apto solutions limited

Splunk Software

Apto provide SaaS products for Splunk to help monitor and analyse machine data. Used in conjunction with data pipelining services such as Cribl and Splunk Edge Processor along with data analytics we deliver improved operational intelligence. We use Splunk and Cloud Accredited Consultants (AWS and Azure) to deliver this service.

Features

• Splunk Cloud, Splunk ITSI, Splunk ES, mission control, SOAR
• logging and monitoring strategy and solution design
• SIEM cost control and data ingest reduction
• data pipelining, retention and analytics strategies
• AWS, Azure and GCP. Operate with Sentinel and Chronicle
• splunk cloud migration approaches
• production monitoring of digital services
• gain business insight from real time machine data
• improve IT Operations monitoring
• Splunk observability with logging and monitoring devsecops approach

Benefits

• monitor business risks and threats effectively with SIEM
• implement appropriate logging and monitoring strategies
• understand splunk and SIEM within other threat detection capabilities
• optimise and reduce SIEM Splunk cost and data volumes
• migrate to and from Splunk cloud seemlessley
• manage data across IT security and business functions
• ensure digital services are available, secure, resilient and performing
• Manage Splunk Cloud Costs
• manage data retention requirements
• Meet compliance requirements

£557 a gigabyte a year

• Education pricing available
• Free trial available

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at simon.eastwood@aptosolutions.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

645049490813494

Contact

Simon Eastwood
+44 (0) 7718319047
simon.eastwood@aptosolutions.co.uk

Service scope

• Software add-on or extension: Yes, but can also be used as a standalone service
• What software services is the service an extension to: CRM, Marketing, SalesForce, ServiceNow, ERP, Data Processing, legacy systems
• Cloud deployment model:
  • Public cloud
  • Private cloud
  • Hybrid cloud
• Service constraints: No
• System requirements:
  • Hardware non Windows> 2 x 6 core 2+GHZ, 12GB RAM
  • Windows> 2 x 6 core 2+GHZ, 12GB RAM
  • Linux, 2.6 and later
  • Mac OS X 10.10 and 10.11
  • Windows 8, 8.1, 10
  • Windows Server 2008 R2, 2012, 2012 R2

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Depends on SLA contracted
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: WCAG 2.1 A
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: 0900 -1800 Monday to Friday excluding UK public holidays. 24/7 available on request.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: Number different options dependent on whether the buyer is new or an existing splunk customer. These range from Sure start a packaged service including the SaaS to get th buyer up and running quickly with a growth plan.
• Service documentation: Yes
• Documentation formats:
  • HTML
  • PDF
• End-of-contract data extraction: Splunk provides the analytics and visualisation tools and depending on the configuration of data retention. The data rests at its original location and does not reside in Splunk. Therefore there is no need for data extraction at end of contract
• End-of-contract process: Migration of analytics to another supplier can be offered depending on the buyers requirements at extra cost.

Using the service

• Web browser interface: No
• Application to install: No
• Designed for use on mobile devices: No
• Service interface: No
• User support accessibility: WCAG 2.1 AAA
• API: Yes
• What users can and can't do using the API: REST API provides methods for accessing every feature in our product. Your program talks to Splunk Enterprise using HTTP or HTTPS, the same protocols that your web browser uses to interact with web pages, and follows the principles of Representational State Transfer (REST).
• API documentation: Yes
• API documentation formats:
  • HTML
  • ODF
  • PDF
• API sandbox or test environment: Yes
• Customisation available: Yes
• Description of customisation: Splunk application sits within the aptos cloud network or within the infrastructure of your chosen Cloud Provider. Splunk consumes data from sources within the network. The User is able to configure dashboards and the target data sources.; configuration can be through Splunk Web, Splunk's Command Line Interface (CLI), Splunk's REST API and directly in configuration files.

Scaling

• Independence of resources: Splunk forwarders sit in the Buyers network or the infrastructure of their chosen cloud provider and therefore contention is under their control. The Splunk indexing and visualisation is typically part of the SaaS offered in an auto monitored and scalable cloud environment.

Analytics

• Service usage metrics: No

Resellers

• Supplier type: Reseller providing extra features and support
• Organisation whose services are being resold: Splunk

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: Up to Security Clearance (SC)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: Yes
• Datacentre security standards: Supplier-defined controls
• Penetration testing frequency: At least every 6 months
• Penetration testing approach: Another external penetration testing organisation
• Protecting data at rest: Physical access control, complying with another standard
• Data sanitisation process: Yes
• Data sanitisation type:
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
• Equipment disposal approach: In-house destruction process

Data importing and exporting

• Data export approach: There are many ways that a user can export data .Splunk provides a REST API to export data. Data can be exported by the Splunk Web facility. Users can use the Command Line Interface, SDK's and data forwarding tools.
• Data export formats:
  • CSV
  • Other
• Data import formats:
  • CSV
  • Other
• Other data import formats:
  • JSON
  • XML
  • Raw Data

Data-in-transit protection

• Data protection between buyer and supplier networks: Other
• Other protection between networks: Splunk sits within the Buyers network or the infrastructure of their chosen cloud provider. Data protection between networks is the responsibility of the Buyer or their cloud provider.
• Data protection within supplier network:
  • Legacy SSL and TLS (under version 1.2)
  • Other
• Other protection within supplier network: Splunk sits within the Buyers network or the infrastructure of their chosen cloud provider. There is no connection between Splunks networks and those of the Buyer. Data protection between networks is the responsibility of the Buyer or their cloud provider

Availability and resilience

• Guaranteed availability: We have different SLA's for different levels of service selected. That service level dictates the availablity percentage, the tolerances and subsequently the service credit. Service credits are applied only to future service payments.
• Approach to resilience: Available on request.
• Outage reporting: Email Alerts and Via Customer Support Portal

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Dedicated link (for example VPN)
  • Username or password
• Access restrictions in management interfaces and support channels: The service can integrate with existing authentication systems or uses groups and user permissions for access to particular functionality of the service.
• Access restriction testing frequency: At least once a year
• Management access authentication: Username or password

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: User-defined
• Access to supplier activity audit information: No audit information available
• How long system logs are stored for: User-defined

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: QAS International
• ISO/IEC 27001 accreditation date: 14/04/2015
• What the ISO/IEC 27001 doesn’t cover: N/A
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: No
• Other security certifications: Yes
• Any other security certifications: ISIO27001

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: ISO/IEC 27001
• Information security policies and processes: This is documented as part of our ISO27001 policies and processes.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: Changes to services and features follow our documented configuration and change management policy.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: As part of our ISO27001 policies and processes we follow a number policies to prevent, assess, log, manage and eradicate vulnerabilities.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: We have processes that continually review our monitoring devices, logs, processes, usage, application metrics, unauthorised connection attempts, attacks and so on.
• Incident management type: Supplier-defined controls
• Incident management approach: We have pre-defined ISO processes for incident management. Users report incidents through our helpdesk, using an incident management form. We provide incident management reports in a standard format as per our policy.

Secure development

• Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Tackling economic inequality
  • Wellbeing

  Fighting climate change

  As a business, Apto is committed to fighting climate change including operating in a modern, energy efficient managed office, encouraging limited travel and remote working where possible, operating a paperless office, operating on efficient cloud services where possible and operating electric vehicles. Our service is aimed at helping customers reduce their cloud workloads and therefore become more energy efficient and conscious

  Tackling economic inequality

  Under the Policy Outcome heading we are tackling supply chain resilience and quality. For a detective solution to work correctly it is imperative that SOC team are acting on the best, most up to date information properly. This requires a SIEM to be properly designed and implemented which our service enables. In addition, appropriate monitoring of digital services is key to ensuring that services remain operational for all end users. This is particularly critical for the digital services being consumed at scale by the public. ; ; By growing our business and this service we are also providing employment opportunities. Working as part of the Apto Operate service is an excellent way for our new joiners to begin their careers in cyber security engineering.

  Wellbeing

  A frequently reported fact is currently on SOC analyst burnout and well being. The requirement for cyber security professionals is increasing, and the need for SOC operations. However, as data volumes exist, this is increasingly becoming a job of looking at vast quantities of data. Terms such as "alert fatigue" are becoming more frequent as SOC analysts are overwhelmed with data and false positives. Our service aims to automate and optimise the use of data within SIEM. Not only does this stop employees having to manually carry out these tasks, but also improves the quality of data to the SOC team

Pricing

• Price: £557 a gigabyte a year
• Discount for educational organisations: Yes
• Free trial available: Yes
• Description of free trial: Provided by Splunk Directly, Full capablity of a Splunk Enterprise license for 60 days allowing indexing up to 500 megabytes of data per day.

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at simon.eastwood@aptosolutions.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.