LOCKDOWN CYBER SECURITY LIMITED

Dark and Deep Web Intelligence

Provides Deep & Dark Web intelligence on all digital assets including breached credentials, IP, Fraud, crime, machinations of crime, Cyber threat intelligence, infrastructure. Has the ability to interrogate messaging applications. Primarily used by investigation, Cyber Security and counter fraud teams

Features

• Attack Surface Discovery
• Intelligence Monitoring
• Threat Context
• AI Assistant
• adaptive model Solution
• Security Standard Compliance

Benefits

• Extensive Deep/ Dark Web Data (largest within private sector)
• Threat Intelligence Analyst Support
• Dedicated Account Manager
• Automatic alerts for breached data
• Automated reporting on chatter for key words
• Bespoke workshops and tailored to customer need

£120 a unit a year

• Education pricing available
• Free trial available

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at william@lockdowncybersecurity.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

315699787760947

Contact

William Taaffe
07850983666
william@lockdowncybersecurity.co.uk

Service scope

• Software add-on or extension: No
• Cloud deployment model: Private cloud
• Service constraints: Planned maintenance updates may incur downtime, though these updates are set for early morning and do not cause disruption for any considerable length of time and are detailed within the solutions SLA's
• System requirements:
  • HTML enabled browser
  • MFA delivered through Google or MS authenticator
  • Connectivity

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Within 24 hours
• User can manage status and priority of support tickets: No
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: Web chat
• Web chat support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support accessibility standard: None or don’t know
• How the web chat support is accessible: Accessed through the website and platform, the webchat allows the user to send and receive messages
• Web chat accessibility testing: None
• Onsite support: Yes, at extra cost
• Support levels: There is a standard support level in place to assist organisations and users
• Support available to third parties: No

Onboarding and offboarding

• Getting started: SaaS based onboarding which commonly takes place within an hour. A threat intelligence analyst is deployed to assist with the client onboarding and account setup. The solution is agentless and accessed through a web browser. ; ; User documentation can be provided to help further assist with any onboarding queries.
• Service documentation: Yes
• Documentation formats:
  • HTML
  • PDF
• End-of-contract data extraction: Users can contact the Cyb3r Operations Data Protection Officer to extract their data, or can request a data extraction through the use of the SaaS platform.
• End-of-contract process: The contract cannot be terminated until the end of the contractual term, unless SLA's within the contracted agreement have been breached.; ; At the end of the contract, access to the platform will be rescinded and customer assets can be exported within a CSV format

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
• Application to install: No
• Designed for use on mobile devices: No
• Service interface: No
• User support accessibility: None or don’t know
• API: Yes
• What users can and can't do using the API: To complete
• API documentation: Yes
• API documentation formats: PDF
• API sandbox or test environment: Yes
• Customisation available: Yes
• Description of customisation: Six intelligence modules, volume based asset, dashboard views.; ; Administration positions are allowed to customise

Scaling

• Independence of resources: Cloud load balancing services

Analytics

• Service usage metrics: Yes
• Metrics types: Digital Asset count
• Reporting types:
  • API access
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

• Supplier type: Reseller providing extra support
• Organisation whose services are being resold: Cyb3r Operations Ltd

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: Up to Developed Vetting (DV)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: Yes
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least every 6 months
• Penetration testing approach: ‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
• Protecting data at rest: Encryption of all physical media
• Data sanitisation process: No
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

• Data export approach: Users can download their data to a CSV format
• Data export formats: CSV
• Data import formats: CSV

Data-in-transit protection

• Data protection between buyer and supplier networks: TLS (version 1.2 or above)
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

• Guaranteed availability: There is a guaranteed availability of 98% for the platform, within the contracted SLA's.; ; To date, there have been no instances of contractual terminations resulting from availability issues. ; ; Refunds would be arranged on a Pro-Rata basis, should their be a breached of contracted obligations and SLA's
• Approach to resilience: Available on request
• Outage reporting: A public dashboard; An API Link; Email Alerts; Dedicated account manager communications

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Username or password
• Access restrictions in management interfaces and support channels: There are role based permissions within the platform. Dependent on the account type, users will have varying levels of access and permissions and these can be changed through user administration access or via the Cyb3r Operations team
• Access restriction testing frequency: At least every 6 months
• Management access authentication:
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Username or password

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: User-defined
• Access to supplier activity audit information: No audit information available
• How long system logs are stored for: At least 12 months

Standards and certifications

• ISO/IEC 27001 certification: No
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: Yes
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: ISO/IEC 27001
• Information security policies and processes: NIST and 27001 is followed as part of the policy and procedures Security program

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: Our change management policy provides a required framework for executing this process to minimise the risk of business interruption, inaccurate reporting and lost data and/or assets resulting from undesired or defective changes made. ; ; The policy also requires that changes are communicated effectively to Stakeholders, are accepted and followed by Stakeholders and are documented in a manner to provide adequate audit trail for compliance with external regulations.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: Our information security personnel depend on various sources regarding security vulnerability announcements such as CVE’s, NCSC, NCA and vendor specific related security bulletins and alerts, in addition to Cyber Threat Intelligence solutions.; ; When information about a new vulnerability is discovered, it is analysed, and a recommendation is made based on the following factors:; • Risk exposure; • The Impact; • Cost to deploy; • Availability of patches and\or workarounds
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: Cyb3r Operations are committed to providing a safe and secure customer experience. Security around potential CVE vulnerabilities are taken seriously and infrastructure is monitored around Web Application Firewalls, Intrusion Detection Systems (“IDS”), Intrusion Prevention Systems (“IPS”), as well as Endpoint-level protection, multifactor authentication, utilising strong passwords, Email Security, Security groups, permissions, and access control lists.; ; When a compromise is found, a response to customers and internal staff are made within 24 hours to patch and remediate,
• Incident management type: Supplier-defined controls
• Incident management approach: Information Security Incidents can be reported by both internal and external sources.; ; After the CISO has been notified, a report containing the following areas is produced following an event:; ; • Analysing the root cause of the Information Security Incident to identify what happened, how it happened, and why it happened.; • Confirming that remedial measures were taken.; • “lessons learned” from all parties.

Secure development

• Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  Equal opportunity

  Equal opportunity

  Cyb3r Operations are committed to fostering a diverse, equitable, and inclusive environment. ; ; We believe that our strength lies in the diversity of our people, and we are dedicated to ensuring equal opportunity and respect in every aspect of our operations. ; ; Due to the neuro-diverse nature of the Information Security sector we seek to create an inclisive environment, tailored to the needs of our employees. This extends to home working assessments and regular one on one sessions to discuss accessibility and work flows.; ; We actively embrace a variety of perspectives and strive to maintain an inclusive culture where differences are valued and celebrated. Our commitment extends to our hiring practices, workplace policies, and the communities we serve, ensuring that we uphold the highest standards of fairness and inclusion.

Pricing

• Price: £120 a unit a year
• Discount for educational organisations: Yes
• Free trial available: Yes
• Description of free trial: Full access is provided on a time contingent basis of two working weeks

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at william@lockdowncybersecurity.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.