MONKTON GROUP UK LIMITED

Custom Threat Monitoring

Customer defined strategic monitoring and alerting with notification of ORBAT™ elements entering geo-fenced locations. Fortnightly analyst reports on movements and alerts. Access permits viewing and querying of custom ORBAT™ feeds for a bespoke geography following data sequencing of signals against threat ontology.

Features

• Custom alerting based on user-defined geo-fenced areas of reporting
• Fortnightly intelligence analyst-produced activity reporting on movements and changes
• Based on largest ontology of adversary ORBAT data
• Uses normalised signal data from Internet of Things (IoT) hardware
• Near real-time data updated hourly with sequenced loading to platform
• Cross referenced passive signal data with ORBAT knowledge base
• Quickly add or remove sites to monitoring list
• Email or SMS activity alerting and updates
• Designation of threats to critical national infrastructure and protected sites

Benefits

• Automated monitoring and alerting for CNI and protected locations
• Detection-based behaviour alerting, allowing for better allocation of resources
• Leveraged unique data science across passive SIGINT
• Consistent feed of intelligence start-points to efficiently task high-value assets
• Insights produced by experienced intelligence professionals and subject matter experts
• Proactively respond to events using near real-time global monitoring
• Stand-off collection means no speculative tasking of assets
• PMSEII framework information input using ABI principles
• Military organisation structures for PMSEII/ASCOPE utilisation

£64,000 a licence a year

• Free trial available

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at shirley.herron@monkton.io. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

445324497911962

Contact

Shirley Herron
+44 7866 566 141
shirley.herron@monkton.io

Service scope

• Software add-on or extension: No
• Cloud deployment model: Private cloud
• Service constraints: N/A
• System requirements:
  • Computer with recent version of major operating system
  • High-speed internet connection minimum 20Mbps download speed
  • Web browser that supports GPU acceleration
  • Intel i5 processor (or equivalent), 8Gb RAM, dedicated graphics card
  • Minimum screen resolution of 1280x720 recommended

User support

• Email or online ticketing support: Yes, at extra cost
• Support response times: Within the working day, we aim to respond within two hours. At weekends, a line of communication is available.
• User can manage status and priority of support tickets: No
• Phone support: Yes
• Phone support availability: 24 hours, 7 days a week
• Web chat support: No
• Onsite support: Onsite support
• Support levels: Baseline support for all access is included within the contract. Extra support to be discussed on a contractual basis depending on customer requirements.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: We provide initial user training, either virtually or onsite as required by the end user community. There is an in-platform help guide with data definitions to support terminology on-boarding and a dedicated support pathway - via phone, form fill-in or email - for user requests. Additonal training, workflow understanding and use-case triage is supported by a dedicated Customer Success team. Self-paced learning on the platform is provided with a series of videos, and specidfic examples can be created at user request for offline consumption.
• Service documentation: Yes
• Documentation formats: PDF
• End-of-contract data extraction: Data that is uploaded to the platform is only stored against the search and users search history is expunged on contract end as standard.
• End-of-contract process: This is an annual subscription service that provides access to the platform where data can be interrogated. Access to the platform will cease on the end of the licence date as agreed in the contract. On contract termination, a data deletion letter will need to be signed by the contracting party to ensure removal of Disruptive Industries intellectual property from former client systems.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
• Application to install: No
• Designed for use on mobile devices: No
• Service interface: Yes
• User support accessibility: None or don’t know
• Description of service interface: Access permits viewing and querying of custom-geography ORBAT™ feeds following data sequencing of signals against threat ontology. Near real-time feed (1 hour cadence) ORBAT™ includes multiple adversarial feeds merged into one master threat feed. Additionally includes access to ODDITY GPS Interference monitoring and overlays.
• Accessibility standards: None or don’t know
• Description of accessibility: No accessibility standards are met at present, but this is on the immediate roadmap
• Accessibility testing: None at present
• API: No
• Customisation available: No

Scaling

• Independence of resources: We guarantee that users are not affected by the demands other users place on our service through our fully elastic clustered compute architecture. This scalable system dynamically adjusts computing resources based on real-time user demand, ensuring consistent performance and availability. Key aspects include:; ; 1. Automatic Scaling; 2. Resource Isolation; 3. Load Balancing; 4. Priority Queueing; 5. Monitoring and Management

Analytics

• Service usage metrics: Yes
• Metrics types: Yes, we provide detailed service usage metrics accessible through PDF for now. These metrics include user activity, resource utilisation (customer level), performance indicators, and error rates.
• Reporting types: Reports on request

Resellers

• Supplier type: Reseller providing extra features and support
• Organisation whose services are being resold: Disruptive Industries Ltd

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: Up to Developed Vetting (DV)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: Other locations
• User control over data storage and processing locations: Yes
• Datacentre security standards: Managed by a third party
• Penetration testing frequency: At least every 6 months
• Penetration testing approach: Another external penetration testing organisation
• Protecting data at rest:
  • Physical access control, complying with another standard
  • Scale, obfuscating techniques, or data storage sharding
• Data sanitisation process: Yes
• Data sanitisation type: Explicit overwriting of storage before reallocation
• Equipment disposal approach: A third-party destruction service

Data importing and exporting

• Data export approach: The platform has an in-built function for exporting to .csv the user-defined results with appropriate file size limits for the size of data being requested. As a cloud-based service the export query is queued against other incoming requests and processed sequentially.
• Data export formats: CSV
• Data import formats: CSV

Data-in-transit protection

• Data protection between buyer and supplier networks: TLS (version 1.2 or above)
• Data protection within supplier network: TLS (version 1.2 or above)

Availability and resilience

• Guaranteed availability: Level of availability varies depending on the specific project. Our standard form Service Level Agreements (SLAs) can be provided on request.
• Approach to resilience: Information available on request.
• Outage reporting: Email alerting is provided and communication tracked on the expected resolution timeline and breadth of user impact.

Identity and authentication

• User authentication needed: Yes
• User authentication: Other
• Other user authentication: - OAuth 2.0/OIDC; - WebAuthn
• Access restrictions in management interfaces and support channels: Our approach to access restrictions in management interfaces and support channels is grounded in the principles of Role-Based Access Control (RBAC). This method ensures that only authorised personnel have access to specific levels of information and functionality, based on their roles within the organisation.
• Access restriction testing frequency: At least every 6 months
• Management access authentication:
  • 2-factor authentication
  • Other
• Description of management access authentication: We use OAuth 2.0 with OpenID Connect (OIDC) for secure, token-based user authentication and authorization before allowing access to management interfaces. OAuth2.0's framework ensures authentication requests are handled securely. We enforce 2FA for all users accessing management interfaces. After initial login, users must verify their identity through another method, (eg mobile device notification/ a text message/ security key) providing a dynamic token that must be entered to gain access. We support FIDO standards for additional security, allowing authentication via biometric devices or FIDO security keys. This enhances security and simplifies the authentication process by leveraging universal second factor (U2F) technology.

Audit information for users

• Access to user activity audit information: No audit information available
• Access to supplier activity audit information: No audit information available
• How long system logs are stored for: At least 12 months

Standards and certifications

• ISO/IEC 27001 certification: No
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: Yes
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: No
• Security governance approach: We follow a robust set of information security policies and processes, all managed under the oversight of our Chief Technology Officer (CTO). These policies are designed to ensure the security of data, protect our infrastructure, and comply with regulatory requirements.; ; Policies and Processes:; ; 1. Two-Factor Authentication (2FA) and Zero Trust; 2. Workforce Education; 3. Encryption; 4. Business Travel Security; 5. Sensitivity Assessment; ; Management and Compliance:; The CTO manages our security framework, ensuring all practices are current and compliant with industry standards. Regular audits and reviews maintain policy effectiveness and adapt to emerging threats.
• Information security policies and processes: We follow a robust set of information security policies and processes, all managed under the oversight of our Chief Technology Officer (CTO). These policies are designed to ensure the security of data, protect our infrastructure, and comply with regulatory requirements.; ; Policies and Processes:; ; 1. Two-Factor Authentication (2FA) and Zero Trust: We enforce 2FA and adhere to the Zero Trust principle, requiring strict identity verification for network access, thereby reducing unauthorised access risks.; ; 2. Workforce Education: Our policy enforces regular security awareness courses for all employees, conducted to fortify awareness and adherence to our security standards.; ; 3. Encryption: We encrypt all data at rest to safeguard sensitive information, even if physical security is breached.; ; 4. Business Travel Security: Our travel policy includes the use of Faraday bags and device tracking to protect data from unauthorised access and theft.; ; 5. Sensitivity Assessment: We classify data and projects based on sensitivity, applying tailored security controls accordingly.; ; Management and Compliance:; The CTO manages our security framework, ensuring all practices are current and compliant with industry standards. Regular audits and reviews maintain policy effectiveness and adapt to emerging threats.; ; These policies and processes collectively secure our operations and sensitive information, aligning with industry best practices.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: Using Git for version control provides comprehensive audit trails ensuring modifications are tracked (including who/what/when) enabling easy rollback and accountability in our development process.; ; Infrastructure as code (IaC) allows automated setup and maintenance of environments ensuring consistency and reducing mistakes. Configurations are declarative and are automatically enforced and maintained.; ; Advanced observability tools monitor infrastructure and configurations continuously alerting to unexpected or unauthorized changes. This maintains security, stability and compliance of environments.; ; Configuration and change management are aligned with industry best practice ensuring secure, scalable and maintainable infrastructure. Our process is responsive and controlled, supporting rapid development while ensuring rigorous oversight.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: Continuous integration flows include SAST, DAST, Container Scanning, Dependency Scanning for Python, Node.JS, and Golang dependencies in our applications. Scanned artefacts are cryptographically guaranteed through signing and require fully signed Git tree at build stage.; ; Threat Modelling during Agile Development ensures security considerations are embedded into design and development.; ; Automated tools scrutinise code for patterns and behaviours that could lead to vulnerabilities and address before deployment.; ; Continuous Monitoring and Scanning of all deployment artifacts against well-known Common Vulnerabilities and Exposures.; ; If a vulnerability is detected, our system automatically revokes trust in affected artifacts, isolating the threat and preventing further exploitation.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: 1. Declarative drift detection; 2. Activity logs
• Incident management type: Supplier-defined controls
• Incident management approach: Customer management support process will escalate any incident according to its criticality, assessed by our CSM team member on call. This will be relayed to our Engineering team on-call.; ; 1. Analyse abnormalities and deploy fix. ; 2. Gather team for postmortem to discuss how to prevent similar incidents in the future as part of our continuous improvement cycle. ; 3. Document incident. ; 4. Generate comms using postmortem information and notify clients as soon as possible.

Secure development

• Approach to secure software development best practice: Supplier-defined process

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  • Equal opportunity
  • Wellbeing

  Equal opportunity

  We recognise the importance of diversity, equality and inclusion within all areas, and we are committed to providing an environment in which each employee is recognised, valued, able to fulfil their potential and maximise their contribution. We appreciate the value and creative potential that individuals of different backgrounds and; abilities bring. We work hard to ensure equal treatment in all aspects of working life, and an inclusive and supportive culture where differing views and experiences are always respected. We firmly believe that such a culture significantly enhances our ability to provide a quality service to our clients and the sharing of experiences to our colleagues.; ; To attract the best talent, we use direct recruitment and trusted third-party recruiters. Our direct recruitment uses platforms such as LinkedIn, which enables us to reach high-quality candidates outside of our traditional networks.; ; When engaging with third party recruiters, we only work with organisations that share our commitment to diversity and inclusion, and we request diverse candidate shortlists and candidate searches across a wide range of non-traditional talent pools.

  Wellbeing

  We are committed to providing a positive and supportive environment that promotes employee wellbeing, ensuring that everyone has access to a range of wellbeing support when and if they need it.; ; We will provide resources, programmes, and initiatives that support employee wellbeing, such as mental health resources, employee assistance programs, and flexible work arrangements. We encourage employees to prioritise their wellbeing and seek help when needed, and we are committed to fostering a culture of openness, inclusivity, and respect that supports employee wellbeing, so that all of us can operate at our full potential, and effectively balance our professional and personal lives.

Pricing

• Price: £64,000 a licence a year
• Discount for educational organisations: No
• Free trial available: Yes
• Description of free trial: Demo only

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at shirley.herron@monkton.io. Tell them what format you need. It will help if you say what assistive technology you use.