Security Platform Management Service
Manage, maintain and operate security platforms to support security operations activities, covering SIEM and datalake platforms providing health, availability & performance monitoring, policy configurations & change management.
Features
- Greater ROI from your existing technology investments
- Sharper focus on higher impact cybersecurity activities
- Future-proof your cloud cybersecurity defenses
- Relieve the pressure on your team while maintaining control
- Unlock the true value of your investment
Benefits
- Significantly reduce incident detection & response times
- Single pane of glass for all Security Operations
- Automation ensures human analysts utilised for higher impact tasks
- Security Orchestration and Response (SOAR) as a service
- Delivery of cloud-native security monitoring
- Strong security eco-system to ensure ongoing value & enrichment
- Underpinned by established security framework (MITRE ATT&CK)
- Leverage existing SIEM investments (i.e QRadar, Splunk, etc)
- Our analyst teams can become an extension of your resources
- Complete visibility - you see what's going on continuously
Pricing
£8 to £23 a user
Service documents
Request an accessible format
Framework
G-Cloud 14
Service ID
5 8 2 4 0 9 9 3 8 3 4 6 6 0 8
Contact
UST Global Pvt Ltd
Patrick Marren
Telephone: 07544102103
Email: ukpublicsectorsales@ust.com
Service scope
- Service constraints
- N/A.
- System requirements
-
- Agents or collection software on virtual machines or log aggregators
- A SIEM tool is required - either new or existing
User support
- Email or online ticketing support
- Email or online ticketing
- Support response times
- Customers can raise service requests via email, phone, or a web portal (using Chat or Ticket) 24/7/365, with defined service SLAs to respond based on incident/issue severity.
- User can manage status and priority of support tickets
- Yes
- Online ticketing support accessibility
- None or don’t know
- Phone support
- Yes
- Phone support availability
- 24 hours, 7 days a week
- Web chat support
- Web chat
- Web chat support availability
- 24 hours, 7 days a week
- Web chat support accessibility standard
- None or don’t know
- How the web chat support is accessible
- Customers can raise service requests via email, phone, or a web portal (using Chat or Ticket) 24/7/365, with defined service SLAs to respond based on incident/issue severity.
- Web chat accessibility testing
- WCAG 2.0 standard testing done.
- Onsite support
- Yes, at extra cost
- Support levels
- The service governance model is established during engagement, featuring a Dedicated Customer Success Manager, measurable service maturity via Customer Satisfaction (CSAT) and Net Promoter Score (NPS) scoring, named CyberProof individuals for engagement, clearly defined communication interfaces ensuring proper escalation procedures, bi-weekly program status meetings, regular reporting on program and service status, and a clearly defined RACI matrix.
- Support available to third parties
- Yes
Onboarding and offboarding
- Getting started
- The CDC service includes a comprehensive on-boarding phase to setup and customise the platform to the specific requirements of each individual customer's security operations requirements which includes virtual instructor-led training provided prior to go-live with ongoing access to documentation for help and FAQs
- Service documentation
- Yes
- Documentation formats
- End-of-contract data extraction
- We can provide a JSON extract of all data on the contract end
- End-of-contract process
- We will assist with service transition or export of data as required at end of the contract - either into the customer's new service provider platform or into a customer owned system.
Using the service
- Web browser interface
- Yes
- Using the web interface
- Users can collaborate on the web portal called CyberProof Defense Centre (CDC) using ChatOps, email or phone. No limitations to the number of users and role based access control is defined to specify user access. The CDC provides an interactive single pane of glass for all Security/SOC Operations meaning customers have continuous and complete visibility and (where required) involvement in incident detection, response and remediation processes.
- Web interface accessibility standard
- None or don’t know
- How the web interface is accessible
- The web interface is accessible on various browsers (with accessibility features) to allow assistive technology to interact with the end user machine. The web interface itself does not provide any assistive technology.
- Web interface accessibility testing
- Standard Guided User Interface (GUI) testing on Microsoft Internet Explorer, Google Chrome and Mozilla FireFox web browsers
- API
- Yes
- What users can and can't do using the API
- Users consume service through the web portal called CyberProof Defense Centre (CDC) where incidents, reports and dashboards are available. API is available to Microsoft Power BI for custom dashboards.
- API automation tools
- Other
- Other API automation tools
- N/A
- API documentation
- No
- Command line interface
- No
Scaling
- Scaling available
- Yes
- Scaling type
- Manual
- Independence of resources
- Our service is a single tenant solution, meaning it is dedicated to the customer it serves. The only shared element of our service is our human security analysts who act as an extension of our customers own security team to support incident response and investigation.
- Usage notifications
- Yes
- Usage reporting
Analytics
- Infrastructure or application metrics
- No
Resellers
- Supplier type
- Reseller providing extra features and support
- Organisation whose services are being resold
- Microsoft, Google, Splunk, IBM etc
Staff security
- Staff security clearance
- Other security clearance
- Government security clearance
- Up to Baseline Personnel Security Standard (BPSS)
Asset protection
- Knowledge of data storage and processing locations
- Yes
- Data storage and processing locations
-
- United Kingdom
- European Economic Area (EEA)
- Other locations
- User control over data storage and processing locations
- Yes
- Datacentre security standards
- Managed by a third party
- Penetration testing frequency
- At least once a year
- Penetration testing approach
- In-house
- Protecting data at rest
-
- Physical access control, complying with SSAE-16 / ISAE 3402
- Encryption of all physical media
- Data sanitisation process
- Yes
- Data sanitisation type
- Explicit overwriting of storage before reallocation
- Equipment disposal approach
- Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001
Backup and recovery
- Backup and recovery
- Yes
- What’s backed up
-
- Digital playbooks
- Incident workflows
- Security Alerts
- Security Incident logs and processes
- Backup controls
- We continuously back up the entire platform using cloud-native backup services and high availability practices (i.e. meshed networks, redundancy, etc)
- Datacentre setup
- Multiple datacentres with disaster recovery
- Scheduling backups
- Supplier controls the whole backup schedule
- Backup recovery
- Users contact the support team
Data-in-transit protection
- Data protection between buyer and supplier networks
-
- TLS (version 1.2 or above)
- IPsec or TLS VPN gateway
- Data protection within supplier network
-
- TLS (version 1.2 or above)
- IPsec or TLS VPN gateway
Availability and resilience
- Guaranteed availability
- Microsoft Azure Cloud and Google Cloud SLAs apply for the platform provided as a service. Security service SLAs are defined based on the criticality of the incident and relevant service credits are issued.
- Approach to resilience
- Microsoft Azure and Google Cloud best practices are used for resiliency setup.
- Outage reporting
- E-mail alerts
Identity and authentication
- User authentication
- Identity federation with existing provider (for example Google apps)
- Access restrictions in management interfaces and support channels
- Role Based Access Control allows the customer to define groups and access requirements to which users can be added.
- Access restriction testing frequency
- At least once a year
- Management access authentication
-
- 2-factor authentication
- Identity federation with existing provider (for example Google Apps)
- Devices users manage the service through
-
- Dedicated device over multiple services or networks
- Any device but through a bastion host (a bastion host is a server that provides access to a private network from an external network such as the internet)
- Directly from any device which may also be used for normal business (for example web browsing or viewing external email)
Audit information for users
- Access to user activity audit information
- Users contact the support team to get audit information
- How long user audit data is stored for
- User-defined
- Access to supplier activity audit information
- Users contact the support team to get audit information
- How long supplier audit data is stored for
- User-defined
- How long system logs are stored for
- User-defined
Standards and certifications
- ISO/IEC 27001 certification
- Yes
- Who accredited the ISO/IEC 27001
- Intertek Certification Limited
- ISO/IEC 27001 accreditation date
- Initial certification date – 5 dec 2017. Latest certification date – 25 sep 2023
- What the ISO/IEC 27001 doesn’t cover
- The certification includes application development, application management, infrastructure management services, engineering services, business process, outsourcing services, support functions such as human resources, finance, workplace management, sales & marketing, information services, information security management system, covering on-premises and cloud environments within UST.
- ISO 28000:2007 certification
- No
- CSA STAR certification
- No
- PCI certification
- No
- Cyber essentials
- Yes
- Cyber essentials plus
- Yes
- Other security certifications
- Yes
- Any other security certifications
-
- ISO22301
- SOC1 SOC2 type II
Security governance
- Named board-level person responsible for service security
- Yes
- Security governance certified
- Yes
- Security governance standards
- ISO/IEC 27001
- Information security policies and processes
- ISO/IEC27001
Operational security
- Configuration and change management standard
- Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
- Configuration and change management approach
- We track all service components (SIEM, EDR, etc.) through their lifecycle via a Configuration Management Database (CMDB) and change management system. Changes go through a security review to assess impact and vulnerabilities. Regular vulnerability scans, penetration testing, and patching ensure platform security.
- Vulnerability management type
- Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
- Vulnerability management approach
-
Continuous Scanning: We undergo automated vulnerability scans at regular intervals to identify potential weaknesses.
Threat Intelligence Feeds: We stay updated on emerging threats by subscribing to reliable vulnerability feeds from security vendors.
Prioritized Patching: Identified vulnerabilities are assessed for severity and exploitability. Critical vulnerabilities receive priority patching to minimise risk.
Rapid Response: Our design allows for swift deployment of security patches, minimising the window of exposure. - Protective monitoring type
- Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
- Protective monitoring approach
- Potential compromises are categorised using security analytics based on risk and severity and assigned to be either Critical, High, Medium or Low importance and then relevant internal SLAs are applied against them for investigation and response aligned to remediation time-frames within the SLA.
- Incident management type
- Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
- Incident management approach
- Our Incident Response process is aligned to NIST SP 800-61 Computer Security Incident Handling Guide, and steps are defined in the preparation, detection, identification, analysis, containment, eradication, recovery and post analysis stages of the life-cycle against the MITRE ATTACK framework.
Secure development
- Approach to secure software development best practice
- Conforms to a recognised standard, but self-assessed
Separation between users
- Virtualisation technology used to keep applications and users sharing the same infrastructure apart
- No
Energy efficiency
- Energy-efficient datacentres
- Yes
- Description of energy efficient datacentres
-
Sustainability is a key part of our design philosophy and our efficient new data centers. We prioritize the decarbonization
and establishment of circular IT infrastructure, while also focusing on designing and implementing cloud migration and operations. Monitor and report on power and energy consumption, Aisle cooling for data centers, Reduce energy consumption where possible.
Social Value
- Social Value
-
Social Value
- Tackling economic inequality
- Equal opportunity
- Wellbeing
Tackling economic inequality
UST engages in numerous initiatives for tackling economic inequality, these include:
• Working with local Combined Authorities and training providers to build training courses (focussed on digital skills) for economically disadvantaged citizens.
• People who engage in these courses can then be hired by UST into full-time roles and begin their career in technology.
• UST support closing skills gaps in key technology areas e.g. UST have developed a mobile application to support the development of skills in Artificial Intelligence for 3 key user profiles – those looking to start a career in AI, those looking to move into an AI role, and citizens who are interested in AI.
• UST are keen to support local SME’s and can agree with a buyer as to how many local SME’s will be utilised in an engagement.
• UST invest significant sums into innovation aimed at delivering more productivity at lower cost e.g. we have developed our own Generative AI Testing platform.Equal opportunity
UST engages in numerous initiatives for promoting equal opportunities, these include:
• Working TechSheCan to enable great access to women within the world of tech careers. UST also invested in building the training platform for TechSheCan.
• UST work with numerous partners to support veterans who want to start a carer in Tech once they have left the military.
• UST are an equal opportunities employer and do not discriminate on the basis of age, sex, gender, disability, or religion. We can share our policies and process for this to support discussions.
• UST have published a detailed Modern Slavery statement and have processes in place to support this. More details can be found at: https://www.ust.com/content/dam/ust/documents/modern-slavery-statement-2022.pdf
• UST works with local skills development partners to support the development of tech skills amongst numerous societal groups.Wellbeing
• UST have developed a Digital Inclusion Community App to support the development of essential digital skills amongst digital excluded people. This enables citizens to be able to use digital services, from both Public and Private organisations, driving a more integrated digital community.
Pricing
- Price
- £8 to £23 a user
- Discount for educational organisations
- No
- Free trial available
- Yes
- Description of free trial
- POC for 4 weeks
- Link to free trial
- https://go.cyberproof.com/speak-with-an-expert