Factory Internet Ltd

Managed SOC Service

Factory provide a Cloud Based SOC and SIEM Service. Our service has fully management and analyst support along with support for onboarding data. We provide full EDR/XDR functionality with Log Collection from Cloud, SaaS, Network and hundreds of different technologies.

Features

• Cloud Hosted Elasticsearch Security Platform.
• Analysts reviewing logs on your behalf.
• 1000s of existing detection rules.
• Custom rules written to your requirements.
• 100s of data integrations.
• UK Hosted and UK Managed Solution.
• EDR/XDR functionality included.
• SC Cleared only service available.
• Airgapped/Complex environment options available.

Benefits

• Ability to provide detection and response/SOC on critical assets.
• Hosted externally meaning security data is external of your environment.
• Hugely reduces the risk of Ransomware attacks.
• Dedicated analysts available on request.
• Architecture and Security Advisory included within the service.
• Dedicated Named Contacts.
• Service evolves with your evolving security posture.
• Gives confidence and assurance to operate securely.

£4 a device a month

• Education pricing available
• Free trial available

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at sales@factoryinternet.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

373667066576175

Contact

Joanna Saxby
01424 540175
sales@factoryinternet.co.uk

Service scope

• Software add-on or extension: No
• Cloud deployment model:
  • Public cloud
  • Private cloud
  • Hybrid cloud
• Service constraints: By default, we take care of all hosting requirements, so the service is autonomous from that perspective. We also integrate systems, but support from the customer is required (i.e. to gain access to Azure Logs/AWS Logs/Firewall logs will need some configuration from the customer team).
• System requirements:
  • We provide all licensing and hosting.
  • We require you to install our agents.
  • We may require the deployment of collector VMs.
  • Collector VMs consume logs and send them to us.

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Within 15 minutes for a P1/S1. Within 30 minutes for any other ticket.; ; Out of hours tickets may take an hour to respond but our 95% percentile is still within 30 minutes.
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: WCAG 2.1 AAA
• Phone support: Yes
• Phone support availability: 24 hours, 7 days a week
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: Our support levels are provided on a 24x7 basis for SOC services. This is none negotiable as attacks and incidents can often occur in none working hours.; ; We can provide more analyst time and also dedicated analysts for an additional cost.; ; All of our services have a Primary and Secondary Technical contact as well as a service manager, account manager and senior escalation contact.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: We typically provide an implementation project as part of getting started. For smaller deployments, this is free of charge, for larger more complex deployments there maybe some charges.; ; Our projects typically involves;; ; > Onboarding data feeds; > Giving the customer portal access; > A training period for our analysts/your team to understand the telemetry; > Amendments; > Go Live; ; Once live, we continually refine/make changes and enhancements as threats/technology moves forward. We also work closely with your IT teams to quickly onboard new technology to ensure visibility is maintained into all pieces of technology.
• Service documentation: Yes
• Documentation formats:
  • ODF
  • PDF
• End-of-contract data extraction: Our data is stored within a JSON format. The scale can be huge depending on retention and customer usage (sometimes 100s of TBs).; ; We can export this to CSV or JSON and provide this to the customer. We can also build and provide a small appliance, or host a small appliance that will just allow searching of that data by the customer.
• End-of-contract process: At the end of the contract, if no further services are being taken, we advise depending on the complexity of the environment to let us know at a minimum 6 months prior to the end of service. This helps us provide a good offboarding experience and work with your new provider. This will help ensure good detection rule coverage, good EDR/XDR coverage as services are transitioned.; ; We can provide quick cut-overs and can support monthly billing arrangements where required to help get a migration completed.; ; In scenarios at end of contract, our public obligation/ethical manner is to continue securing a client in a respectable and appropriate manner and supporting correctly until services have been offboarded.; ; As such, open communication is our preferred approach which allows for the best possible transition.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
• Application to install: Yes
• Compatible operating systems:
  • Linux or Unix
  • MacOS
  • Windows
• Designed for use on mobile devices: No
• Service interface: No
• User support accessibility: WCAG 2.1 AAA
• API: No
• Customisation available: Yes
• Description of customisation: While our portal is managed by us, the users have access to it and can customise reports, can customise requests to us and can customise/ask for detection rules.

Scaling

• Independence of resources: We provide isolation a data level and maintain a good amount of buffer within our infrastructure to ensure peaks of other clients don't affect the wider service. We have lots of monitoring in place along with breakers to ensure other users/clients won't bring down a particular clients service.; ; We have huge amounts of connectivity, inward resource and processing capacity to keep our services functional at all times.

Analytics

• Service usage metrics: Yes
• Metrics types: We provide metrics such as the number of agents reporting in, data sources reporting in. We also provide data around detection rule usage/detections and other metrics that maybe of use.; ; We tend to find the requirements are bespoke to each customer to we tend to customise reports heavily with this service.
• Reporting types:
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Conforms to BS7858:2019
• Government security clearance: Up to Security Clearance (SC)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations:
  • United Kingdom
  • European Economic Area (EEA)
• User control over data storage and processing locations: No
• Datacentre security standards: Managed by a third party
• Penetration testing frequency: At least once a year
• Penetration testing approach: Another external penetration testing organisation
• Protecting data at rest:
  • Physical access control, complying with CSA CCM v3.0
  • Encryption of all physical media
  • Scale, obfuscating techniques, or data storage sharding
• Data sanitisation process: Yes
• Data sanitisation type:
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
• Equipment disposal approach: In-house destruction process

Data importing and exporting

• Data export approach: Users can export small amounts of data (upto ~1GB of CSV) via portal requests. For large/bulk data extracts, a ticket can be created and data can be exported.; ; We support CSV and JSON natively.
• Data export formats:
  • CSV
  • Other
• Other data export formats: JSON
• Data import formats:
  • CSV
  • Other
• Other data import formats:
  • JSON
  • SYSLOG

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • Private network or public sector network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
• Data protection within supplier network: IPsec or TLS VPN gateway

Availability and resilience

• Guaranteed availability: 99.9% availability of services. We provide a refund/credit on service where we have missed availability of service.
• Approach to resilience: Further Information is available on request. We operate resilient infrastructure across multiple locations and have a BCP/DR plan in place which is tested and exercised.
• Outage reporting: Email Alerts and depending on the severity phone calls/ticket creation.

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
• Access restrictions in management interfaces and support channels: We use PAWs (Priv Access Workstations) along with multiple layers of MFA along with Hardware Tokens.; ; We have a lot of custom detection rules within these zones of our networks and services to ensure anything anomalous is alerted on rapidly.
• Access restriction testing frequency: At least every 6 months
• Management access authentication:
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Dedicated link (for example VPN)
  • Username or password
  • Other
• Description of management access authentication: Dedicated workstations and dedicated management planes.

Audit information for users

• Access to user activity audit information: Users receive audit information on a regular basis
• How long user audit data is stored for: At least 12 months
• Access to supplier activity audit information: You control when users can access audit information
• How long supplier audit data is stored for: At least 12 months
• How long system logs are stored for: User-defined

Standards and certifications

• ISO/IEC 27001 certification: No
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: Yes
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: No
• Security governance approach: We're currently working towards ISO27001 and IASME Level 2 certification to provide governance around our standards.; ; We have built processes and procedures up around this internally and are now moving towards formal auditing of these controls.
• Information security policies and processes: Further information can be requested. Our policies are signed off at board level and have disciplinary proceedings directly linked to breach of policy.; ; We provide training to ensure policies are followed and have correction/reporting of failure of training and then work to improve that going forward.

Operational security

• Configuration and change management standard: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Configuration and change management approach: When changes are made to our services, we create internal tickets and approvals prior to changes being made.; ; If changes are deemed to have a potential security risk, our team can pull a "stop" check (anyone can do this). This then triggers additional checks and verification along with a security test to ensure the risk is correctly remediately.
• Vulnerability management type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Vulnerability management approach: Further information can be requested for more detail. We assess potential threats using a mixture of threat intelligence. Patches are deployed when critical/high according to a tier - if an asset is internet facing vs internally facing vs offline, we have different times along with a different IR protocol. Further details can be requested.; ; Information for threats comes from a variety of open source intelligence sources and we monitor the internet/vendors/news outlets/intelligence partners for information relating to vulnerabilities.
• Protective monitoring type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Protective monitoring approach: We identify potential compromises using XDR and SIEM technology along with custom detection rules. We also simulate attacks to ensure we cover blind spots and improve quickly.; ; If we find a potential compromise, we invoke our IR process which can be extremely detailed depending on the nature of the compromise.; ; In terms of time to respond, one an incident is raised, we would start the triage of that immediately (minutes) and work through an escalation process.
• Incident management type: Undisclosed
• Incident management approach: We have a defined Cyber Incident Response Process which is a high level overall response process. We then have a series of playbooks for common incident types.; ; Users are educated on reporting incidents and are actively encouraged to report anything suspicious.; ; Incident reports follow a set format for an initial report - most incidents will just use this template, if an incident was very complicated, it would use a custom report format.

Secure development

• Approach to secure software development best practice: Conforms to a recognised standard, but self-assessed

Public sector networks

• Connection to public sector networks: Yes
• Connected networks: Other
• Other public sector networks: Airgap by request

Social Value

• Social Value:

  Social Value

  • Tackling economic inequality
  • Equal opportunity
  • Wellbeing

  Tackling economic inequality

  As a member of Charity IT leaders we facilitate Cyber security workshops for the member community, educating and helping identify risks and plug gaps they may well not be aware of, this community is broad with organisations that may not have economic advantage to access such information and guidance without cost.

  Equal opportunity

  We facilitate work placements and provide support to organisations such as Little Gate Farm who support adults with autism and learning difficulties. We also provide work experience placements to support local schools and colleges, both educating, assisting in new skill development and inspiring local students into technology. We also provide volunteering opportunities to our team, that support local charities and communities, a substantial effort has gone into addressing the Digital divide by educating and supporting 'Aging well' networks, via Rother voluntary association. These activities both support well being of work force and give opportunity to develop skills relevant to delivery of Factory Internet services.

  Wellbeing

  We recognise that the wellbeing of our team and a positive and healthy company culture is paramount to the delivery of the high level of service to our valued clients. We therefore advocate and provide our team with flexible working arrangements to suit, team days out, celebration of successes and provision of premium healthcare packages to support both physical and mental health. With educational resources and training provided by default, we also provide time out opportunities to volunteer with local charities and NFP organisations, providing variety, new abilities and personal development.

Pricing

• Price: £4 a device a month
• Discount for educational organisations: Yes
• Free trial available: Yes
• Description of free trial: Included - Our EDR/XDR service for Windows/Linux/MacOS; ; Not Included - custom integrations. (i.e. not Syslog/Azure/AWS Collection) - though this can be done by request.; ; Time Period - Typically 2-4 weeks.

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at sales@factoryinternet.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.