Netcraft

Cybercrime Detection and Disruption

We offer a highly automated solution for promptly detecting and removing malicious content from the internet. We can handle a wide range of attack vectors including phishing URLs, brand infringement, malware, fraudulent social media profiles, fake mobile apps, and e-mail addresses being used to conduct fraud.

Features

• Detect cybercrime impersonating your organisation
• Rapid, fully automated verification of suspected attacks
• Takedown notifications sent as soon as attack is verified
• Messages are sent in recipient's local language
• Covers more than 80 attack types
• 15 minutely monitoring through the attack lifecycle
• Secure JSON-based API
• Transparent progress reporting through web dashboard

Benefits

• Protect your organisation against phishing, malware, and more
• Fire and forget protection, runs 24/7 without requiring your input
• Flexible and customisable approach to cover new attack types
• Can be accessed from anywhere, anytime

£12,000 to £1,000,000 an instance a year

• Free trial available

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at rad@netcraft.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

594953302924509

Contact

Robert Duncan
01225 447500
rad@netcraft.com

Service scope

• Software add-on or extension: No
• Cloud deployment model: Public cloud
• Service constraints: All modern web browsers supported.
• System requirements: Web Browser

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Support is available 24/7
• User can manage status and priority of support tickets: No
• Phone support: Yes
• Phone support availability: 24 hours, 7 days a week
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: Support is provided by electronic mail and telephone.
• Support available to third parties: No

Onboarding and offboarding

• Getting started: We provide detailed online documentation and videos, and also can provide a live video call demonstration of the portal to answer any questions.
• Service documentation: Yes
• Documentation formats: HTML
• End-of-contract data extraction: CSV download is available.
• End-of-contract process: N/A

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: Responsive Design
• Service interface: Yes
• User support accessibility: None or don’t know
• Description of service interface: Web based interface
• Accessibility standards: None or don’t know
• Description of accessibility: N/A
• Accessibility testing: N/A
• API: Yes
• What users can and can't do using the API: A full HTTP API is available, including detailed documentation. Contact us to manage user accounts and permissions and for API credentials.
• API documentation: Yes
• API documentation formats:
  • Open API (also known as Swagger)
  • HTML
• API sandbox or test environment: Yes
• Customisation available: Yes
• Description of customisation: The range of cybercrime attack types that are covered by both detection and countermeasures can be customised to your needs as described in the pricing document.

Scaling

• Independence of resources: We scale our applications to account for load placed by all customers.

Analytics

• Service usage metrics: Yes
• Metrics types: We provide a detailed set of reporting & charting covering the progress of the detection and countermeasures processes within an interactive portal.
• Reporting types:
  • Real-time dashboards
  • Regular reports

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: None

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations:
  • United Kingdom
  • European Economic Area (EEA)
• User control over data storage and processing locations: No
• Datacentre security standards: Supplier-defined controls
• Penetration testing frequency: Less than once a year
• Penetration testing approach: In-house
• Protecting data at rest: Other
• Other data at rest protection approach: We physically secure access to our data centre and backup media.
• Data sanitisation process: Yes
• Data sanitisation type: Explicit overwriting of storage before reallocation
• Equipment disposal approach: In-house destruction process

Data importing and exporting

• Data export approach: Data can be exported in CSV format.
• Data export formats: CSV
• Data import formats: Other
• Other data import formats: We can accept reports by HTTP API or email

Data-in-transit protection

• Data protection between buyer and supplier networks: TLS (version 1.2 or above)
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

• Guaranteed availability: If the Service is unavailable continuously for 3 (three) days or unavailable for an aggregate of 120 (one hundred and twenty) hours within the Subscription Period the customer may terminate the Service and receive a pro-rata refund for the unused period.
• Approach to resilience: Available on request
• Outage reporting: Email alerts

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Username or password
• Access restrictions in management interfaces and support channels: User Account Authentication, Multi Factor Authentication, IP ACLs
• Access restriction testing frequency: At least once a year
• Management access authentication:
  • 2-factor authentication
  • Username or password

Audit information for users

• Access to user activity audit information: You control when users can access audit information
• How long user audit data is stored for: At least 12 months
• Access to supplier activity audit information: You control when users can access audit information
• How long supplier audit data is stored for: At least 12 months
• How long system logs are stored for: At least 12 months

Standards and certifications

• ISO/IEC 27001 certification: No
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: No
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: No
• Security governance approach: Risk based approach.
• Information security policies and processes: Defined in our internal Policies and Procedures document

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: We have an internal change management process
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: Netcraft is a PCI approved scanning provider, and tests its own infrastructure. Patches are applied as appropriate.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: Netcraft has a Security Incident Detection and Remediation programme.
• Incident management type: Supplier-defined controls
• Incident management approach: We have an internal policy for handing incidents.

Secure development

• Approach to secure software development best practice: Supplier-defined process

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  Tackling economic inequality

  Tackling economic inequality

  Tackling economic inequality; ; Netcraft recognises the problem of economic inequality, and where it is possible and reasonable seeks to address it through 1) the creation of new jobs and skills and 2) by increasing its supply chain resilience and capacity:; ; Netcraft is proud of the employment opportunities it creates and the training it provide its employees to address the skills-gaps in the cybersecurity sector.; ; As an equal opportunities employer, the employment opportunities Netcraft creates are open to those who historically have faced barriers to employment, or come from deprived areas.; ; Netcraft supports innovation throughout their supply chain such that they can deliver higher quality goods and services.; ; Netcraft conducts all its business in an honest and ethical manner, and are committed to acting professionally, fairly and with integrity in all their business dealings and relationships.; ; Netcraft takes action to identify and manage any cyber risks that arise in the delivery of the services it provides.

Pricing

• Price: £12,000 to £1,000,000 an instance a year
• Discount for educational organisations: No
• Free trial available: Yes
• Description of free trial: We can offer a 14 day trial of the service.

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at rad@netcraft.com. Tell them what format you need. It will help if you say what assistive technology you use.