MDR/SIEM Software & Mobile Application Scanning
Vambrace Cybersecurity’s Security Operations Centre (SOC) provides a next generation, fully cloud hosted Managed Detection and Response (MDR) service to our clients. Our Mobile Application Scanning Tool is client-side application security for iOS / Android Apps & Chrome Extensions.
Features
- Implementation of SIEM(Security Information Event Management) technology
- Security monitoring and alerting
- Security testing of iOS Android & Chrome extension apps
- Report output status of apps from Privacy & GDPR standpoint
- Risks equate to CVSS scoring
- Pro-Active notification of security level changes
- Analyst support
- Threat hunting
- Threat intelligence updates
- System health monitoring
Benefits
- Mean time to resolve security issues is greatly reduced
- Internal security knowledge is not required to start the service
- Secure portal for mobile app and chrome extension testing
- Continual security testing of iOS, Android and Chrome extensions
- Ensuring the mobile ecosystem is secure
- Third party risk ratings for Mobile Applications
- Multiple use cases and log sources to meet client requirements
- Fast to deliver, average deployments take weeks not months
Pricing
£20,000 to £40,000 a gigabyte a day
- Education pricing available
- Free trial available
Service documents
Request an accessible format
Framework
G-Cloud 13
Service ID
3 9 1 3 9 5 0 9 0 6 5 3 8 1 7
Contact
VAMBRACE CYBERSECURITY LIMITED
Adam Hepworth
Telephone: 0113 3572020
Email: adam.hepworth@vambrace.co.uk
Service scope
- Service constraints
- Log collectors may be required to forward logs to the cloud portal, this covers devices that use syslog. Log collectors can also be used to collect log files directly from any devices with a local user created. If log collectors are required, they will also need to be updated as new versions are released, this is generally once a month and this will require a maintenance window of roughly 15 minutes.
- System requirements
-
- A log collector should be deployed for receiving syslog
- Log collectors should have at least one core
- Log collectors should have at least 512MB of RAM
- Log collectors require a minimum of 8GB HDD space
User support
- Email or online ticketing support
- Email or online ticketing
- Support response times
-
P4 information requests will be responded to within 8 business hours, excluding weekends and UK bank holidays.
P3 information requests will be responded to within 4 business hours, excluding weekends and UK bank holidays.
P2 information requests will be responded to within 2 business hours, excluding weekends and UK bank holidays.
P1 information requests will be responded to within 1 business hours, excluding weekends and UK bank holidays. - User can manage status and priority of support tickets
- Yes
- Online ticketing support accessibility
- WCAG 2.1 AA or EN 301 549
- Phone support
- Yes
- Phone support availability
- 9 to 5 (UK time), Monday to Friday
- Web chat support
- No
- Onsite support
- Yes, at extra cost
- Support levels
-
BRONZE:
1. Airnow will collect logs from chosen log sources.
2. Airnow will apply Airnow's custom rule set.
3. Airnow will send automated emails to the client to advise of potential security issues.
SILVER:
1. Airnow will collect logs from chosen log sources.
2. Airnow will apply Airnow's custom rule set.
3. Airnow will remove false positives before sending reports to our clients. within business hours according to SLAs.
GOLD:
1. Airnow will collect logs from chosen log sources.
2. Airnow will apply Airnow's custom rule set.
3. Airnow will remove false positives before sending reports to our clients within business hours according to SLAs.
4. Airnow will perform relevant triage on any insights created in the platform.
5. Airnow will provide access to trained security analysts to responds to detected incidents. - Support available to third parties
- No
Onboarding and offboarding
- Getting started
- As part of the onboarding process, use case workshops are performed in order to acquire relevant information regarding log sources and alert configuration. A technical lead and a project manager are assigned. Service handbook and onboarding documentation are provided and will guide the relevant use cases, dashboards, parsers and threat intelligence that will need to be applied. Training to access the dashboards and run basic queries will be provided to key members of staff. Access to the policy is managed by Airnow explicitly.
- Service documentation
- Yes
- Documentation formats
-
- Other
- Other documentation formats
- DocuSign links
- End-of-contract data extraction
- This service can be provided should a client wish to request all data collected by the platform. Depending on the amount of data ingested, charges may be applicable in order to collate the data then transfer this in a secure manner. In the event that the data is not requested to be collated, data beyond the retention period purchased, will no longer be accessible.
- End-of-contract process
-
In the event a contract ends or is not renewed for any reason, Airnow at the written direction of the customer will:
1. Delete or return customer personal data and copies thereof
1.1 Unless the Supplier is required by law to continue to process that customer personal data; and maintain records to demonstrate its compliance.
Once data has been provided or purged:
1. Access to the platform will be removed
2. Log collectors will be uninstalled
3. All configuration pertinent to the platform will be removed accordingly.
Using the service
- Web browser interface
- Yes
- Using the web interface
- End users will be added to the platform by Airnow and will receive an email in order to register, this will request a user sets their own password and once registered. Airnow policy dictates that 2FA will need to be applied. Clients will have access in order to: 1. Run queries 2. Create or modify dashboards 3 .Check on any alerts generated. Airnow will not allow changes to the: 1. Base configuration and/or rule set 2. Changes to saved queries 3. Indicators of Compromise.
- Web interface accessibility standard
- None or don’t know
- How the web interface is accessible
- The service is accessible from any browser and utilises HTTPS with TLS.
- Web interface accessibility testing
- Web interface testing with local users and multiple devices has been performed successfully.
- API
- Yes
- What users can and can't do using the API
- APIs can be used for tasks such as uploading CSVs (typically used for log ingestion), running reports (creating a query then exporting the results), or exporting dashboards (images that can be used in a Board-level report), however API access to the platform is restricted to Airnow personnel.
- API automation tools
- Other
- API documentation
- No
- Command line interface
- No
Scaling
- Scaling available
- Yes
- Scaling type
- Automatic
- Independence of resources
- 100% independence in place. Each client is restricted to their own portal (VPC), containing only their own data, regardless of which physical instance they are running on.
- Usage notifications
- Yes
- Usage reporting
Analytics
- Infrastructure or application metrics
- Yes
- Metrics types
-
- CPU
- Disk
- HTTP request and response status
- Memory
- Network
- Number of active instances
- Reporting types
-
- API access
- Real-time dashboards
- Regular reports
- Reports on request
Resellers
- Supplier type
- Reseller providing extra features and support
- Organisation whose services are being resold
- Sumo Logic
Staff security
- Staff security clearance
- Staff screening not performed
- Government security clearance
- None
Asset protection
- Knowledge of data storage and processing locations
- Yes
- Data storage and processing locations
-
- United Kingdom
- European Economic Area (EEA)
- User control over data storage and processing locations
- Yes
- Datacentre security standards
- Complies with a recognised standard (for example CSA CCM version 3.0)
- Penetration testing frequency
- At least once a year
- Penetration testing approach
- In-house
- Protecting data at rest
-
- Physical access control, complying with CSA CCM v3.0
- Physical access control, complying with SSAE-16 / ISAE 3402
- Encryption of all physical media
- Data sanitisation process
- Yes
- Data sanitisation type
- Deleted data can’t be directly accessed
- Equipment disposal approach
- Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001
Backup and recovery
- Backup and recovery
- Yes
- What’s backed up
- All logs can be exported to S3 buckets
- Backup controls
-
Within the log forwarder from the platform the following can be performed:
1. Individual collector or hosts logs can be forwarded
2. Each log forwarder can run on it's own schedule
3. Logs are expected to be up to date within 5 minutes of real time ingestion within the S3 bucket.
4. Alerts can be created in the instance that the service stops for any reason.
Charges for the storage will apply. - Datacentre setup
- Multiple datacentres
- Scheduling backups
- Supplier controls the whole backup schedule
- Backup recovery
- Users contact the support team
Data-in-transit protection
- Data protection between buyer and supplier networks
- TLS (version 1.2 or above)
- Data protection within supplier network
-
- TLS (version 1.2 or above)
- IPsec or TLS VPN gateway
Availability and resilience
- Guaranteed availability
-
Availability of the platform is managed by our chosen provider. In the event that an issue is raised, the vendor will work to the following time scales in the syntax of Priority value, hours of operation, response time:
P1 - 24 x 7 - 0.5 hour
P2 - Business hours - 1 hour
P3 - Business hours - 6 hours
P4 - Business hours - 1 day. In the event that SLAs cannot be met, the vendor will discuss remediation options. - Approach to resilience
- This can be provided on request.
- Outage reporting
- Sumo Logic are responsible for hosting a live page that covers the status of all global issues and outages. Email alerts are configured on each log source, this will raise a ticket for any source that has been inactive for 15 minutes or more. This in turn triggers an investigation and information will be provided to all relevant parties. API integrations can also be requested to trigger an alert in a key system for our clients.
Identity and authentication
- User authentication
- 2-factor authentication
- Access restrictions in management interfaces and support channels
- Management access is restricted by two factor authentication. User access roles are defined to ensure not all users will have access to the management consoles.
- Access restriction testing frequency
- At least every 6 months
- Management access authentication
- 2-factor authentication
- Devices users manage the service through
- Directly from any device which may also be used for normal business (for example web browsing or viewing external email)
Audit information for users
- Access to user activity audit information
- Users contact the support team to get audit information
- How long user audit data is stored for
- User-defined
- Access to supplier activity audit information
- Users contact the support team to get audit information
- How long supplier audit data is stored for
- User-defined
- How long system logs are stored for
- User-defined
Standards and certifications
- ISO/IEC 27001 certification
- Yes
- Who accredited the ISO/IEC 27001
- ACM
- ISO/IEC 27001 accreditation date
- 29/06/2018
- What the ISO/IEC 27001 doesn’t cover
- The scope of the certification covers the entirety of the business, including all services offered.
- ISO 28000:2007 certification
- No
- CSA STAR certification
- Yes
- CSA STAR accreditation date
- 5/1/2019
- CSA STAR certification level
- Level 2: CSA STAR Attestation
- What the CSA STAR doesn’t cover
- CSA STAR level two covers the MDR/SIEM solution, the ticket system is CSA STAR level one.
- PCI certification
- No
- Cyber essentials
- No
- Cyber essentials plus
- No
- Other security certifications
- No
Security governance
- Named board-level person responsible for service security
- Yes
- Security governance certified
- Yes
- Security governance standards
- ISO/IEC 27001
- Information security policies and processes
- ISO 27001 certified ISMS in place, which mandates a range of applicable policies and processes, and our compliance with them is independently audited. We also adhere to relevant GDPR policies which is controlled by our internal CISO and Data Protection Officer(DPO).
Operational security
- Configuration and change management standard
- Supplier-defined controls
- Configuration and change management approach
-
Each change of configuration is tracked via:
1. Individual tickets with relevant reference numbers
2. All changes must be made as part of an ongoing ticket
3. Clients shall be made aware of any changes or maintenance required as part of the service
4. All tickets will be given a priority value to rate the severity of the issue
5. All tickets will also be assessed from a technical and security perspective to ensure the requests are in keeping with industry best practices. - Vulnerability management type
- Supplier-defined controls
- Vulnerability management approach
-
Details include:
1. Patching of the cloud platform itself is managed entirely by the vendor.
2. Publications are sent out often advising of any maintenance taking place to patch the systems.
3. In the event a collector should require to be patched:
3.1 Emails are sent from the technical team at Airnow requesting the updates take place.
3.2 Maintenance windows are then scheduled with our clients.
3.3 Airnow will request the update for the collector within 2 working days of the release.
3.4 Airnow will patch any log collector within 2 weeks of a patch being released with relevant authorisation. - Protective monitoring type
- Supplier-defined controls
- Protective monitoring approach
-
Compromises of systems are detected via several means:
1. Utilising the rule base of the product.
2. Custom rules created by Airnow
3. Indicators of compromise
3.1 Vendor managed
3.2 Airnow managed
4. Enrichment templates. By utilising this data collectively we can find compromises quickly and easily, in the event of a P1 breach Airnow would expect to have the issue resolved in under 4 business hours. - Incident management type
- Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
- Incident management approach
-
Airnow follows a pre-defined method regarding incident response following the IS27001 format. This consists of 7 stages that include:
1. Responsibilities and procedures.
2. Reporting information security events.
3. Reporting information security weaknesses.
4. Assessment of and decision on information security events.
5. Response to information security incidents.
6. Learning from information security incidents.
7. Collection of evidence.
Secure development
- Approach to secure software development best practice
- Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)
Separation between users
- Virtualisation technology used to keep applications and users sharing the same infrastructure apart
- Yes
- Who implements virtualisation
- Third-party
- Third-party virtualisation provider
- Sumo Logic
- How shared infrastructure is kept separate
- Each client is locked to their own portal, with individual user accounts, encryption keys and data is encrypted at rest using AES-256.
Energy efficiency
- Energy-efficient datacentres
- Yes
- Description of energy efficient datacentres
-
1. All data stored by the service is within AWS, who are focused on efficiency and continuous innovation across global infrastructure, as they continue on their path to powering our operations with 100% renewable energy by 2025.
2. AWS only uses Tier 1 data centres. These are energy efficient & typically located in the developed world.
3. AWS is stated to be 3.6 times more energy efficient than the median of surveyed enterprise data centres in the U.S. and up to 5 times more energy efficient than typical EU enterprise infrastructure.
OTHER AIRNOW ENERGY EFFICIENCY MEASURES:
1. Most Airnow employees are based in energy efficient new build premises or renovated properties in Leeds.
2. 30% of employees use public transport.
3. 20% share vehicles to get to work.
4. Employees typically work from home 30% of the time.
Social Value
- Fighting climate change
-
Fighting climate change
1. All data stored by the service is within AWS and is focused on efficiency and continuous innovation across their global infrastructure, as they continue on their path to powering our operations with 100% renewable energy by 2025. 2. AWS only uses Tier 1 data centres. These are energy efficient & typically located in the developed world. 3. AWS is stated to be 3.6 times more energy efficient than the median of surveyed enterprise data centres in the U.S. and up to 5 times more energy efficient than typical EU enterprise infrastructure. OTHER AIRNOW ENERGY EFFICIENCY MEASURES: 1. Most Airnow employees are based in energy efficient new build premises or renovated properties in Leeds. 2. 30% of employees use public transport. 3. 20% share vehicles to get to work. 4. Employees typically work from home 30% of the time. 4. All Airnow employees have had environmental training. This includes training on:
a) Energy efficiency e.g. defensive driving, switching off equipment when not in use, only filling the kettle to required level for tea/coffee.
b) Waste minimisation.
5. Airnow carries out a high proportion of customer meetings virtually. (Around 90%.) - Covid-19 recovery
-
Covid-19 recovery
Airnow measures include:
1. Following government guidance during the pandemic e.g. working from home.
2. Covid-19 transmission reduction measures in offices and work settings:
a) Adequate ventilation.
b) Ample spacing between employees – all desks are at least 2 metre apart.
c) Employees encouraged to:
i) Get fully vaccinated and boosted.
ii) Wear face masks if moving around the offices.
iii) Hold face to face meetings outdoors where possible.
iv) Practice excellent hand hygiene.
v) Hold meetings virtually unless in person meetings are essential.
Airnow’s services assist the running of successful organisations. As such, services provided support Covid-19 recovery. - Tackling economic inequality
-
Tackling economic inequality
Airnow’s measures include:
1. RESPECTING DIVERSITY: We encourage applications from all communities & groups. Progression is solely on ability. Airnow’s workforce is representative of multi-cultural diversity present in Leeds.
2. BUYING LOCAL & SUPPORTING SMEs:
Airnow:
a) Pays promptly.
b) Ensures opportunities for local suppliers. It has networks across the UK with subcontractors providing services local to their base.
Airnow’s accountants & solicitors are SMEs based in Leeds.
3. TRAINING:
Included:
a) Employees are achieving certificates such as comptia pentest +.
b) Apprenticeships receive training via Code Nation.
c) Job specific training.
4. OPPORTUNITIES: a) Airnow’s preference is recruiting personnel into ‘entry level’ positions & ‘promoting from within’.
b) It has recruited:
i) Kickstarters, apprentices & trainees.
ii) Graduates
We encourage the utilisation of the kick start scheme in order to find new candidates that then progress into full time staff members. No preferential treatment is given to candidates regarding economic status. - Equal opportunity
-
Equal opportunity
The company is committed to promoting equality of opportunity for all staff and job applicants. We aim to create a working environment in which all individuals are able to make best use of their skills, free from discrimination or harassment, and in which all decisions are based on merit. We do not discriminate against staff on the basis of age, disability, gender reassignment, marital or civil partnership status, pregnancy or maternity, race, colour, nationality, ethnic or national origin, religion or belief, sex or sexual orientation. The principles of non-discrimination apply to the way we treat staff, visitors, clients, customers, suppliers and former staff members. All staff have a duty to act in accordance with this policy and treat colleagues with dignity at all times, and not discriminate against or harass other members of staff, regardless of their status. - Wellbeing
-
Wellbeing
We are committed to protecting mental, as well as physical, health, safety and well-being and that of those who work for us. We will endeavour to maintain a working environment in which everyone treats one another with dignity and respect and is able to co-operate and trust their colleagues and is conductive to positive well-being. We acknowledge the importance of a supportive environment and working culture and of identifying and reducing workplace stressors and factors that can negatively impact on our employees' or clients' mental well-being. We are committed to a programme of action to make this policy effective and to bring it to everyone's attention. However, this policy can only be effective if everyone co-operates to achieve it's aim. The policy does not form part of an employee's contract of employment and it may be amended anytime. We may also vary a procedure, as appropriate in any case. We have a legal duty to take reasonable care to ensure mental health as well as physical health is not at risk by putting excessive demands or pressures arising from the way work is organised. This policy takes into account the Health and Safety at Work Regulations 1999, Employment Rights Act 1996, Protection from Harassment Act 1997, Working Time Regulations 1998 and Equality Act 2010.
Pricing
- Price
- £20,000 to £40,000 a gigabyte a day
- Discount for educational organisations
- Yes
- Free trial available
- Yes
- Description of free trial
- One month trial period with up to 10 use cases and a select amount of pre-built dashboards.