RED Scientific Ltd

RED Open Source Intelligence

A sophisticated tool for gathering Open Source Intelligence from the internet including deep and dark webs. Developed for regulatory purposes but with many other applications. A force multiplier that automatically gathers the intelligence and enables you to focus on assessing, categorising and acting on it.

Features

• Automatic searching of the web, deep web and dark web.
• Scheduled, background searching so results are always current.
• Sophisticated Machine Learning enabled target ranking.
• User friendly graphical user interface via dashboarding.
• Whitelisting to avoid repeated assessment of non-relevant targets.
• Customisable for further domain specific forensic analysis.
• Tuneable depth of search to deliver manageable results volumes.
• Tuneable levels of attribution.
• Target annotation, meta data and evidence packs.
• Multi-user, collaborative working environment and Management analytics

Benefits

• Eliminates repetitive searching activity.
• White-listing to avoid repeated assessment of the same targets.
• Staff time can be focussed on the higher assessment activities.
• Removes boring repetitive work aspects that blunt effectiveness
• Deep and Dark web searching is safe, controlled and offsite.
• Time saved with automated meta data, e.g. domain and hosting.
• Automated ranking focuses work on the most impactful candidate targets
• Links detailed notes with site of interest, sharable with colleagues.
• Fusion of disparate intelligence sources into a single user interface.
• Allows for metrication of the problem space.

£500 to £500 a licence a month

• Free trial available

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at Operations@red-scientific.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

305587838299752

Contact

Julie Callow
0142080011
Operations@red-scientific.co.uk

Service scope

• Software add-on or extension: No
• Cloud deployment model: Public cloud
• Service constraints: None.
• System requirements: Entirely browser based.

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Service desk open 09:00 to 17:00 Monday to Friday except Bank Holidays. Response times to be agreed with customer.
• User can manage status and priority of support tickets: No
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: No
• Onsite support: No
• Support levels: RED Scientific Ltd are an SME established for over 30 years and pride themselves on excellent customer service that exceeds customer expectations. We build open, collaborative relationships with our customers focussed on delivering mutual benefits.; ; The application is very easy to use but full training can be given. Support includes user and technical support. Our approach is very flexible and we are happy to discuss bespoke support packages with potential users.; ; We provide commercial and technical account management with a dedicated point of contact.; ; All hosting matters are handled by us and this will be transparent to end users.
• Support available to third parties: No

Onboarding and offboarding

• Getting started: RED offer a configurable onboarding service that would be tailored to the customer's needs. The software is very easy to use and the training burden is very low. Onboarding services may include:; - Pre-purchase demonstrations with customer search terms.; - Online training including a full review of the software's features and assistance configuring it for your purposes. (onsite training available at additional cost).; - Ongoing support as you learn to use the tool.; - Ongoing support understanding why you are getting the results you are.; ; Ultimately RED want a long term relationship with their customers and we recognise that the best way to achieve this is to ensure you fully understand how to get the best out of the software we supply.
• Service documentation: Yes
• Documentation formats: Other
• Other documentation formats: Built in to the software.
• End-of-contract data extraction: Customer's data in the system is limited to: ; - Search terms;; - Whitelist entries;; - Annotations;; - The current set of results.; ; The last item in the list above is very much current data and its relevance is very short term.; ; All of the above can be provided as an xml extract at the end of contract.; ; If customers require an extract in a specific format on a regular basis we would be glad to discuss adding this feature.
• End-of-contract process: For customers that have used the service for at least a year the data extract process is free of charge, for others a fee may be charged.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
• Application to install: No
• Designed for use on mobile devices: No
• Service interface: No
• User support accessibility: WCAG 2.1 AA or EN 301 549
• API: No
• Customisation available: Yes
• Description of customisation: The service can be customisable in the following ways:; - Terms to search for.; - Frequency of search.; - Depth of search.; - Various ranking factors.

Scaling

• Independence of resources: The application is not a particularly resource intensive one. Our hosting environment is scaled appropriately for the number of users. Automatic alerts are in place to warn when resource usage is high. Where appropriate we will increase the resources given to the system.; If a customer requires their system to be hosted in its own environment we are happy to offer this service though there will be an additional cost.

Analytics

• Service usage metrics: Yes
• Metrics types: The system provides the following user metrics:; - Current number of hits against each search term.; -Number of targets for various categories (e.g. UK hosted).; The system also provides the following management metrics:; - Targets of interest identified against time.
• Reporting types: Real-time dashboards

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Conforms to BS7858:2019
• Government security clearance: Up to Developed Vetting (DV)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: Yes
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: Never
• Protecting data at rest: Physical access control, complying with another standard
• Data sanitisation process: Yes
• Data sanitisation type: Deleted data can’t be directly accessed
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

• Data export approach: During use of the system an evidence pack related to a single lead can be extracted from the system. This will included the web address, screen shots of the page, any user notes related to the page and any meta data the system has been configured to collect including links to licences where appropriate.; ; At end of contract a full extract to xml will be performed but this is a RED administrator function.
• Data export formats: Other
• Other data export formats:
  • Individual case reports - PDF
  • End of contract export - XML
• Data import formats: Other
• Other data import formats: There is no requirement for the system to upload data.

Data-in-transit protection

• Data protection between buyer and supplier networks: TLS (version 1.2 or above)
• Data protection within supplier network: TLS (version 1.2 or above)

Availability and resilience

• Guaranteed availability: We guarantee the system will be available 99.9% of the time 08:00 to 18:00 Monday to Friday except Bank Holidays. However in practical terms it should be usually be available out of these hours.; ; If the system availability does not meet the above standard we will credit the unavailable time either by refund or a credit against a future invoice.
• Approach to resilience: Network Resilience ; Our provider operates a geographically resilient, low-latency WAN between all data centres and support locations, with diverse transit locations and a large bandwidth over-provision and DDoS mitigation controls to ensure availability.; Data Centre Redundancy ; All data centres maintain at least N+1 redundancy in electrical systems, geographically redundant network provision and N+25% cooling capacity. Appropriate fire detection and suppression systems are fitted to all data centres. Mechanical and electrical systems are subject to regular fail-over testing and maintenance by qualified professionals.; Operational Resilience ; The available tools and data are mirrored on a separate data centre, ready to be activated in case of catastrophic outage, and a third local backup installation can be switched to an operational service in extremis.
• Outage reporting: Administrators are emailed when the service is unavailable.

Identity and authentication

• User authentication needed: Yes
• User authentication: Username or password
• Access restrictions in management interfaces and support channels: Access is role based, linked to user id.
• Access restriction testing frequency: At least every 6 months
• Management access authentication: Other
• Description of management access authentication: There is no management interface.

Audit information for users

• Access to user activity audit information: No audit information available
• Access to supplier activity audit information: No audit information available
• How long system logs are stored for: Between 6 months and 12 months

Standards and certifications

• ISO/IEC 27001 certification: No
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: Yes
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: No
• Security governance certified: Yes
• Security governance standards: Other
• Other security governance standards: CE+ & List X
• Information security policies and processes: As a List-X and MOD ICT Security Accredited (DART) company who hold data up to and including secret we have a robust approach to information security. Our Managing Director Yvonne Whiteley is our Senior Information Risk Owner (SIRO) & Information Asset Owner (IAO). Our Company Security Controller is Julie Callow who reports directly to the Managing Director.; ; Our information security policies are guided by the requirements of DART & CE+.; ; ISO27001 compliance and accreditation are on our company road map.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: Configuration and change management are covered by our ISO9001:2015 accredited Quality Management System (QMS).; ; All components are stored in an industry standard source control system (such as Git). This means that the current build state of the system can be easily accessed at any time and that any future modifications can be based on the current build state. It also means that a full history of the changes to the system can be accessed should changes need to be rolled back.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: Vulnerability assessment is part of the design process. Using our web developers' professional experience as well as reference sources such as OWASP we will determine the potential threats to the systems and ensure the appropriate safeguards are in place. We will also perform testing to ensure that the safeguards are effective.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: Our data centre makes use of industry standard intrusion protection tools and techniques.; ; Our response to any identified incident would be immediate and consist of the following actions:; 1) Prevent the intrusion continuing if it still is. ; 2) Put in place short term measure to prevent reoccurrence.; 3) Fully understand the nature of the intrusion and how it happened.; 4) Implement a robust solution to prevent the intrusion reoccurring.; 5) Ensure intrusions of this nature are added to future test regimes.; ; As part of the above the customer would be kept regularly informed about the progress of the response.
• Incident management type: Supplier-defined controls
• Incident management approach: RED Scientific's ISO9001:2015 accredited Quality Management System has a process for incident management.; Incidents are reported by phone or email and are entered on to our case management system. The recipient of the incident report assigns the case to the appropriate member of staff to deal with it (who may subsequently assign it on once it has been assessed).; The service manager monitors the case management system to ensure all cases are promptly resolved and is also the contact for escalation.; If reporting on incidents is required by the customer this is requested of the service manager.

Secure development

• Approach to secure software development best practice: Supplier-defined process

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  Fighting climate change

  Fighting climate change

  tbd tbd tbd tbd tbd tbd tbd tbd tbd tbd tbd tbd

Pricing

• Price: £500 to £500 a licence a month
• Discount for educational organisations: No
• Free trial available: Yes
• Description of free trial: A free trial of the full service may be taken for one week. During this trial a limit may be placed on the number of search terms.

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at Operations@red-scientific.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.