Managed Detection and Response Service (MDR)
GetSwarms provides Managed Detection and Response (MDR) service offers a 24x7 proactive threat detection, hunting, and response capability that identifies and contains cyber threats in near real-time. MDR providers continuously monitor network traffic, endpoints, and systems for signs of security threats, promptly responding to incidents to mitigate risks.
Features
- continues monitoring of networks, endpoints, and systems.
- Advanced threat detection using AI and machine learning algorithms.
- Proactive threat hunting to identify emerging cyber threats.
- Real-time incident detection and response capabilities.
- 24/7 security operations center (SOC) monitoring and support.
- Customized security alerts and notifications for timely responses.
- Comprehensive visibility into security postures across the organization.
- Integration with existing security tools and technologies.
- Scalable solutions to adapt to evolving threat landscapes.
- Access to cybersecurity experts for proactive threat management.
Benefits
- Early detection and mitigation of cyber threats before they escalate.
- Improved incident response times, reducing potential damages and losses.
- Proactive threat hunting enhances the organization's security posture.
- Enhanced visibility into security events and incidents across the network.
- 24/7 monitoring ensures round-the-clock protection against cyber threats.
- Customized alerts and reports provide actionable insights for decision-making.
- Reduced burden on internal IT teams for threat detection and
- Cost-effectiveness compared to maintaining an in-house security operation center.
- Enhanced compliance with regulatory requirements and industry standards.
- Peace of mind knowing that expert cybersecurity professionals are overseeing
Pricing
£10 a licence a month
- Education pricing available
- Free trial available
Service documents
Request an accessible format
Framework
G-Cloud 14
Service ID
4 0 5 0 6 3 9 2 6 0 8 6 1 7 9
Contact
    GET SWARMS LIMITED
    
    Amit Jain
    
    
    Telephone: 07545641528
    
    
    Email: Amit.Jain@getSwarms.com
    
  
Service scope
- Service constraints
- None - pls speak to GetSwarms team for confirmation at the time of contract.
- System requirements
- None - speak to us to discuss any specifics
User support
- Email or online ticketing support
- Email or online ticketing
- Support response times
- 
      We provide 24x7 prioritised service for the customer technical support staff. Our response times are as follows:
 P1: CRITICAL - 15 mins
 P2: URGENT - 1 Hour
 P3: IMPORTANT - 3 Hrs
 P4: COSMETIC/MINOR - 1 Day
- User can manage status and priority of support tickets
- Yes
- Online ticketing support accessibility
- WCAG 2.1 AA or EN 301 549
- Phone support
- Yes
- Phone support availability
- 24 hours, 7 days a week
- Web chat support
- Yes, at an extra cost
- Web chat support availability
- 24 hours, 7 days a week
- Web chat support accessibility standard
- WCAG 2.1 AA or EN 301 549
- Web chat accessibility testing
- Accessibility Testing, Functional Testing, UAT Testing
- Onsite support
- Yes, at extra cost
- Support levels
- We provide a dedicated Technical Accounts manager for the duration of contract who serves as an escalation point for any service-related issues. Additionally, we can offer Level 1, 2 and 3 support depending on the needs of our clients. Cost will vary depending upon the required service levels.
- Support available to third parties
- Yes
Onboarding and offboarding
- Getting started
- We offer various resources to assist customers in initiating their usage of our services. These encompass extensive documentation available in multiple formats, introductory videos, practical labs, both online and in-person training sessions, access to a vast ecosystem of partners, and support from the public sector account team.
- Service documentation
- Yes
- Documentation formats
- 
      - HTML
- ODF
 
- End-of-contract data extraction
- As a contract draws to a close, our designated Service Delivery Manager proactively engages with the customer to collaborate on establishing a comprehensive contract exit plan. This plan encompasses various facets, notably the extraction and deletion of data from our infrastructure, ensuring a seamless transition for both parties. Our team works closely with the customer to ascertain specific requirements and preferences regarding data handling, ensuring compliance with relevant regulations and agreements. Additionally, customers retain autonomy over their data throughout the contract lifecycle, with the flexibility to modify, update, or remove their data as needed, with or without direct involvement from GetSwarm. This commitment to transparency and customer-centricity underscores our dedication to fostering trust and accountability throughout the contract lifecycle, safeguarding the integrity and security of our customers' data.
- End-of-contract process
- When a client chooses to end subscription with GetSwarms, we ensure a smooth transition process. We offer assistance with data extraction and migration to facilitate the transition to another service provider or platform, within reasonable bounds. We establish a mutually agreed-upon point for service termination. Once this transition milestone is reached, our dedicated teams cease all service provision, ensuring a clear delineation of responsibilities. Throughout this process, we prioritize transparency and open communication to address any concerns or queries from the client effectively. Our commitment to facilitating a seamless transition underscores our dedication to client satisfaction and reflects our ethos of reliability and professionalism. We remain steadfast in our support of clients even at the conclusion of our business relationship, ensuring their continued success beyond the scope of our services.
Using the service
- Web browser interface
- Yes
- Using the web interface
- If a purchaser chooses self-managed IaaS, they'll have the freedom to set up their environment, enabling them to assign CPU, RAM, and disk space to their virtual servers. They'll also have the ability to create, delete, and reboot servers independently, without needing to reach out to our support team.
- Web interface accessibility standard
- WCAG 2.1 AA or EN 301 549
- Web interface accessibility testing
- Accessibility testing, Manual, Automated, Functional
- API
- Yes
- What users can and can't do using the API
- We provide extensive API endpoints. Contact our support desk for more detail.
- API automation tools
- 
      - Ansible
- Chef
- OpenStack
- SaltStack
- Terraform
- Puppet
 
- API documentation
- Yes
- API documentation formats
- 
      - Open API (also known as Swagger)
- HTML
- ODF
 
- Command line interface
- Yes
- Command line interface compatibility
- 
      - Linux or Unix
- Windows
- MacOS
 
- Using the command line interface
- We offers excellent command line interface. For more details, contact us more info.
Scaling
- Scaling available
- Yes
- Scaling type
- 
      - Automatic
- Manual
 
- Independence of resources
- At Get Swarms, we ensure uninterrupted service for all users by implementing robust measures for data isolation and resource allocation. Through our cloud infrastructure, comprising public, private, community, and hybrid clouds, each user's data and resources are segregated, safeguarding against interference from other users' demands. Our dynamic resource management system optimally distributes resources, dynamically allocating capacity to meet fluctuating demand while maintaining performance and reliability. This approach guarantees that users experience consistent and reliable service, unaffected by the activities of other users, thereby ensuring a seamless and dependable experience across our platform.
- Usage notifications
- Yes
- Usage reporting
- 
      - API
- SMS
 
Analytics
- Infrastructure or application metrics
- Yes
- Metrics types
- 
      - CPU
- Disk
- HTTP request and response status
- Memory
- Network
- Number of active instances
 
- Reporting types
- 
      - API access
- Real-time dashboards
- Regular reports
- Reports on request
 
Resellers
- Supplier type
- Not a reseller
Staff security
- Staff security clearance
- Conforms to BS7858:2019
- Government security clearance
- Up to Developed Vetting (DV)
Asset protection
- Knowledge of data storage and processing locations
- Yes
- Data storage and processing locations
- 
      - United Kingdom
- European Economic Area (EEA)
- Other locations
 
- User control over data storage and processing locations
- Yes
- Datacentre security standards
- Complies with a recognised standard (for example CSA CCM version 3.0)
- Penetration testing frequency
- At least every 6 months
- Penetration testing approach
- ‘IT Health Check’ performed by a CHECK service provider
- Protecting data at rest
- 
      - Physical access control, complying with CSA CCM v3.0
- Physical access control, complying with SSAE-16 / ISAE 3402
- Physical access control, complying with another standard
- Encryption of all physical media
- Scale, obfuscating techniques, or data storage sharding
 
- Data sanitisation process
- Yes
- Data sanitisation type
- 
      - Explicit overwriting of storage before reallocation
- Deleted data can’t be directly accessed
- Hardware containing data is completely destroyed
 
- Equipment disposal approach
- Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001
Backup and recovery
- Backup and recovery
- Yes
- What’s backed up
- 
      - Files
- Virtual machine
- Service configurations
- Applications
- Any type of data back up can be arranged
- Database configuration
- CMDB data
 
- Backup controls
- Users have full control over their backup preferences, enabling them to specify what data is backed up and when. Through our platform, users can configure backups for different types of data on customised schedules, tailoring the process to suit their specific needs. We offer services to facilitate the creation of backup strategies and, a range of backup options to accommodate customer requirements.
- Datacentre setup
- 
      - Multiple datacentres with disaster recovery
- Multiple datacentres
- Single datacentre with multiple copies
- Single datacentre
 
- Scheduling backups
- Users schedule backups through a web interface
- Backup recovery
- 
      - Users can recover backups themselves, for example through a web interface
- Users contact the support team
 
Data-in-transit protection
- Data protection between buyer and supplier networks
- 
      - Private network or public sector network
- TLS (version 1.2 or above)
- IPsec or TLS VPN gateway
- Bonded fibre optic connections
- Legacy SSL and TLS (under version 1.2)
 
- Data protection within supplier network
- 
      - TLS (version 1.2 or above)
- IPsec or TLS VPN gateway
- Legacy SSL and TLS (under version 1.2)
 
Availability and resilience
- Guaranteed availability
- At Get Swarms, our SLAs guarantee a certain level of availability for our services, typically measured in uptime percentage over a defined period, such as a month or a year. In the event that we fail to meet these guaranteed levels of availability, we offer service credits as compensation to affected users.These SLAs outline the specific levels of uptime we commit to maintaining and the corresponding compensation structure if those levels are not met. Service credits are provided to impacted users based on the extent to which our uptime falls short of the guaranteed level, as outlined in the SLA. To ensure transparency and accountability, users have access to an intuitive interface where they can view SLA reports detailing uptime performance and any associated service credits. This interface provides users with visibility into our service performance and the credits they are entitled to in the event of downtime.
- Approach to resilience
- Available on request. Our data center infrastructure is designed with disaster recovery in mind, featuring redundant systems and failover mechanisms to minimize the impact of potential disruptions. Redundant disks and multiple storage options are deployed to safeguard against hardware failures and ensure data integrity and availability. Also, multiple availability zones within each region and, distributed architecture ensure that even in the event of a catastrophic failure at one data center, services can seamlessly failover to alternate locations without impacting users.
- Outage reporting
- We offer Public Dashboard, API, email alerts, SMS to report any outage
Identity and authentication
- User authentication
- 
      - 2-factor authentication
- Public key authentication (including by TLS client certificate)
- Identity federation with existing provider (for example Google apps)
- Limited access network (for example PSN)
- Dedicated link (for example VPN)
- Username or password
 
- Access restrictions in management interfaces and support channels
- At Get Swarms, we enforce strict access controls across management interfaces and support channels. Role-Based Access Control (RBAC), Authentication is reinforced with usernames, passwords, and multifactor authentication. Firewalling and IP restrictions limit access to authorized networks. Bastion hosts provide a secure gateway for accessing sensitive systems. Regular audits are conducted to monitor access patterns and detect anomalies. Admin accounts are isolated, and privileged access is strictly managed, mitigating the risk of unauthorized access and enhancing the security of our systems and support channels.
- Access restriction testing frequency
- At least every 6 months
- Management access authentication
- 
      - 2-factor authentication
- Public key authentication (including by TLS client certificate)
- Identity federation with existing provider (for example Google Apps)
- Limited access network (for example PSN)
- Dedicated link (for example VPN)
- Username or password
 
- Devices users manage the service through
- 
      - Dedicated device on a segregated network (providers own provision)
- Dedicated device on a government network (for example PSN)
- Dedicated device over multiple services or networks
- Any device but through a bastion host (a bastion host is a server that provides access to a private network from an external network such as the internet)
- Directly from any device which may also be used for normal business (for example web browsing or viewing external email)
 
Audit information for users
- Access to user activity audit information
- Users have access to real-time audit information
- How long user audit data is stored for
- User-defined
- Access to supplier activity audit information
- Users have access to real-time audit information
- How long supplier audit data is stored for
- User-defined
- How long system logs are stored for
- User-defined
Standards and certifications
- ISO/IEC 27001 certification
- Yes
- Who accredited the ISO/IEC 27001
- IAF
- ISO/IEC 27001 accreditation date
- 20/09/2023
- What the ISO/IEC 27001 doesn’t cover
- N/A
- ISO 28000:2007 certification
- No
- CSA STAR certification
- No
- PCI certification
- No
- Cyber essentials
- Yes
- Cyber essentials plus
- Yes
- Other security certifications
- No
Security governance
- Named board-level person responsible for service security
- Yes
- Security governance certified
- Yes
- Security governance standards
- 
      - CSA CCM version 3.0
- ISO/IEC 27001
 
- Information security policies and processes
- At Get Swarms, we prioritize information security through comprehensive policies and processes. Our Information Security Management System (ISMS) is guided by industry best practices and frameworks such as ISO/IEC 27001 and NIST Cybersecurity Framework. Our Chief Information Security Officer (CISO) oversees the development, implementation, and enforcement of security policies. They lead a team of Security Managers and Security Analysts who are responsible for monitoring and assessing security risks, incident response, and compliance. To ensure policies are followed, we employ a combination of technical controls and human oversight. We utilize Security Information and Event Management (SIEM) systems to continuously monitor network activity for suspicious behavior and potential threats. Regular audits and assessments are conducted to verify compliance with security policies and industry standards. Additionally, we provide ongoing training and awareness programs to educate employees about security best practices and their responsibilities. Reporting structures are established to enable employees to report security incidents or concerns promptly.
Operational security
- Configuration and change management standard
- Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
- Configuration and change management approach
- At Get Swarms, we employ a robust configuration and change management process. Our Configuration Management Database (CMDB) tracks the components of our services throughout their lifecycle. Changes undergo assessment by our Change Advisory Board (CAB) and Steering Board, where potential security impacts are evaluated. We utilize Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), and Interactive Application Security Testing (IAST) practices to ensure changes meet security standards. All changes are documented in source control, with a comprehensive history maintained, enabling us to manage tech debt effectively.
- Vulnerability management type
- Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
- Vulnerability management approach
- At Get Swarms, we maintain a proactive vulnerability management process. We assess potential threats to our services through regular penetration testing, Nessus scanning, and continuous monitoring. Critical security patches are deployed swiftly using zero downtime deployments. We rely on various sources for threat intelligence, including industry alerts, CVE ratings, and internal risk assessments. Our risk assessment methodology ensures prioritization of vulnerabilities based on severity and impact, enabling us to effectively mitigate risks and enhance the security posture of our services.
- Protective monitoring type
- Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
- Protective monitoring approach
- 
      We deploys (pan-environmental) monitoring devices to collect information on unauthorized intrusion attempts, usage abuse, and network/application bandwidth usage. Devices monitor:
 • Port scanning attacks
 • Usage (CPU, processes, disk utilization, swap rates, software-error generated losses)
 • Application metrics
 • Unauthorized connection attempts
 Near real-time alerts flag incidents, based on our Service/Security Team- set thresholds.
- Incident management type
- Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
- Incident management approach
- 
      We adopt a three-phased approach to manage incidents:
 1. Activation and Notification Phase
 2. Recovery Phase
 3. Reconstitution Phase
 Incident management aims to manage the lifecycle of all incidents. Users can report incidents through dedicated portal, email or Phone. Our primary objective is to return the IT service to users as quickly as possible. The incident management sub-processes and objectives are aligned to ITIL and ISO 27001:2013 standard. Incident management support, incident logging and categorisation, incident resolution, incident monitoring and escalation, incident closure and evaluation, pro-active user information and incident management reporting.
Secure development
- Approach to secure software development best practice
- Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)
Separation between users
- Virtualisation technology used to keep applications and users sharing the same infrastructure apart
- Yes
- Who implements virtualisation
- Third-party
- Third-party virtualisation provider
- AWS
- How shared infrastructure is kept separate
- We use AWS infrastructure. Amazon Web Services (AWS) primarily utilizes the Xen hypervisor for virtualization across its Elastic Compute Cloud (EC2) instances. Xen is an open-source virtualization platform that provides efficient and secure virtualization capabilities, allowing multiple virtual machines (VMs) to run on a single physical server.This includes using virtualization techniques to create separate virtual environments, implementing robust access controls and permissions, and employing network segmentation to ensure that each organization's data and resources remain isolated and secure.
Energy efficiency
- Energy-efficient datacentres
- Yes
- Description of energy efficient datacentres
- We rely on 3rd party data centers provided by AWS, Azure and GCP. The cloud provider is committed to sustainability and energy efficiency in its data centers, aligning with the EU Code of Conduct for Energy Efficient Data Centres. They design their data centers with energy efficiency in mind, utilizing innovative cooling and power management technologies to minimize energy consumption. They also employ advanced monitoring and optimization tools to continuously improve the efficiency of infrastructure.
Social Value
- Social Value
- 
      Social Value - Fighting climate change
- Covid-19 recovery
- Tackling economic inequality
- Equal opportunity
- Wellbeing
 Fighting climate change We help implement effective stewardship of environment by supporting following activities:
 • Deliver additional environmental benefits in the performance of the contract including working towards net zero greenhouse gas emissions.
 • influence staff, suppliers, customers and communities through the delivery of the contract to support environmental protection and improvement.
 • We adapt to our clients’ priorities and change our working approach to our client’s needs, such as working on-site, working remotely, or at an offsite short-term rental office if needed. We don't have plans to invest in long-term office premises that could potentially be underutilised. This gives us the flexibility to rent office space close to our clients.Covid-19 recovery We support following activities to help local communities recover from the impact of Covid-19:
 • We have paid particular attention to the mental well-being of our remote teams and made changes as needed to ensure everyone has the best working pattern and environment to continue to be part of the team, feel productive and deliver successfully.
 • Create employment, re-training, and other return to work opportunities for those left unemployed by COVID-19, particularly new opportunities in high growth sectors.
 • Support people and communities to manage and recover from the impacts of COVID-19, including those worst affected or who are shielding.
 • Support organisations and businesses to manage and recover from the impacts of COVID-19, including where new ways of working are needed to deliver services.
 • Support the physical and mental health of people affected by COVID-19, including reducing the demand on health and care services.
 • Improve workplace conditions that support the COVID-19 recovery effort including effective social distancing, remote working, and sustainable travel solutions.Tackling economic inequality We support following activities:
 • Create opportunities for entrepreneurship and help new, small
 organisations to grow, supporting economic growth and business creation.
 • Create employment opportunities particularly for those who face barriers to employment and/or who are located in deprived areas.
 • Create employment and training opportunities, particularly for people in industries with known skills shortages or in high growth sectors.
 • Support educational attainment relevant to the contract, including training schemes that address skills gaps and result in recognised qualifications.
 • Influence staff, suppliers, customers and communities through the delivery of the contract to support employment and skills opportunities in high growth sectors.
 • Create a diverse supply chain to deliver the contract including new businesses and entrepreneurs, start-ups, SMEs, VCSEs and mutuals.
 • Support innovation and disruptive technologies throughout the supply chain to deliver lower cost and/or higher quality goods and services.
 • Support the development of scalable and future-proofed new methods to modernise delivery and increase productivity.
 • provide collaboration throughout the supply chain, and a fair and responsible approach to working with supply chain partners in delivery of the contract.
 • identify and manage cyber security risks in the
 delivery of the contract including in the supply chain.
 • Influence staff, suppliers, customers and communities through the delivery of the contract to support resilience and capacity in the supply chain.Equal opportunity As a diverse group of people, we value culture differences and approaches in the workplace and recruit people into our network in an inclusive way.We actively promote inclusion in our resources including the following considerations:
 • Women in It
 • Minority representation
 • Disadvantaged backgrounds
 • Returning to work
 • Local economy
 We help tackle workplace inequality by supporting following activities:
 • identify and tackle inequality in employment, skills
 and pay in the contract workforce.
 • Support in-work progression to help people, including those from disadvantaged or minority groups, to move into higher paid work by developing new skills relevant to the contract.
 • identify and manage the risks of modern slavery in
 the delivery of the contract, including in the supply chain.Wellbeing We work with our clients and consultants to encourage a flexible working environment which allows everyone to attain a good work-life balance. We’ve paid particular attention to the mental well-being of our remote teams and made changes as needed to ensure each individual has the best working pattern and environment to continue to be part of the team, feel productive and deliver successfully.
 We always work with individuals to understand and appreciate any personal challenges they may have, both hidden and visible, and agree how we can cater for specific needs, without prejudice or detriment to any individual or to the work we deliver.
 We ensure we share and agree best practices and we encourage debate, intellectual curiosity and building of trust both with internal and external team members. Online collaboration, blog articles and community wiki pages are key to our well-being of staff members.
Pricing
- Price
- £10 a licence a month
- Discount for educational organisations
- Yes
- Free trial available
- Yes
- Description of free trial
- All Features included in trial period. Trial periods range from 7 days to 30 days depending on service.