features

  • Identifies and prevents exploits and malware at the endpoint/device
  • Replaces traditional antivirus with advanced AI driven multi-method prevention
  • Replaces complex EDR solutions with a fully-integrated approach
  • Pre-emptive inspection of unknown executables and files
  • Assists organisations in meeting various compliance standards
  • Patch and protect End of Support operating systems
  • Local analysis via machine learning, continual protection in offline environments
  • Behaviour-Based Ransomware Protection
  • Support for Windows, MacOS, Linux, Android, iOS and VDI workloads

Benefits

  • Prevent cyber breaches by identifying/blocking zero-day threats
  • Protects and enables users to conduct daily activities without concern
  • Automates prevention without manual intervention
  • Reduces cost and complexity by replacing legacy antivirus platforms
  • Technique-based exploit prevention works to prevent known and zero-day exploits
  • Cost effective service supporting all environments (small or large)
  • Flexible policy-based file access for different user group requirements
  • Behavioural Threat Protection detects and stops attack activity
  • Detailed malware analysis and reporting
  • Available integrations with the Next-Generation Firewall and other services

Pricing

£90.17 a user a year

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at bidteam@nettitude.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

3 0 1 8 5 3 7 8 3 2 6 8 0 0 9

Contact

Nettitude Limited Grace Harrison
Telephone: 0345 5200085
Email: bidteam@nettitude.com

Service scope

Software add-on or extension
No
Cloud deployment model
Public cloud
Service constraints
XSIAM is a SaaS product and requires the deployment of the XSIAM Endpoint agent to appropriate and compatible endpoints.
System requirements
Cortex-XDR-Compatibility-Matrix/Where-Can-I-Install-the-Cortex-XDR-Agent

User support

Email or online ticketing support
Email or online ticketing
Support response times
24x7x365 Support
Priority 1 (Critical) - < 1 Hour
Priority 2 (High) - 2 Hours
Priority 3 (Medium) - 4 Hours
Priority 4 (Low) - 8 Business Hours
Support Service Level Agreements (SLA) are identical for Monday to Friday and Weekends/Public Holidays.
User can manage status and priority of support tickets
Yes
Online ticketing support accessibility
None or don’t know
Phone support
Yes
Phone support availability
24 hours, 7 days a week
Web chat support
No
Onsite support
Onsite support
Support levels
All Cortex products from Palo Alto Networks come with a standard support offering included which entitles the customer to 24x7x365 email and telephone support.
Other 'enhanced support' options exist inclusive of premium customer success support and provision of dedicated engineers for short or long term engagements - all such options can be negotiated and applied as required
Support available to third parties
Yes

Onboarding and offboarding

Getting started
As a customer or partner of Palo Alto Networks, provision to our online training platform (Beacon - https://beacon.paloaltonetworks.com/student/catalog) is made available. Which enables customers and partners to learn at their own pace and only invest in classroom training either when they are ready or if they need to at all.
Palo Alto Networks offers on-site training (EDU-210, EDU-214, EDU-220, EDU-330, and more) and online training (EDU-110, EDU-114, EDU-120, etc.).
In addition, publicly accessible user-documentation which details everything from initial setup through to ongoing maintenance & usage and how to use the API.
Professional Services are also available in the form of "Quickstart" packages to rapidly onboard organisations.
Service documentation
Yes
Documentation formats
  • HTML
  • PDF
End-of-contract data extraction
Cloud data that Palo Alto Networks hold on an organisation/tenant can be exported and deleted by contacting Palo Alto Networks support. If no contact is made data will automatically be purged after 90 days post cessation of the contract(s).
End-of-contract process
At the end of the contract, if the organisation chooses not to renew and continue with the service all data pertaining to the organisation is deleted. If the organisation chooses to renew then the service continues as normal. 90-days prior to the contract expiration date an initial reminder email is sent, followed up by gradually increasing reminders until the date of expiration.

Using the service

Web browser interface
Yes
Supported browsers
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
Application to install
Yes
Compatible operating systems
  • Android
  • IOS
  • Linux or Unix
  • MacOS
  • Windows
Designed for use on mobile devices
Yes
Differences between the mobile and desktop service
Architectural differences between platforms create natural functional differences for applications generally, with Cortex XSIAM being no different. Handheld platforms such as iOS and Android are more limited in overall functionality than a Desktop OS so therefore a more limited service is provided and required.
Service interface
Yes
User support accessibility
None or don’t know
Description of service interface
Cortex XSIAM provides an easy-to-use interface that you can access from the hub. By default, Cortex XSIAM displays the Predefined Dashboards when you log in. If desired, you can change the default dashboard or Build a Custom Dashboard that displays when you log in.
Accessibility standards
None or don’t know
Description of accessibility
The secure web admin console is accessible via a subdomain of traps.paloaltonetworks.com (e.g. organisation.aperture.paloaltonetworks.com) or via apps.paloaltonetworks.com. IP Whitelisting can be utilised to restrict access to the management web interface.
Accessibility testing
N/A
API
Yes
What users can and can't do using the API
Get Incidents
Get Extra Incident Data
Update an Incident
Insert CEF Alerts
Insert Parsed Alerts
Isolate Endpoints
Un-isolate Endpoints
Get Endpoints
Get All Endpoints
Scan Endpoints
Cancel Scan Endpoints
Delete Endpoints
Get Policy
Get Device Violations
Get Distribution Version
Create Distributions
Get Distribution Status
Get Distribution URL
Get Audit Management Log
Get Audit Agent Report
Blacklist Files
Whitelist Files
Quarantine Files
Get Quarantine Status
Restore File
Retrieve File
API documentation
Yes
API documentation formats
  • HTML
  • PDF
API sandbox or test environment
No
Customisation available
No

Scaling

Independence of resources
Palo Alto Networks through an automated process is constantly evaluating and monitoring the load placed upon the application. Each customers instance is unique so there is no risk of shared resources being fully utilised by another organisation. As load increases the service will automatically bring online additional compute resources to accommodate the additional load.

Analytics

Service usage metrics
Yes
Metrics types
- Disk
- Memory
- Network
- Number of active instances
- Other – Asset details, compliance, policy violations
- Agent Installations
- VPN Usage
Reporting types
  • API access
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

Supplier type
Reseller (no extras)
Organisation whose services are being resold
Palo Alto Networks

Staff security

Staff security clearance
Other security clearance
Government security clearance
Up to Developed Vetting (DV)

Asset protection

Knowledge of data storage and processing locations
Yes
Data storage and processing locations
  • European Economic Area (EEA)
  • Other locations
User control over data storage and processing locations
Yes
Datacentre security standards
Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency
At least every 6 months
Penetration testing approach
In-house
Protecting data at rest
  • Physical access control, complying with CSA CCM v3.0
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Physical access control, complying with another standard
  • Encryption of all physical media
  • Scale, obfuscating techniques, or data storage sharding
  • Other
Other data at rest protection approach
Service are supplied from Google and Amazon Data centers (further information to follow)
Google Security statement
https://cloud.google.com/security/overview/
https://cloud.google.com/security/

AWS Security Statement
https://aws.amazon.com/compliance/data-center/controls/
https://d1.awsstatic.com/whitepapers/aws-security-whitepaper
https://aws.amazon.com/compliance/data-center/data-centers/

All logs are stored in the Cortex data lake, user activity is monitored and stored in the Cortex data lake for the agreed retention period.
Data sanitisation process
Yes
Data sanitisation type
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
Equipment disposal approach
Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data export approach
Data can be extracted in a number of ways including via the extract of data in reports being extracted as CSV files.
In addition, there is a more formalised and enterprise capability available which involves the forwarding of alerts and log data out of Cortex XSIAM. You can save your ingested, parsed data in an external location by exporting your event logs to a temporary storage bucket on Google Cloud Platform (GCP), from where you can download them for up to 7 days
Data export formats
  • CSV
  • Other
Other data export formats
  • Event Forwarding
  • Line-delimited JSON gzip file
Data import formats
  • CSV
  • Other
Other data import formats
  • Event Forwarding
  • Line-delimited JSON gzip file

Data-in-transit protection

Data protection between buyer and supplier networks
TLS (version 1.2 or above)
Data protection within supplier network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Other
Other protection within supplier network
Palo Alto Networks uses a proprietary encryption layer for API calls, telemetry and update services.

Availability and resilience

Guaranteed availability
Palo Alto Networks commits to using commercially reasonable efforts to make the Cortex XSIAM service available 24 hours a day, 7 days a week (excluding downtime resulting from any planned outage wherein Palo Alto Networks had provided prior notice
or any emergency outage making it impracticable for Palo Alto Networks to issue advance notice). Palo Alto Networks commits to achieving uptime availability of 99.9 percent, measured over the calendar month.
Approach to resilience
Palo Alto Networks delivers the Cortex XSIAM service utilising public cloud providers Amazon Web Services and Google Compute Platform. Within each of these providers the use of “availability zones” (AZ) to ensure geo and service redundancy and resiliency within a region (e.g. United Kingdom) and at a regional level with traffic being able to be steered to another region/availability zone/location should an incident occur.
Outage reporting
A public dashboard available at status.paloaltonetworks.com and via email alerting.

Identity and authentication

User authentication needed
Yes
User authentication
  • 2-factor authentication
  • Username or password
  • Other
Other user authentication
Users authenticate to the service at organisation.traps.paloaltonetworks.com or apps.paloaltonetworks.com using a username and password combination and multifactor authentication (if configured). API access is controlled via key/token system.
Access restrictions in management interfaces and support channels
Restrictions can be implemented by restricting IP addresses able to access the management interface(s). In addition a role-based access control (RBAC) system is in place to further restrict users to user definable configuration views and modes.
Access restriction testing frequency
At least every 6 months
Management access authentication
  • 2-factor authentication
  • Username or password
  • Other
Description of management access authentication
Restrictions can be implemented by restricting IP addresses able to access the management interface(s). In addition a role-based access control (RBAC) system is in place to further restrict users to user definable configuration views and modes.

Audit information for users

Access to user activity audit information
Users have access to real-time audit information
How long user audit data is stored for
User-defined
Access to supplier activity audit information
Users contact the support team to get audit information
How long supplier audit data is stored for
User-defined
How long system logs are stored for
User-defined

Standards and certifications

ISO/IEC 27001 certification
Yes
Who accredited the ISO/IEC 27001
PECB MS
ISO/IEC 27001 accreditation date
06/07/2020
What the ISO/IEC 27001 doesn’t cover
N/A
ISO 28000:2007 certification
No
CSA STAR certification
Yes
CSA STAR accreditation date
31/03/2023
CSA STAR certification level
Level 1: CSA STAR Self-Assessment
What the CSA STAR doesn’t cover
N/A
PCI certification
No
Cyber essentials
Yes
Cyber essentials plus
Yes
Other security certifications
No

Security governance

Named board-level person responsible for service security
Yes
Security governance certified
Yes
Security governance standards
  • CSA CCM version 3.0
  • ISO/IEC 27001
Information security policies and processes
Palo Alto Networks has a formal Enterprise Risk Management program, which includes the performance of an annual risk assessment, with periodic updates, as applicable, to identify and assess key risks and their mitigation approaches. The scope of the program encompasses information security risks and product risks. Our security program consists of a risk-based approach that includes administrative, technical and physical safeguards reasonably designed to protect the confidentiality, integrity and availability of customer data. Palo Alto Network's information security program is aligned to ISO 27001/2, and includes key controls from HIPAA, PCI and SOC2.

Operational security

Configuration and change management standard
Supplier-defined controls
Configuration and change management approach
Both Palo Alto Networks and the end-user organisation are in full control of their relevant and respective change control processes.
Additional details are available upon request.
Vulnerability management type
Supplier-defined controls
Vulnerability management approach
Applications and software that collect, transmit or display, or process End User Data, Palo Alto Networks conducts an application security assessment review to identify common security vulnerabilities as identified by industry recognized organizations annually or for all major releases, whichever occurs first. The scope of the security assessment will primarily focus on application security, including, but not limited to, a penetration test of the application, as well as a code review.

Palo Alto Networks utilizes a qualified third party to conduct the application security assessments. Palo Alto Networks may conduct the security assessment review directly, following industry standard best practices.
Protective monitoring type
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Protective monitoring approach
Applications and software that collect, transmit or display, or process End User Data, Palo Alto Networks conducts an application security assessment review to identify common security vulnerabilities as identified by industry recognized organizations annually or for all major releases, whichever occurs first. The scope of the security assessment will primarily focus on application security, including, but not limited to, a penetration test of the application, as well as a code review.

Palo Alto Networks utilizes a qualified third party to conduct the application security assessments. Palo Alto Networks may conduct the security assessment review directly, following industry standard best practices.
Incident management type
Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
Incident management approach
This information is available upon request.

Secure development

Approach to secure software development best practice
Supplier-defined process

Public sector networks

Connection to public sector networks
No

Social Value

Social Value

Social Value

  • Fighting climate change
  • Covid-19 recovery
  • Tackling economic inequality
  • Equal opportunity
  • Wellbeing

Fighting climate change

Net-zero is no longer a compromise. Our commitment is to be a net-zero business by 2030, against all scope 1, 2, and 3 emissions as quickly as possible. As a service provider, we will also help our clients to fight climate change. Whether reporting energy and water usage, measuring waste reduction, or managing product lifecycle, our commitment is to support our customers to work towards any and every environmental goal. Our goal is to help clients to bring credibility to their assertions, helping them to demonstrate compliance with international standards, regulations and commitments. We will combine deep environmental expertise and rigorous methodology to verify all data and information an organisation tracks or publishes. We will certify our customers systems and processes against global standards, giving them the confidence that best practices are being implemented that maximise every opportunity to improve performance. This includes but is not limited to: • Supporting our customers with their ISO 14064 greenhouse gas (GHG) validation • Supporting our customers to verify their systems and processes against global standards • Supporting our customers to transition to sustainable, low carbon power generation. • Supporting our customers to transition from waste to energy, wind, tidal, nuclear to renewable capacity, hydrogen production, storage and distribution • Supporting our customers verify their water usage, • Supporting our customers verify their waste reduction • Supporting our customers verify their or product lifecycle • Supporting our customers to look beyond compliance, examining the resulting data and suggesting actions that put them in control of the areas that matter most to their business.

Covid-19 recovery

LRQA Nettitude actively contributes to the global recovery from the COVID-19 pandemic by endorsing and supporting vaccination initiatives. As an organisation grounded in science and evidence, we acknowledge the crucial role of vaccination and regular testing in safeguarding individuals and reinstating societal normalcy. While we respect individual choices regarding vaccination, it is anticipated that various authorities, clients, and travel providers may necessitate COVID-19 vaccination for entry or proof of a formal exception. Our commitment extends to supporting colleagues who choose to get vaccinated. LRQA Nettitude pledges to assist those receiving government-approved or World Health Organization-recognised COVID-19 vaccinations. In instances where an approved vaccine is not accessible through public or private healthcare providers, we will reimburse colleagues for the cost of an approved vaccination. Additionally, reasonable paid time off will be provided to facilitate vaccination for colleagues and their families. Respecting privacy, LRQA Nettitude will only inquire about a colleague's vaccine status when there is a legitimate business need, such as travel or working in high-risk environments. Colleagues' vaccine information will be stored securely for a defined period, in compliance with local data privacy legislation, and disclosed only with explicit consent. Recognising the ongoing importance of safety measures post-vaccination, LRQA Nettitude acknowledges that vaccination programs do not eliminate COVID-19 risk entirely. We commit to adhering to good practices and local legal requirements, acknowledging that certain safety measures will likely persist beyond the vaccination program. This comprehensive approach underscores LRQA Nettitude's dedication to supporting recovery and ensuring the well-being of our colleagues and the broader community.

Tackling economic inequality

We believe that every person deserves the right to work with dignity. Through our corporate social responsibility compliance, we help our clients discover and understand risks within their workplace and supply chain in order to enhance economic equality. Transparency is the fundamental building block to understanding risk. Without transparency, it is difficult for an audit to report on risk exposure associated with wage underpayment, excessive working hours, child labour, unauthorized subcontractors, compliance to social insurance, harassment, and prison labour, to name a few. Supplier transparency is part of our DNA. We will continually develop innovative solutions that uncover and manage risk from a social perspective. EiQ is our supply chain data analytics platform, to create predictive models to assess the likelihood of unauthorized subcontracting, human trafficking, and labour unrest, to name a few. We are innovators and thought partners. This includes but is not limited to creating better working conditions and tackling inequality for the following areas: • Wage underpayment • Excessive working hours • Child labour • Unauthorized subcontractors • Compliance to social insurance • Harassment • Prison labour

Equal opportunity

We believe that our responsibility as an employer, supplier, and customer is to treat people with respect, empathy, and kindness – to ensure people have the support they need to thrive and be at their best. Our promise is to support our people and every stakeholder that we work and interact with. We provide progressive advice and solutions for the following areas: • Fair and equal pay across gender, race, age, and disability • Fair and safe working hours • The restructuring of labour to protect children In addition to this, LRQA is committed to support young people from disadvantaged backgrounds to achieve their greatest potential. In 2022 we will launch “The Brightest Future”. The Brightest Future is LRQA’s philanthropic foundation that supports young people from disadvantaged backgrounds to build the brightest future for themselves, their community, and the planet With a focus on young people from disadvantaged backgrounds, we will support thousands of young people to receive high-quality education over the next seven years. Delivered by our employees in partnership with leading grassroot educational charities, our vision is to inspire young people to find their mighty purpose, curiosity, and courage to be part of building a better future for themselves, their community, and the planet.

Wellbeing

At LRQA Nettitude many of us are used to working from home, it is a new experience for lots of us and it may take some time to adjust. We always help to protect and look after our employee’s wellbeing and mental health; they can also reach out to one of our Mental Health First Aiders. Our Mental Health First Aiders (MHFAs) are the go-to people for anyone who wants to talk to someone. Additionally, all members of the Nettitude Leadership and Management Team have an Open Door Policy and are available if employees need someone to talk to, not necessarily their own manager. Nettitude Wellbeing – Objectives • To provide a safe place for all Nettitude employees to raise Mental Health challenges they may be experiencing. • To increase awareness of Mental Health within the Nettitude Group • To signpost all employees on what support is available to them. • To increase the ratio of MH First Aiders within the business. • To develop a well-being strategy. • Build a series of information/training to support employees with their wellbeing and those in their team.

Pricing

Price
£90.17 a user a year
Discount for educational organisations
No
Free trial available
No

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at bidteam@nettitude.com. Tell them what format you need. It will help if you say what assistive technology you use.