INTEGRITY360 LIMITED

Vectra Detect for M365 + AWS

As the industry’s first network detection and response solution for the cloud, Vectra Detect for Office 365 and Azure AD extends the proven platform that currently protects public clouds, private data centres, and enterprise environments to Microsoft Office 365.

Features

• SaaS Hosted threat detection & response platform for M365
• SaaS Hosted threat detection & response platform for AWS
• identify and respond to the early stages of an attack
• identify and respond attacks before it becomes a breach

Benefits

• Reduce the chances of a breach
• decrease mean time to detect and respond

£87,745.90 a licence

• Education pricing available
• Free trial available

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at bidreviewboard@integrity360.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

471153723694117

Contact

Paul Momirovski
+44 20 3397 3414
bidreviewboard@integrity360.com

Service scope

• Software add-on or extension: Yes, but can also be used as a standalone service
• What software services is the service an extension to: AWS, M365
• Cloud deployment model: Public cloud
• Service constraints: N/A
• System requirements:
  • Connectivity from customer MS tenant logs
  • Connectivity from customer AWS cloud trail logs

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: 4-hour response time for all tickets during normal working hours (follow-the-sun support).1-hour response time for all business-critical issues 24 hours, seven day a week.
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: WCAG 2.1 A
• Phone support: Yes
• Phone support availability: 24 hours, 7 days a week
• Web chat support: Web chat
• Web chat support availability: 24 hours, 7 days a week
• Web chat support accessibility standard: WCAG 2.1 A
• Web chat accessibility testing: Customer can sign up to the Slack support chat or use the Vectra support portal.; Quality assurance, New feature testing is apart of testing all customer facing communication tools
• Onsite support: Yes, at extra cost
• Support levels: Unlimited 24/7 support for customers, with current software subscription packages. Support subscriptions include break-fix, diagnosis, recovery and final resolution for all software and hardware issues.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: Customers have access to a dedicated customer success team and training services .; Paid for professional services are also available.
• Service documentation: Yes
• Documentation formats:
  • HTML
  • PDF
• End-of-contract data extraction: Via account team, on website or support portal.
• End-of-contract process: Data is not extracted. However it is permanently deleted upon termination of contact.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: All Services can be accessed via any HTML5 compatible device
• Service interface: Yes
• User support accessibility: WCAG 2.1 A
• Description of service interface: A Graphical UI
• Accessibility standards: WCAG 2.1 A
• Accessibility testing: This service is accessed via a web GUI via SSO for authorised users.
• API: No
• Customisation available: Yes
• Description of customisation: Users can create custom models for threat hunting.

Scaling

• Independence of resources: High Availability 99.9% uptime

Analytics

• Service usage metrics: Yes
• Metrics types: Total Accounts/ logs ingested concurrently + operational metrics
• Reporting types:
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

• Supplier type: Reseller providing extra support
• Organisation whose services are being resold: Vectra

Staff security

• Staff security clearance: Conforms to BS7858:2019
• Government security clearance: Up to Security Clearance (SC)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations:
  • United Kingdom
  • European Economic Area (EEA)
  • Other locations
• User control over data storage and processing locations: Yes
• Datacentre security standards: Managed by a third party
• Penetration testing frequency: At least once a year
• Penetration testing approach: Another external penetration testing organisation
• Protecting data at rest:
  • Physical access control, complying with another standard
  • Other
• Other data at rest protection approach: Data at rest and in transit is secured using at least 256-bit TLS encryption.; • File encryption (e.g. PGP) and transport encryption (e.g. HTTPS) are utilized for transferring classified information
• Data sanitisation process: Yes
• Data sanitisation type:
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
• Equipment disposal approach: A third-party destruction service

Data importing and exporting

• Data export approach: All relevant data is permanently deleted.
• Data export formats: Other
• Other data export formats: PDF
• Data import formats: Other
• Other data import formats: N/A

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • TLS (version 1.2 or above)
  • Other
• Other protection between networks: Data at rest and in transit is secured using at least 256-bit TLS encryption.; • File encryption (e.g. PGP) and transport encryption (e.g. HTTPS) are utilized for transferring classified information
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • Other
• Other protection within supplier network: Data at rest and in transit is secured using at least 256-bit TLS encryption.; • File encryption (e.g. PGP) and transport encryption (e.g. HTTPS) are utilized for transferring classified information

Availability and resilience

• Guaranteed availability: The Vectra Recall service is built on AWS. The service is architected to provide a 99.999% uptime level of service.
• Approach to resilience: The Vectra Recall service is built on AWS. The service is architected to provide a 99.999% uptime level of service.
• Outage reporting: Customers will be informed by email of any planned or unplanned outtages

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Username or password
  • Other
• Other user authentication: Vectra supports the SAML 2.0 standard for authentication, which can be used with our client's identity provider (IDP) to provide multi-factor authentication (MFA)
• Access restrictions in management interfaces and support channels: Role based access is avaliable to control users and access to different areas of the platfom. Support is avaiable to those within contract via email or portal.
• Access restriction testing frequency: At least once a year
• Management access authentication:
  • 2-factor authentication
  • Username or password
  • Other
• Description of management access authentication: Vectra supports the SAML 2.0 standard for authentication, which can be used with our client's identity provider (IDP) to provide multi-factor authentication (MFA); Role based access is available to control users and access to different areas of the platform. Support is available to those within contract via email or portal.

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: User-defined
• Access to supplier activity audit information: Users have access to real-time audit information
• How long supplier audit data is stored for: User-defined
• How long system logs are stored for: User-defined

Standards and certifications

• ISO/IEC 27001 certification: No
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: No
• Cyber essentials plus: No
• Other security certifications: Yes
• Any other security certifications:
  • SOC2
  • 3rd Party via AWS

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: Other
• Other security governance standards: SOC2 is a set of controls developed by the American Institute of CPAs (AICPA)
• Information security policies and processes: Vectra’s overall information security strategy is to provide reasonable and appropriate safeguardsto ensure the confidentiality, integrity, availability, and accountability of information assets byprotecting those assets from unauthorized access, use, disclosure, disruption, modification, and destruction.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: Contained within Vectra's AI Change Management policy are the controls to manage change in our development process and infrastructure. These controls provide a healthy balance of agility and security which allow us to produce quality products and services to our clients
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: Vectra's corporate vulnerability management program:; • Operating system security patches and software security patches are applied promptly on all computers within the Vectra network.; • Computers are configured to automatically receive operating system patches and software security patches when issued.; • A central policy server manages updates to all workstations within the Vectra network. All systems are constantly monitored by use of deployed agents and network wide policies, which push, install, and verify updates and patches as necessary.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: All systems are constantly monitored by use of deployed agents and network wide policies, which push, install, and verify updates and patches as necessary.
• Incident management type: Supplier-defined controls
• Incident management approach: Vectra AI has a Incident response policy which is designed in a way that limits damage and reduces recovery time and costs. This policy establishes the coordination of Vectra’s response to IT related incidents to enable quicker information gathering, reporting, and remediation.

Secure development

• Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Tackling economic inequality
  • Equal opportunity

  Fighting climate change

  The use of Galaxkey solutions can have an instant impact on the environmental impact and carbon footprint of users and organisations.; ; Our solutions allow for secure transfer and distribution of important documents and files remotely, therefore instantly removing the need for postage, packaging and transportation.; ; We have multiple examples of organisations that have achieved significant environmental improvements through use of our solutions, across both Local & Central Government, NHS and Education.

  Tackling economic inequality

  HR & employee contract disclose information regarding work hours, wage etc

  Equal opportunity

  HR department follow policies to ensure no discrimination is present within the organisation.

Pricing

• Price: £87,745.90 a licence
• Discount for educational organisations: Yes
• Free trial available: Yes
• Description of free trial: A free trial is available for 4 weeks with weekly scheduled engagements. ; N/A sign up via registered partner.

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at bidreviewboard@integrity360.com. Tell them what format you need. It will help if you say what assistive technology you use.