Skip to main content

Beta Help us improve the Digital Marketplace - send your feedback

COMMUNICATE TECHNOLOGY LIMITED

NAZAR X Managed SOC Detection and Response

Detecting and Preventing breaches. XDR / MDR / SIEM / SOC. Monitoring and detection as a fully managed Service

Features

  • SIEM
  • XDR
  • Managed Detection and Response
  • Incident response
  • MDR
  • EDR
  • Endpoint Detection and Response
  • Managed SOC
  • SOC as a Service Solution
  • Security Operations Center

Benefits

  • Fully Managed SOC as a Service
  • No hidden Costs, no estimates - fix price (No surprises)
  • Unlimited storage and alerts (No surprises)
  • 24/7/365 UK Based operations and monitoring
  • Unlimited Responses (No surprises)
  • Full install and configuration
  • Incident Response included with 24/7 helpline from specialists
  • Detection through to Eradication included
  • Annual Penetration test included
  • Public Sector expertise

Pricing

£5 to £20 a device a month

  • Education pricing available
  • Free trial available

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at jed.wrigley@communicate.technology. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

4 4 0 0 2 2 9 7 1 3 3 1 8 5 7

Contact

COMMUNICATE TECHNOLOGY LIMITED Jed Wrigley
Telephone: 08004048888
Email: jed.wrigley@communicate.technology

Service scope

Software add-on or extension
Yes, but can also be used as a standalone service
What software services is the service an extension to
Can be added to protect any services from off the shelf to developed. Cloud, Datacentre or onsite located Servers, Devices, Endpoints or systems
Cloud deployment model
  • Public cloud
  • Private cloud
  • Community cloud
  • Hybrid cloud
Service constraints
Available 24/7
Priced per system/device with everything else unlimited.
If you wish to have the service virtual in your offices or data centres you must have the capability to run the environment which we provide.
System requirements
  • If Virtual you require resource on your virtual environment
  • Install of an agent is required to enable all features

User support

Email or online ticketing support
Email or online ticketing
Support response times
Depending on importance as soon as 15 minutes
User can manage status and priority of support tickets
Yes
Online ticketing support accessibility
WCAG 2.1 AA or EN 301 549
Phone support
Yes
Phone support availability
24 hours, 7 days a week
Web chat support
No
Onsite support
Onsite support
Support levels
All clients have:

Access to 24/7 support desk and SOC team
Access to 24/7 Incident Response Team

Respond within 30 minutes of initial report.
Begin to fix within 1 hour of initial report.
Change required to provide a work-around for a critical issue within 4 hours.
Review of alerts begun within 15 Minutes 24/7

We do not offer different levels.
Support available to third parties
Yes

Onboarding and offboarding

Getting started
Full training sessions and onboarding sessions managed by a team of technical and commercial account managers and training team members to assist during the whole process.
Service documentation
Yes
Documentation formats
  • HTML
  • PDF
End-of-contract data extraction
Data can be extracted and safely and securely removed once contract is ending.
End-of-contract process
An exit plan will be build as part of the service and options for exit would be outlined. We destroy and data we store in our hardware or data centres other than things required for contractual or legal requirements.

Using the service

Web browser interface
Yes
Supported browsers
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
Application to install
Yes
Compatible operating systems
  • Android
  • IOS
  • Linux or Unix
  • MacOS
  • Windows
  • Other
Designed for use on mobile devices
No
Service interface
Yes
User support accessibility
WCAG 2.1 AA or EN 301 549
Description of service interface
Portal and dashboard access for all clients.
Accessibility standards
WCAG 2.1 AAA
Accessibility testing
Developed over 10 years with UAX testing.
API
No
Customisation available
Yes
Description of customisation
We have over 4000 dashboards and reports

Scaling

Independence of resources
The solution is scaled by number of users no matter the amount of work or activity the user is creating. We build the solution to manage breaches which can increase activity on networks by over 1000% so we build around this expected amount of activity.

Analytics

Service usage metrics
Yes
Metrics types
Standard monthly reports will be sent from our SOC to you so you can see suspicious incidents that have been raised, their status and what action was taken.
Reports will also include the amount of events, alerts being generated and triaged, vulnerability management reports and other key performance indicators, so you can see return on investment and spot anomalies of incidents to continuously improve the service with Communicate.

Communicate will give you access to your dashboards so you can see security trends within the solution and give you some insight into the service. From here you can build custom dashboards.
Reporting types
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

Supplier type
Reseller providing extra features and support
Organisation whose services are being resold
Optional Support service available but no third parties as standard

Staff security

Staff security clearance
Conforms to BS7858:2019
Government security clearance
Up to Security Clearance (SC)

Asset protection

Knowledge of data storage and processing locations
Yes
Data storage and processing locations
United Kingdom
User control over data storage and processing locations
Yes
Datacentre security standards
Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency
At least every 6 months
Penetration testing approach
In-house
Protecting data at rest
Physical access control, complying with SSAE-16 / ISAE 3402
Data sanitisation process
Yes
Data sanitisation type
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
Equipment disposal approach
Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data export approach
Can be exported to CSV or HTML
Data export formats
  • CSV
  • ODF
Data import formats
  • CSV
  • ODF

Data-in-transit protection

Data protection between buyer and supplier networks
  • Private network or public sector network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
Data protection within supplier network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

Guaranteed availability
With redundancy any outages does not mean loss of service to staff or systems. Data, logs and events will be processed locally and can be pushed to our 2nd or 3rd sites for analysis. If related to internal issues like your connectivity then once connection is re established the service will resume and push alerts and events not sent previously for analyse.
Approach to resilience
Each solution backs up configurations daily off site.
Options for redundancy is available on all deployments which can be hybrid or fully hardware/virtual.
Outage reporting
Email and SMS

Identity and authentication

User authentication needed
Yes
User authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
Access restrictions in management interfaces and support channels
VPN or MFA
Access restriction testing frequency
At least every 6 months
Management access authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Username or password

Audit information for users

Access to user activity audit information
Users have access to real-time audit information
How long user audit data is stored for
User-defined
Access to supplier activity audit information
Users have access to real-time audit information
How long supplier audit data is stored for
User-defined
How long system logs are stored for
User-defined

Standards and certifications

ISO/IEC 27001 certification
Yes
Who accredited the ISO/IEC 27001
British Assessment Bureau
ISO/IEC 27001 accreditation date
245667
What the ISO/IEC 27001 doesn’t cover
Nothing every site and department is in scope
ISO 28000:2007 certification
No
CSA STAR certification
No
PCI certification
Yes
Who accredited the PCI DSS certification
Self assessment (level 2 service provider)
PCI DSS accreditation date
1/6/2023
What the PCI DSS doesn’t cover
Non payment services.
Cyber essentials
Yes
Cyber essentials plus
Yes
Other security certifications
No

Security governance

Named board-level person responsible for service security
Yes
Security governance certified
Yes
Security governance standards
ISO/IEC 27001
Information security policies and processes
As a cyber security company we have many policies to adhere to various standards including but not limited to ISO27001.

some examples of policies include:

Disaster Recovery
Business Continuity
Approves Apps
Clear Desk Policy
ISMS
Physical Security
Document Classification
Config Management
Interested Parties
Management System Policy
Legal Register
Password Policy
Patching Policy
Remote Working

Operational security

Configuration and change management standard
Supplier-defined controls
Configuration and change management approach
A list of approved contacts allows changes to be made and aligned with the organisation/bodies own change process with Peer reviews etc.
Vulnerability management type
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Vulnerability management approach
Scans are run 24/7 with expectation to review findings within 1 hour and aim to fix critical or high within 4 hours. Scans are run using vendor vulnerability assessment tools, and open source threat tools and information from threat feeds.
Protective monitoring type
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Protective monitoring approach
A fully Managed UK Based SOC with MDR/XDR/SIEM and EDR.
We respond within 15 mnutes
Incident management type
Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
Incident management approach
We have defined pre books, all users can call our IR line or email incidents@ or contact one of the Incident Response leads. Reports are kept online for 3 years.

Secure development

Approach to secure software development best practice
Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

Connection to public sector networks
Yes
Connected networks
  • Public Services Network (PSN)
  • NHS Network (N3)

Social Value

Social Value

Social Value

  • Fighting climate change
  • Equal opportunity
  • Wellbeing

Fighting climate change

Reduced our non renewable electricity use in 2023 by over 50%

Equal opportunity

Work with ex forces recruitment charities. Sponsor local charities and sports and recreation along with community projects.

Wellbeing

Sponsor local charities and sports and recreation along with community projects.

Pricing

Price
£5 to £20 a device a month
Discount for educational organisations
Yes
Free trial available
Yes
Description of free trial
A full free trial can be enabled for clients wishing to test our service on a number of servers/endpoints

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at jed.wrigley@communicate.technology. Tell them what format you need. It will help if you say what assistive technology you use.