Managed Detection and Response Service
Our CDC is a cloud hosted Security Orchestration And Response (SOAR) platform that combines intelligent automation and human intelligence to deliver more efficient SOC operations - significantly reducing the time to identify and respond to incidents whilst enabling you to utilise your own staff for higher-impact tasks.
Features
- 24/7 real-time monitoring of security alerts, triage & escalation
- Intelligent automation for Level 1 SOC operations
- Managed Detection & Response incl. protective monitoring
- Use-case & playbook factory based on MITRE ATT&CK
- Threat Intelligence & Threat Hunting (dark web, fraud prevention etc)
- Hybrid engagement for security incident management & response
- SIEM Platform Management (MS Sentinel, QRadar, Splunk)
- Endpoint Detection & Response - alert monitoring, triage & escalation
- Vulnerability Management - attack surface mapping & scanning
- Vulnerability Management - continuous breach simulation & remediation
Benefits
- Significantly reduce incident detection & response times
- Single pane of glass for all Security Operations
- Automation ensures human analysts utilised for higher impact tasks
- Security Orchestration and Response (SOAR) as a service
- Delivery of cloud-native security monitoring (using MS Sentinel)
- Strong security eco-system to ensure ongoing value & enrichment
- Underpinned by established security framework (MITRE ATT&CK)
- Leverage existing SIEM investments (i.e QRadar, Splunk, etc)
- Our analyst teams can become an extension of your resources
- Complete visibility - you see what's going on continuously
Pricing
£12,500 to £50,000 an instance a month
Service documents
Request an accessible format
Framework
G-Cloud 13
Service ID
3 5 4 9 9 3 7 3 2 9 2 1 6 3 6
Contact
UST Global Pvt Ltd
Patrick Marren
Telephone: 07544102103
Email: ukpublicsectorsales@ust.com
Service scope
- Service constraints
- N/A.
- System requirements
-
- Agents or collection software on virtual machines or log aggregators
- A SIEM tool is required - either new or existing
User support
- Email or online ticketing support
- Email or online ticketing
- Support response times
- Customers are able to raise requests to service through email, phone or a web portal (using Chat or Ticket) 24x7x365 days a year with defined service SLAs to respond to those requests based on incident/issue severity.
- User can manage status and priority of support tickets
- Yes
- Online ticketing support accessibility
- None or don’t know
- Phone support
- Yes
- Phone support availability
- 24 hours, 7 days a week
- Web chat support
- Web chat
- Web chat support availability
- 24 hours, 7 days a week
- Web chat support accessibility standard
- None or don’t know
- How the web chat support is accessible
- Customers are able to raise requests to service through email, phone or a web portal (using Chat or Ticket) 24x7x365 days a year with defined service SLAs to respond to those requests based on incident/issue severity
- Web chat accessibility testing
- WCAG 2.0 standard testing done.
- Onsite support
- Yes, at extra cost
- Support levels
- The service governance model is defined during engagement, Dedicated Customer Success Manager, Measurable service maturity using Customer Satisfaction (CSAT) and Net Promoter Score (NPS) scoring system. Named Individuals from CyberProof to engage with you. Clearly defined communication interfaces at various levels to guarantee proper escalation procedures. Bi-weekly program status meetings. Regular reporting of program and service status. Clearly defined RACI matrix.
- Support available to third parties
- Yes
Onboarding and offboarding
- Getting started
- The CDC service includes a comprehensive on-boarding phase to setup and customise the platform to the specific requirements of each individual customer's security operations requirements which includes virtual instructor-led training provided prior to go-live with ongoing access to documentation for help and FAQs
- Service documentation
- Yes
- Documentation formats
- End-of-contract data extraction
- We can provide a JSON extract of all data on contract end
- End-of-contract process
- We will assist with service transition or export of data as required at end of the contract - either into the customer's new service provider platform or into a customer owned system.
Using the service
- Web browser interface
- Yes
- Using the web interface
- Users can collaborate on the web portal called CyberProof Defense Centre (CDC) using ChatOps, email or phone. No limitations to the number of users and role based access control is defined to specify user access. The CDC provides an interactive single pane of glass for all Security/SOC Operations meaning customers have continuous and complete visibility and (where required) involvement in incident detection, response and remediation processes.
- Web interface accessibility standard
- None or don’t know
- How the web interface is accessible
- The web interface is accessible on various browsers (with accessibility features) to allow assistive technology to interact with the end user machine. The web interface itself does not provide any assistive technology.
- Web interface accessibility testing
- Standard Guided User Interface (GUI) testing on Microsoft Internet Explorer, Google Chrome and Mozilla FireFox web browsers
- API
- Yes
- What users can and can't do using the API
- Users consume service through the web portal called CyberProof Defense Centre (CDC) where incidents, reports and dashboards are available. API is available to Microsoft Power BI for custom dashboards.
- API automation tools
- Other
- Other API automation tools
- N/A
- API documentation
- No
- Command line interface
- No
Scaling
- Scaling available
- Yes
- Scaling type
- Manual
- Independence of resources
- Our service is a single tenant solution meaning it is dedicated to the customer it serves. The only shared element of our service is our human security analysts who act as an extension of our customers own security team to support incident response and investigation.
- Usage notifications
- Yes
- Usage reporting
-
- Other
Analytics
- Infrastructure or application metrics
- No
Resellers
- Supplier type
- Reseller providing extra features and support
- Organisation whose services are being resold
- Microsoft and IBM
Staff security
- Staff security clearance
- Other security clearance
- Government security clearance
- Up to Baseline Personnel Security Standard (BPSS)
Asset protection
- Knowledge of data storage and processing locations
- Yes
- Data storage and processing locations
-
- United Kingdom
- European Economic Area (EEA)
- Other locations
- User control over data storage and processing locations
- Yes
- Datacentre security standards
- Managed by a third party
- Penetration testing frequency
- At least once a year
- Penetration testing approach
- In-house
- Protecting data at rest
-
- Physical access control, complying with SSAE-16 / ISAE 3402
- Encryption of all physical media
- Data sanitisation process
- Yes
- Data sanitisation type
- Explicit overwriting of storage before reallocation
- Equipment disposal approach
- Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001
Backup and recovery
- Backup and recovery
- Yes
- What’s backed up
-
- Digital playbooks
- Incident workflows
- Security Alerts
- Security Incident logs and processes
- Backup controls
- We continuously back up the entire platform using cloud-native back-up services and high availability practices (i.e. meshed networks, redundancy etc)
- Datacentre setup
- Multiple datacentres with disaster recovery
- Scheduling backups
- Supplier controls the whole backup schedule
- Backup recovery
- Users contact the support team
Data-in-transit protection
- Data protection between buyer and supplier networks
-
- TLS (version 1.2 or above)
- IPsec or TLS VPN gateway
- Data protection within supplier network
-
- TLS (version 1.2 or above)
- IPsec or TLS VPN gateway
Availability and resilience
- Guaranteed availability
- Microsoft Azure Cloud SLAs apply for the platform provided as a service. Security service SLAs are defined based on criticality of the incident and relevant service credits are issued.
- Approach to resilience
- Microsoft Azure Cloud best practice is used for resiliency setup.
- Outage reporting
- E-mail alerts
Identity and authentication
- User authentication
- Identity federation with existing provider (for example Google apps)
- Access restrictions in management interfaces and support channels
- Role Based Access Control allows the customer to define groups and access requirements to which users can be added.
- Access restriction testing frequency
- At least once a year
- Management access authentication
-
- 2-factor authentication
- Identity federation with existing provider (for example Google Apps)
- Devices users manage the service through
-
- Dedicated device over multiple services or networks
- Any device but through a bastion host (a bastion host is a server that provides access to a private network from an external network such as the internet)
- Directly from any device which may also be used for normal business (for example web browsing or viewing external email)
Audit information for users
- Access to user activity audit information
- Users contact the support team to get audit information
- How long user audit data is stored for
- User-defined
- Access to supplier activity audit information
- Users contact the support team to get audit information
- How long supplier audit data is stored for
- User-defined
- How long system logs are stored for
- User-defined
Standards and certifications
- ISO/IEC 27001 certification
- Yes
- Who accredited the ISO/IEC 27001
- Intertek Certification Limited
- ISO/IEC 27001 accreditation date
- 15th February 2018
- What the ISO/IEC 27001 doesn’t cover
- All cyber security services are covered - There are no exclusions.
- ISO 28000:2007 certification
- No
- CSA STAR certification
- No
- PCI certification
- No
- Cyber essentials
- Yes
- Cyber essentials plus
- Yes
- Other security certifications
- Yes
- Any other security certifications
-
- ISO22301
- GDPR (EU 2106/679)
- ISO9001
- ISAE 3402/SSAE 16 Type2 (SOC1) assurance
Security governance
- Named board-level person responsible for service security
- Yes
- Security governance certified
- Yes
- Security governance standards
- ISO/IEC 27001
- Information security policies and processes
- ISO/IEC27001
Operational security
- Configuration and change management standard
- Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
- Configuration and change management approach
- Regular vulnerability assessment of the platform
- Vulnerability management type
- Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
- Vulnerability management approach
- Risk based approach to vulnerability management using vulnerability scanning tools, using intelligence from our threat intelligence supplier and remediation cycles developed by our IT Team.
- Protective monitoring type
- Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
- Protective monitoring approach
- Potential compromises are categorised using security analytics based on risk and severity and assigned to be either Critical, High, Medium or Low importance and then relevant internal SLAs are applied against them for investigation and response aligned to remediation time-frames within the SLA.
- Incident management type
- Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
- Incident management approach
- Our Incident Response process is aligned to NIST SP 800-61 Computer Security Incident Handling Guide, and steps are defined in the preparation, detection, identification, analysis, containment, eradication, recovery and post analysis stages of the life-cycle against the MITRE ATTACK framework.
Secure development
- Approach to secure software development best practice
- Conforms to a recognised standard, but self-assessed
Separation between users
- Virtualisation technology used to keep applications and users sharing the same infrastructure apart
- No
Energy efficiency
- Energy-efficient datacentres
- Yes
- Description of energy efficient datacentres
- All our delivery centres try to meet it across the world adopting a carbon-neutral stance for day to day operations
Social Value
- Tackling economic inequality
-
Tackling economic inequality
UST typically aim to fill at least 10-15% of roles with people from a disadvantaged background, providing employment and training opportunities to disadvantaged people from economically underprivileged areas who may face barriers to digital jobs, such as not having a university degree. UST work with partners who provide employment opportunities, along with training, and personal development for their staff. We will hire disadvantaged staff who would typically be unable to find opportunities in the technology industry, provide them with all necessary training and experience, and then bring them onto projects where they will bring value and success both to the project and their own careers. Where possible, UST will hire from areas that have over 20% of the community on out-of-work benefits. Our head of Social Value will assist in assessing suitable areas and provide feedback to recruitment teams. UST will be visible in these deprived areas through local community workshops and advertise the roles to these communities. Additionally, UST will work with Job Centre Plus to help find suitable candidates who would benefit from training and work opportunities. - Equal opportunity
-
Equal opportunity
UST implement processes to eliminate bias in our hiring and promotion practices, working to support people who fall under the nine ‘protected characteristics’ detailed in the Equality Act 2010. Our recruitment process is designed to eliminate bias. We use software that removes all personally identifying information from CVs, such as gender, race, and age, before they are reviewed to ensure these characteristics don’t factor into hiring. We have a multi-phase interview process, with a team of five people selected randomly for each interview to provide a wide range of perspectives on each candidate. Salaries adhere to a defined pay structure and are based entirely on role and skills. Our recruitment team is trained in strategies to ensure the recruitment process does not demotivate or bias against any group. This includes the Unconscious Bias course provided by LinkedIn, which details the impact of bias, how it arises, and how to combat it. We provide training to staff at all levels, and renew this training on an ongoing basis, to create an inclusive environment where staff are empowered to identify and tackle bias.
Pricing
- Price
- £12,500 to £50,000 an instance a month
- Discount for educational organisations
- No
- Free trial available
- No