Creative Networks

Endpoint Detection and Response (EDR)

Endpoint Detection and Response (EDR) services protect individual devices within a network by continuously monitoring for suspicious activities such as malware and unauthorised access attempts. With real-time detection and response capabilities, EDR helps prevent data breaches and maintains the integrity of IT systems.

Features

• Live monitoring for suspicious activity.
• Behavioural analytics to detect endpoint anomalies.
• Swift incident detection and response.
• Detection and prevention of malware.
• Assessing endpoint vulnerability and patching.
• Integration with current security infrastructure.
• Forensic tools for post-incident analysis.
• Monitoring user activity and detecting anomalies.
• Automated responses to mitigate threats.
• Customisable alerts and reporting for informed decisions.

Benefits

• Heightened security, less susceptible to cyber threats.
• Rapid incident response, minimises damage and disruption.
• Enhances network resilience, effectively safeguards sensitive data.
• Simplifies security management, reduces workload and complexity.
• Offers insights for proactive threat prevention and mitigation.
• Ensures regulatory compliance with robust endpoint protection.
• Decreases downtime, boosts user productivity.
• Fosters trust, credibility through strengthened security measures.
• Mitigates business risk, financial losses from security breaches.
• Optimises security investments with efficient resource allocation.

£6.00 a user

• Education pricing available
• Free trial available

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at aj@creative-n.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

387952681139198

Contact

Azeem Javed
03303337337
aj@creative-n.com

Service scope

• Software add-on or extension: Yes, but can also be used as a standalone service
• What software services is the service an extension to: Endpoint Detection and Response (EDR) services extend to various software platforms, including SIEM, SOC, threat intelligence, cloud security, IAM, endpoint management, and network security. Integrating with these platforms enhances overall cybersecurity by providing comprehensive endpoint protection and improving threat detection and response capabilities.
• Cloud deployment model:
  • Public cloud
  • Private cloud
  • Community cloud
  • Hybrid cloud
• Service constraints: Buyers should consider compatibility, resource usage, bandwidth consumption, maintenance schedules, subscription models, and support availability when selecting an Endpoint Detection and Response (EDR) service. Compatibility with existing infrastructure is vital, as are resource and bandwidth requirements. Awareness of planned maintenance windows helps minimise disruptions, and understanding subscription models clarifies ongoing costs. Adequate training and support are essential for effective deployment and management. By addressing these factors, buyers can ensure a smooth integration of the EDR service into their organisation while maximising its effectiveness in enhancing cybersecurity.
• System requirements:
  • Supported OS: Windows, macOS, Linux, iOS, Android compatibility.
  • Hardware: Adequate processor, RAM, disk space for optimal performance.
  • Network: Reliable, high-bandwidth, low-latency connectivity.
  • Security Integration: Compatible with antivirus, firewalls, SIEM, threat feeds.
  • Licensing: Necessary licenses and software dependencies.
  • Virtualization: Supports various platforms, VM configurations.

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Support response times - 08:30 - 18:00 Weekdays, excluding Bank Holidays. Out of hours support available where necessary. 30 minutes to 8 hour response dependent on priority call, P1 - 30 mins, P2 - 1 hour, P3 - 4 hours, and P4 - 8 hours.
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: WCAG 2.1 A
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: Web chat
• Web chat support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support accessibility standard: WCAG 2.1 A
• Web chat accessibility testing: We have not conducted any testing of web chat accessibility with users employing assistive technology.
• Onsite support: Onsite support
• Support levels: End-user training can be provided at an ad hoc cost. We provide a UK based Service Desk for support. Out of hours support is available. Our helpdesk is made up of 1st, 2nd and 3rd Line technical expertise. A Technical Account Manager will be assigned as standard as a part of our standard and premium IT Support, see our pricing schedule and SFIA Rate Card for details.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: We assist users in adopting the service through a variety of resources tailored to their needs. Our user documentation offers step-by-step guides, FAQs, and troubleshooting tips for independent learning. Additionally, we provide interactive online training sessions and webinars led by experienced instructors to guide users through setup and configuration processes effectively. For those preferring personalised assistance, optional onsite training sessions can be arranged to address specific organisational requirements. Our dedicated technical support team is readily available to assist users with any inquiries or challenges they may encounter, offering prompt resolution via email, phone, or online chat. With these resources and support channels in place, we aim to ensure a smooth onboarding experience and empower users to harness the full capabilities of the service for their communication needs.
• Service documentation: Yes
• Documentation formats: PDF
• End-of-contract data extraction: Exported upon request. Contact the Support Helpdesk or Technical Account Manager.
• End-of-contract process: At the end of the contract services will continue on a rolling 30 day agreement until either party serves notice. If it is decided the client will exit, Creative Networks will assist in transitioning and migration of services ensuring continuity and a smooth handover. We will, where applicable deliver an Exit Plan which sets out the proposed methodology for achieving an orderly transition of Services on the expiry or termination of the contract. The Exit Plan will contain at minimum: Separate mechanisms for dealing with Ordinary Exit and Emergency Exit. The management structure to be employed during both transfer and cessation of the services and a detailed description of both the transfer and cessation processes, including a timetable. Document how the Services will transfer including details of the processes, documentation, data transfer, systems migration, security and the segregation of technology components. Specify the scope of the Termination Services that may be required and any charges that would be payable for the provision of such Termination Services and detail how such services would be provided. Provide a timetable and identify critical issues and set out the management structure to be put in place and employed during the Termination Assistance Period.

Using the service

• Web browser interface: No
• Application to install: Yes
• Compatible operating systems:
  • Android
  • IOS
  • Linux or Unix
  • MacOS
  • Windows
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: Mobile and desktop Endpoint Detection and Response services differ in operating systems, device capabilities, and security features. Desktop solutions cater to Windows, macOS, or Linux platforms, offering advanced detection and larger interfaces. Mobile EDR services target iOS and Android, providing touch-optimised interfaces and features like anti-theft and secure browsing. User interfaces vary between mobile's smaller screens and touch input and desktop's larger displays and traditional input methods. Mobile solutions integrate with mobile ecosystems for enhanced security, while desktop solutions may offer more comprehensive management options. Both aim to protect endpoints but adapt to the specific needs of each device type.
• Service interface: Yes
• User support accessibility: WCAG 2.1 A
• Description of service interface: The service interface for Endpoint Detection and Response solutions typically includes a web-based console or desktop application. This interface provides administrators with centralised access to security alerts, policy management, investigation tools, and response actions. Users can view real-time data, configure settings, and conduct threat assessments across all managed endpoints. Additionally, mobile apps may offer on-the-go monitoring and response capabilities. The interface is designed for ease of use, providing intuitive navigation and visualisations to help users identify and mitigate security threats effectively. Overall, it serves as a central hub for managing endpoint security and maintaining the integrity of the IT environment.
• Accessibility standards: WCAG 2.1 AA or EN 301 549
• Accessibility testing: We have not conducted any testing of web chat accessibility with users employing assistive technology.
• API: Yes
• What users can and can't do using the API: Users can set up and configure an EDR service via API, provisioning endpoints, defining policies, and configuring rules. They can make changes to policies, rules, and response actions dynamically. APIs facilitate tasks such as endpoint deployment, security event retrieval, and incident response automation. However, there may be limitations such as rate limits, authentication requirements, and versioning constraints. Users can't exceed rate limits, access restricted operations without proper authentication, or use deprecated API versions for certain features. Overall, EDR service APIs empower users to automate security operations and integrate with other systems for enhanced threat detection and response capabilities.
• API documentation: Yes
• API documentation formats: PDF
• API sandbox or test environment: Yes
• Customisation available: Yes
• Description of customisation: Users can customise an EDR service by configuring security policies, detection rules, response actions, integrations, and reporting settings. This involves defining rules for threat detection, creating automated response workflows, and integrating with other security tools and systems. Administrative interfaces provided by the service allow authorised users, such as IT administrators or security analysts, to make these customisations. By tailoring the service to their organisation's risk profile and operational needs, users can enhance their ability to detect, respond to, and mitigate security threats effectively across their IT infrastructure.

Scaling

• Independence of resources: ESET guarantees user experience amidst demand fluctuations by employing scalable infrastructure, load balancing, and efficient resource allocation. Continuous monitoring enables proactive optimisation to prevent performance degradation. Redundancy measures ensure high availability and resilience against failures, maintaining service quality during peak demand or outages.

Analytics

• Service usage metrics: Yes
• Metrics types: ESET provides service metrics including threat detection, incident response, compliance, performance, and user activity. These metrics offer insights into security effectiveness, compliance status, and service performance. Users can monitor malware detections, incident response times, compliance with regulations, system uptime, and user engagement. Accessible through the ESET management console, these metrics help users evaluate security posture, identify threats, and optimise service usage.
• Reporting types: Reports on request

Resellers

• Supplier type: Reseller providing extra features and support
• Organisation whose services are being resold: Eset

Staff security

• Staff security clearance: Conforms to BS7858:2019
• Government security clearance: Up to Baseline Personnel Security Standard (BPSS)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: Yes
• Datacentre security standards: Managed by a third party
• Penetration testing frequency: Less than once a year
• Penetration testing approach: Another external penetration testing organisation
• Protecting data at rest: Physical access control, complying with another standard
• Data sanitisation process: Yes
• Data sanitisation type:
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
• Equipment disposal approach: A third-party destruction service

Data importing and exporting

• Data export approach: Users export data from an EDR service through its interface, APIs, scheduled reports, or third-party tools. They select specific data sets like security event logs or incident reports and export them in formats like CSV or JSON. APIs enable automated data retrieval and integration with other systems. Scheduled reports automate regular data exports based on user-defined parameters. Additionally, users can utilise third-party tools for advanced data manipulation and visualization. The method chosen depends on data requirements, workflows, and integration needs, ensuring users can effectively extract, analyse, and utilise data to enhance security operations.
• Data export formats:
  • CSV
  • ODF
• Data import formats:
  • CSV
  • ODF

Data-in-transit protection

• Data protection between buyer and supplier networks: TLS (version 1.2 or above)
• Data protection within supplier network: TLS (version 1.2 or above)

Availability and resilience

• Guaranteed availability: ESET typically guarantees a high level of availability for its services, aiming for minimal downtime and uninterrupted access to security features. Specific availability guarantees are often outlined in service level agreements (SLAs) that users agree to upon subscription or purchase.
• Approach to resilience: ESET's service resilience is foundational to its design, ensuring uninterrupted operations despite disruptions or failures. Redundancy is a cornerstone, with duplicated systems, components, and infrastructure mitigating the impact of potential failures. Failover mechanisms automatically reroute traffic to redundant resources, maintaining service continuity. Data replication safeguards critical data, while load balancing optimises resource utilisation and prevents overload. Comprehensive disaster recovery plans enable swift restoration of operations in catastrophic scenarios, backed by regular testing for readiness. Security measures, including encryption and intrusion detection, fortify the service against cyber threats, enhancing overall resilience. By integrating these resilience principles, ESET provides users with a dependable, highly available service capable of withstanding challenges and maintaining performance even in adverse conditions.
• Outage reporting: Email alerts

Identity and authentication

• User authentication needed: Yes
• User authentication: Username or password
• Access restrictions in management interfaces and support channels: Supplier defined controls. Access to management interfaces is restricted to designated users and controlled with user name and password protection.
• Access restriction testing frequency: Less than once a year
• Management access authentication: Username or password

Audit information for users

• Access to user activity audit information: Users contact the support team to get audit information
• How long user audit data is stored for: Less than 1 month
• Access to supplier activity audit information: Users contact the support team to get audit information
• How long supplier audit data is stored for: Less than 1 month
• How long system logs are stored for: Less than 1 month

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: UKAS
• ISO/IEC 27001 accreditation date: 24/10/2022
• What the ISO/IEC 27001 doesn’t cover: Areas not covered by ISO/IEC 27001 certification include specific business processes unrelated to information security, certain third-party services or suppliers, or compliance with other industry-specific regulations.
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: Yes
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: ISO/IEC 27001
• Information security policies and processes: Organisations adhering to ISO 27001 establish robust information security practices. They develop policies aligned with ISO 27001 requirements, covering areas like access control, data protection, and incident response. Through risk assessments, they identify and prioritise security risks, implementing controls to mitigate them. Employees receive training on security policies and procedures to enhance awareness and compliance. Monitoring and review processes ensure the effectiveness of security controls, with regular audits and assessments conducted. A designated individual or team oversees the implementation and maintenance of the Information Security Management System (ISMS), reporting to senior management or the board. To ensure policy adherence, organisations employ various mechanisms such as audits, reviews, and ongoing monitoring. Non-compliance issues prompt corrective actions and improvements to the ISMS. By following these practices, organisations demonstrate their commitment to information security and continuously strive to enhance their security posture in line with ISO 27001 standards.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: Creative Network's have in place a Change Management Process that follows the ISO 20000 Standard. A change is proposed with the Change Manager and then added to the Changes-overview. The change is scheduled to be executed and a roll back plan is created (if necessary). Rollback is actioned immediately upon confirmation as per following the rollback matrix, resources are freed and announcements are published. Periodically, the overview of archived changes is checked.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: Creative Network's have a Vulnerability Management process that implements the following: Receives information about zero day threats from the National Cyber Security Center; Subscribe to newsletters from vendors and used products, in contact with special interest groups; Technical vulnerabilities are handled either using the Incident management process or the Change management process; Patches are tested following the Installation of software on operational systems.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: All devices have a monitoring agent on them which can identify potential issues and report back to our service desk. If an issue is identified we have an internal 4 hour SLA to ensure remedial actions are carried asap, the seriousness of an incident will be assessed on discovery so that any priority issues can be responded to quickly. We have multiple alert systems in place and monitor them constantly. We exclusively use Linux for phone system hosting. We automatically patch daily as and when required.
• Incident management type: Supplier-defined controls
• Incident management approach: Fully developed Business Continuity and Disaster Recovery management process developed in line with ISO 22301. Creative Network's have a pre-defined Incident Management Process in place where by an incident is reported with the Incident Manager and then added to the Incidents-overview. After which, relevant log files (from all systems affected) and evidence is gathered. The incident is corrected by implementing a patch, temporary fix or workaround. It is determine whether future occurrences of the incident can be prevented, e.g. by modifying/strengthening one or more controls. Periodically, the overview of archived incidents is checked for apparent trends and effectivity of corrections.

Secure development

• Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  Wellbeing

  Wellbeing

  An Endpoint Detection and Response (EDR) service aligns with the theme of "Wellbeing" by providing enhanced security for remote workforces, reducing stress and anxiety related to cybersecurity incidents, protecting personal data, mitigating cybersecurity risks, and promoting work-life balance among employees.

Pricing

• Price: £6.00 a user
• Discount for educational organisations: Yes
• Free trial available: Yes
• Description of free trial: The free version includes basic endpoint protection with antivirus and malware detection. It lacks advanced features like firewall protection and premium support. There may not be a time limit, but additional devices and advanced features may require a paid subscription.

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at aj@creative-n.com. Tell them what format you need. It will help if you say what assistive technology you use.