MTI Technology Ltd

MTI Tenable One Exposure and Vulnerability Management Platform

Tenable provides a class leading vulnerability scanning and management solution, providing the tools and functionality to deliver vulnerability assessments, and the insights necessary to advance your security posture and safeguard your business. It is continually updated with new vulnerability definitions and checks, zero-day research, and compliance benchmarks.

Features

• Cloud visibility
• Asset-based vulnerability tracking
• Exclusion lists
• Web Application Scanning
• Proactive Alerting
• Continuous scanning
• Run scans, set policies and templates
• Integrates with ServiceNow and MS Sentinel
• Avoid disruption to hosts/networks
• Filter information, producing reliable, actionable results

Benefits

• Vulnerability Prioritisation based on actual risk
• Simplified management
• Compliance: a PCI Council certified Approved Scanning Vendor (ASV)
• Analyses traffic using Tenable Network Monitor
• Shortens time between detection and remediation with asset tags
• SaaS hosted, assesses vulnerabilities to prioritise based on risk
• Set Targets and Report Time to Remediate Vulnerabilities
• Know when Exploits are published for Vulnerabilities in your environment
• Assess Remote / Mobile Laptops for Vulnerabilities

£1,000 a transaction

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at bid@mti.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

453613719547061

Contact

Darren Moyes
01483520200
bid@mti.com

Service scope

• Software add-on or extension: No
• Cloud deployment model: Hybrid cloud
• Service constraints: None
• System requirements:
  • CPU: (4) 2 GHz cores
  • Core Ram: 16 GB
  • RAM Hard Drive: 100 GB

User support

• Email or online ticketing support: No
• Phone support: No
• Web chat support: No
• Onsite support: No
• Support levels: Tenable enables our customers to choose an appropriate case priority when creating Technical Support cases via the Tenable Community. These priorities range from P1 – P4, with a P1 being the most critical and a P4 being the least critical.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: We will help customers on board to new services as part of the transition process. Post onboarding we can then provide further training via specialist third parties.
• Service documentation: Yes
• Documentation formats:
  • HTML
  • PDF
• End-of-contract data extraction: MTI will assist with the extraction and removal of data from the service at the end of the contract.
• End-of-contract process: Three months before the end of the contract a call will take place between all stakeholders to discuss if the service will be renewed or not. If the decision is made to terminate the contract then there is sufficient time to find a new provider without any interruption to service. There will also be a full off-boarding process.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Microsoft Edge
  • Firefox
  • Chrome
• Application to install: Yes
• Compatible operating systems:
  • Android
  • IOS
  • Linux or Unix
  • MacOS
  • Windows
  • Other
• Designed for use on mobile devices: No
• Service interface: Yes
• User support accessibility: None or don’t know
• Description of service interface: Tenable Vulnerability Management offers a web-based interface for managing your organization's security posture. It features dashboards summarizing vulnerabilities across assets (IT, cloud, containers). The interface allows users [based on RBAC permissions] to schedule scans, define policies, and prioritize risks based on severity and exploitability. The interface allows viewing detailed vulnerability information, including remediation steps and associated reports. It caters to different user roles, with options for security teams to delve deeper into technical details and management to get a high-level overview of cyber risks.
• Accessibility standards: None or don’t know
• Description of accessibility: N/A
• Accessibility testing: N/A
• API: Yes
• What users can and can't do using the API: Tenable Vulnerability Management offers a powerful API for programmatic control. It allows you to integrate vulnerability management tasks into your existing workflows.; ; Setting Up Isn't Through the API: While the API manages data and actions, initial service setup requires the Tenable Vulnerability Management web interface. Here, you'll create API users and generate access credentials.; ; Making Changes with the API Power: Once configured, the API unlocks various functionalities:; ; Vulnerability Data Access: Programmatically retrieve details on discovered vulnerabilities, including severity and exploitability.; Scan Management: Trigger vulnerability scans on your assets or retrieve scan results for further analysis. (Some functionalities, like advanced scan configuration, might be limited compared to the web interface).; Limitations to Consider: Focus on Vulnerabilities: The API primarily deals with vulnerability data and basic scan management. Don't expect user management or core system configuration through the API.; Potential Throttling: Tenable might limit excessive API requests to ensure platform stability.; ; Details of the API are found here - https://developer.tenable.com/reference/navigate#vulnerability-management
• API documentation: Yes
• API documentation formats:
  • HTML
  • PDF
• API sandbox or test environment: Yes
• Customisation available: Yes
• Description of customisation: Buyers can customize the scan frequency by asset group, tag assets for visibility by different owners with different tags, have customized dashboards and reports. Customers can set remediation targets for Critical, High, Medium and Low Risk Vulnerabilities and visually track remediation against these targets using Lumin Exposure View, which creates score cards and allows you to compare your performance with your industry peers.

Scaling

• Independence of resources: Dedicated resources in the underlying infrastructure with a built in capacity buffer.

Analytics

• Service usage metrics: Yes
• Metrics types: User friendly, easy to understand dashboards are provided. These dashboards are fully customisable.; ; In addition, MTI produce a Monthly IT Service Management report, that includes all of the key metrics value and development of the service which can be tailored to the Customers’ requirements: o Tickets Raised and Resolved Summary o Successes o Customer Experience - Performance against agreed Incident and Service Request KPI’s o Incident Statistics and Summary / Charts. o Vulnerability Summary and Analysis o Listing of All Incidents Raised and Status o Service Status o Problem Records o Change and Service Request Summary
• Reporting types:
  • API access
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

• Supplier type: Reseller providing extra features and support
• Organisation whose services are being resold: Tenable

Staff security

• Staff security clearance: Conforms to BS7858:2019
• Government security clearance: Up to Security Clearance (SC)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: Yes
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least every 6 months
• Penetration testing approach: ‘IT Health Check’ performed by a CHECK service provider
• Protecting data at rest: Physical access control, complying with SSAE-16 / ISAE 3402
• Data sanitisation process: Yes
• Data sanitisation type: Explicit overwriting of storage before reallocation
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

• Data export approach: Users can draw their data down from the hosted platform and store on local networks.
• Data export formats:
  • CSV
  • Other
• Other data export formats: Excel
• Data import formats:
  • CSV
  • Other
• Other data import formats: Excel

Data-in-transit protection

• Data protection between buyer and supplier networks: Private network or public sector network
• Data protection within supplier network: IPsec or TLS VPN gateway

Availability and resilience

• Guaranteed availability: SLAs are dependent on the Manufacturer/Vendor.
• Approach to resilience: Available on request
• Outage reporting: Public dashboard.; ; Email Alerts - In the event a Service Outage occurs, alerts will be reported via email alerts, with hourly updates until the service is resumed. Details of any outages are recorded in the Monthly ITSM report for tracking and monitoring.

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Limited access network (for example PSN)
  • Dedicated link (for example VPN)
  • Username or password
• Access restrictions in management interfaces and support channels: Restrictions can be implemented by restricting IP addresses able to access the management interface(s). In addition a role-based access control (RBAC) system is in place to further restrict users to user definable configuration views and modes.
• Access restriction testing frequency: At least every 6 months
• Management access authentication:
  • 2-factor authentication
  • Username or password

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: User-defined
• Access to supplier activity audit information: Users contact the support team to get audit information
• How long supplier audit data is stored for: User-defined
• How long system logs are stored for: User-defined

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: International Information Security Management Standard
• ISO/IEC 27001 accreditation date: 16/07/2016
• What the ISO/IEC 27001 doesn’t cover: The certification covers: The protection of information for the provision of Cyber and Data Security, Datacentre Modernisation, IT; Managed Services and IT Transformation Services to clients across all sectors within the UK from head office and satellite MTI sites within the UK.
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: Yes
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: No
• Security governance certified: Yes
• Security governance standards: ISO/IEC 27001
• Information security policies and processes: MTI follow recognised industry standards such as: CIS, ISO

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: MTI have enforced processes that follow the CIS, ISO 20000 (IT Service Management) and ISO 27001 (Information Security Management) standards.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: Weekly and Monthly scans are carried out internally.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: This is entirely dependent on the service, more information is available by contacting bid@MTI.com
• Incident management type: Supplier-defined controls
• Incident management approach: Supplier and Customer defined approach

Secure development

• Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Covid-19 recovery
  • Tackling economic inequality
  • Equal opportunity
  • Wellbeing

  Fighting climate change

  MTI publishes an annual Quality & Environmental (Q&E) Policy statement, which is aligned to its ISO 9001 & ISO 14001 accreditations and the annual EcoVadis CSR review and accreditation. MTI’s Corporate & Social Responsibility policies integrate our business values and operations to meet our strategic objectives and the expectations of our customers, employees, investors, suppliers, the community and the environment. By putting our CSR into practice, we are committed to conducting ourselves responsibly and in an ethical manner, creating a positive and supportive working environment, supporting local communities, improving service levels to customers, acting fairly and collaboratively with suppliers and other third parties, to deliver solutions that support our environmental objectives. Our Environmental Management System, recognised by independent ISO 14001 Environmental Management certification, incorporates our Environmental Policies and Procedures.Demonstrating our commitment to protecting the environment and sustainability. We undergo regular independent audits to demonstrate our commitment to improvement. Our management review programme and CSR and Environmental Reporting, evaluate and demonstrate our environmental achievements, through measurement of impacts as a result of all business activities, monitoring of reduction targets, achievements against objectives & results from our activities, initiatives and environmental commitments. Our FY2022 focus includes; Zero-Carbon Society: we will strive to achieve zero emissions from our own business activities and encourage carbon neutrality within our supply chain. Through comprehensive energy conservation activities and the use of renewable energy, we aim to reducing our carbon footprint and impact on the environment through reduction of contributions to greenhouse gases (GHGs) and annual CO2 emissions, and support supplier commitments; •Partnering with Tier-1 suppliers who are committed to carbon neutrality, evidenced through annual environmental and sustainability assessment •Commitment form partners/product vendors to commit to supplying packaging with a minimum of 50% recycled content (80% Cardboard) or be entirely derived from sustainable sources.

  Covid-19 recovery

  In response to the COVID-19 pandemic, MTI has implemented thorough in-house technology solutions allowing over 90% of our staff to be based at home, including the majority of our service delivery staff. This approach provides greater job opportunities across the region without the potential for geographically disadvantage, and ensures we have skilled staff locally across the UK to deliver our core services. Where MTI are delivering longer-term services to Buyers, MTI is committed to sourcing and utilising local suppliers to provide relevant elements of the service and would support running local supplier days to publicise the delivery and give opportunities for local company involvement. MTI recognises that the COVID-19 pandemic presents challenges for graduate employment and is offering employment opportunities for graduates in order to support local students to progress from higher education into jobs utilising their skills and knowledge.

  Tackling economic inequality

  MTI has invested significantly in developing in house skills and capabilities in order to provide high-class services across a wide range of technologies and disciplines, with emphasis on providing a wide range of professional and managed services. Our Internal Development Programmes and individual development plans ensure that all employees are offered opportunities for learning and development and provides skills training for new employees and existing employees to prepare them for promotions, transfers or new responsibilities. Our development programmes help our employees stretch their capabilities and those of the organisation, upskilling employees through investments in a wide range of skills and product training and development for staff and managers to broaden opportunities. Building a diverse and inclusive workplace has become an imperative part for the all-round growth and development of MTI. Therefore, our HR team takes tangible steps to create a workplace that is committed to diversity and inclusion, including providing career opportunities to support disadvantaged people into the workplace. MTI are registered to the Disability Confident scheme and have agreed to the Disability Confident commitments to provide interventions to increase employment opportunities and retention for people with a long- term health condition or disability to support these people into employment.

  Equal opportunity

  We recognise our obligations under the Equality Act 2010, Article 119 of the Treaty of Rome, The Race Relations Act, The Employment Equality (Sexual Orientation) Regulations 2003 and The Employment Equality (Religion or Beliefs) Regulations 2003, and The Codes of Practice published by the Equal Opportunities Commission, the Commission for Racial Equality and the European Commission; We are committed to the principle of equal opportunities in employment. We are opposed to any form of less favourable treatment or financial reward through direct or indirect discrimination, harassment, victimisation to our staff members or job applicants on the grounds of race, religious beliefs, political opinions, creed, colour, ethnic origin, nationality, marital/parental status, sex, sexual orientation, offending past, disability, age, caring responsibilities or social class. We extend protection under this Policy to our suppliers, customers, contractors, and others who are on our premises and in return expect all suppliers, customers, contractors and others to behave in the same way towards our members of staff. This policy is intended to assist the organisation to put this commitment into practice. Compliance with this policy should also ensure that employees do not commit unlawful acts of discrimination. Communicating this policy will be supported by appropriate training, and the effectiveness of this Policy will be monitored on an on-going basis. No form of intimidation, bullying or harassment will be tolerated. Implementation of this policy will be carried out where necessary by invoking the Disciplinary Procedure. Every employee is required to assist the organisation to meet its commitment to provide equal opportunities in employment and avoid unlawful discrimination.

  Wellbeing

  The organisation has developed an employee wellbeing policy to manage its obligations to maintain the mental health and wellbeing of all staff. It covers the organisation's commitment to employee health, the responsibilities of managers and others for maintaining psychological health, health promotion initiatives, communicating and training on health issues, the range of support available for the maintenance of mental health, and organisational commitment to handling individual issues.

Pricing

• Price: £1,000 a transaction
• Discount for educational organisations: No
• Free trial available: No

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at bid@mti.com. Tell them what format you need. It will help if you say what assistive technology you use.