Charterhouse Voice & Data

Rapid 7 InsightIDR

Simple cloud-based log and event management to meet compliance.
InsightIDR provides immediate and accurate threat detection and drastically reduces the time to respond to attacks by combining behavioural analytics, threat intelligence, and automation in a scalable, easy to love solution that boasts the fastest deployment times in the industry

Features

• User Behaviour Analytics: expose compromised accounts & lateral movement
• Attacker Behaviour Analytics: find known bad micro-behaviours that cause breach
• Endpoint Detection and Visibility: includes remote & travelling workers
• Centralized Log Management: simple, cloud-based performant search
• Visual Investigation Timeline: investigate incidents 20x faster
• Deception Technology: add new monitoring capabilities for malicious behavior
• File Integrity Monitoring (FIM): meet multiple compliance requirements w/InsightIDR
• Network Traffic Analysis: detect intrusions/security events on the network

Benefits

• Search and Visualize Your Security Data
• Detect Compromised Users and Lateral Movement
• Identify Evolving Attacker Behaviour
• 20x Faster Investigations and Incident Response
• Automatically Contain Compromised Users and Assets
• Solve Multiple Compliance Regulations
• Streamlined Case Management

£16.22 a unit a year

• Free trial available

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at publicsector@cvdgroup.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

685868862488950

Contact

Liz Holmes
02076137441
publicsector@cvdgroup.com

Service scope

• Service constraints: In order to deliver our user and asset attribution based detections, organisations will need support ingestion of logs and events from the following four foundational sources: DHCP, LDAP, AD, DNS. The solution also requires an agent deployment for endpoint integration and response, in order to provide the best value for organisations we recommend that deployment is in excess of 80% of all Windows/Linux/Mac endpoints and servers.
• System requirements:
  • Collector requirements: 2GHz+ processor, 8GB RAM recommended
  • 60GB+ available disk space with configured Fully Qualified Domain Name

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: "RESPONSE TIME TARGET AND UPDATE CADENCE; Severity-1 “Critical” < 2 Hours 4 Business Hours; Severity-2 “High” < 4 Business Hours 3 Business Days; Severity-3 “Medium” < 12 Business Hours 5 Business Days"
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: None or don’t know
• Phone support: Yes
• Phone support availability: 24 hours, 7 days a week
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: "RESPONSE TIME TARGET AND UPDATE CADENCE; Severity-1 “Critical” < 2 Hours 4 Business Hours; Severity-2 “High” < 4 Business Hours 3 Business Days; Severity-3 “Medium” < 12 Business Hours 5 Business Days"
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: Rapid7 products are easy to install and use, and our team can provide expert guidance to take your usage of the product much further. The Quick Start Services for InsightIDR help you through deployment and ensure that you get the most value out of your investment.
• Service documentation: Yes
• Documentation formats:
  • HTML
  • PDF
• End-of-contract data extraction: If you opt to end your engagement with Rapid7, you have the opportunity to collect and transfer any data that is possible to export.
• End-of-contract process: At the end of a contract, you will have the opportunity to collect and transfer any data possible to export. If you request that Rapid7 delete all of your data, the request will be processed within 14 days. No additional fees apply.

Using the service

• Web browser interface: Yes
• Using the web interface: Users can perform all actions through the web interface, including administration, reporting, and more. Further details available on request.
• Web interface accessibility standard: None or don’t know
• How the web interface is accessible: Users can perform all actions through the web interface, including administration, reporting, and more. Further details available on request
• Web interface accessibility testing: Details available on request
• API: Yes
• What users can and can't do using the API: The InsightIDR API supports the Representation State Transfer (REST) design pattern. Unless noted otherwise, this API accepts and produces the application/json media type. This API uses Hypermedia as the Engine of Application State (HATEOAS) and is hypermedia friendly. All API connections must be made to the security console using HTTPS.; Documentation available on request.
• API automation tools: Other
• Other API automation tools: REST API: threat intelligence management and incident investigations
• API documentation: Yes
• API documentation formats: Open API (also known as Swagger)
• Command line interface: No

Scaling

• Scaling available: Yes
• Scaling type: Automatic
• Independence of resources: Cloud components are hosted in AWS. Rapid increases in CPU, memory, storage, and networking capacity are performed on demand to meet the scaling and performance needs of enterprise customers.
• Usage notifications: Yes
• Usage reporting:
  • API
  • Email

Analytics

• Infrastructure or application metrics: Yes
• Metrics types: Other
• Other metrics: Platform availability
• Reporting types: Real-time dashboards

Resellers

• Supplier type: Reseller providing extra support
• Organisation whose services are being resold: Rapid7

Staff security

• Staff security clearance: Conforms to BS7858:2019
• Government security clearance: None

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations:
  • United Kingdom
  • European Economic Area (EEA)
  • Other locations
• User control over data storage and processing locations: Yes
• Datacentre security standards: Supplier-defined controls
• Penetration testing frequency: At least once a year
• Penetration testing approach: Another external penetration testing organisation
• Protecting data at rest: Other
• Other data at rest protection approach: All of the data processed and stored is encrypted at rest using various file or disk level encryption mechanisms. Data is encrypted using industry standard AES-256 encryption with keys managed through AWS’s Key Management Service (KMS). Where possible, Rapid7 utilizes AWS’s services to manage encryption at rest (e.g. S3, EBS, RDS, etc.). When not possible, Rapid7 utilizes block level encryption provided by LUKS.; ; Block level encryption is used for ElasticSearch (only used to index some asset metadata). For all other persistence technologies/layers, AWS KMS is used.
• Data sanitisation process: Yes
• Data sanitisation type: Explicit overwriting of storage before reallocation
• Equipment disposal approach: A third-party destruction service

Backup and recovery

• Backup and recovery: Yes
• What’s backed up: Log Data
• Backup controls: Any data fed into InsightIDR for security analytics can also be forked into an Amazon Web Services S3 bucket controlled by the customer. Therefore, customers can store, search, and visualize data in InsightIDR with customizable retention periods, and also have a back up for long-term storage / custom use-cases on their own cloud infrastructure.
• Datacentre setup: Multiple datacentres with disaster recovery
• Scheduling backups: Supplier controls the whole backup schedule
• Backup recovery: Users can recover backups themselves, for example through a web interface

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • TLS (version 1.2 or above)
  • Other
• Other protection between networks: Data sent to and from the Insight platform, including data collected by collectors, agents, and engines; data ingested via APIs and plugins; and interaction with the user interface is encrypted with TLS (HTTPS). Collectors, agents, engines, and plugins are configured to verify and require a valid TLS certificate issued by a trusted certificate authority.
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • Other
• Other protection within supplier network: Data sent to and from the Insight platform, including data collected by collectors, agents, and engines; data ingested via APIs and plugins; and interaction with the user interface is encrypted with TLS (HTTPS). Collectors, agents, engines, and plugins are configured to verify and require a valid TLS certificate issued by a trusted certificate authority.

Availability and resilience

• Guaranteed availability: During the term of Customer’s subscription, the Service will perform in accordance with and subject to this Service Level Agreement (“SLA”). Rapid7’s target is 100% System Availability. If the System Availability during a given month is less than 99.95%, Customer may be eligible for a credit (“Service Credit”), which is the sole and exclusive remedy for any failure to meet the SLA.
• Approach to resilience: Rapid7 maintains a Business Continuity Plan for the Insight platform. The primary goal of this plan is to ensure organizational stability, as well as coordinate recovery of critical business functions in managing and supporting business recovery in the event of disruption or disaster. ; ; Thus, the plan accomplishes the following:; • Ensures critical functions can continue during and after a disaster with minimal interruption;; • Identifies and decreases potential threats and exposures; and; • Promotes awareness of critical interdependencies.; ; We can share a high-level overview of our Business Continuity Plan for the Insight platform upon request.
• Outage reporting: Service status is available at status.rapid7.com. Users may elect to subscribe to notifications from this site.

Identity and authentication

• User authentication:
  • 2-factor authentication
  • Username or password
  • Other
• Other user authentication: The Rapid7 Insight cloud comes with role-based access control and support for multi-factor authentication.; ; Members of the team using InsightIDR can be made Administrator (full access), Investigator (Incident-only access), or Read Only. These roles will limit the functional access of the user, but will not restrict the data that is accessible in InsightIDR. Creating this three-level structure allows interested members outside of the security team to gain insight into the network and view incident alerts without disrupting the workflow of others.
• Access restrictions in management interfaces and support channels: Members of the team using InsightIDR can be made Administrator (full access), Investigator (Incident-only access), or Read Only. These roles will limit the functional access of the user, but will not restrict the data that is accessible in InsightIDR. Creating this three-level structure allows interested members outside of the security team to gain insight into the network and view incident alerts without disrupting the workflow of others.
• Access restriction testing frequency: At least once a year
• Management access authentication:
  • 2-factor authentication
  • Username or password
• Devices users manage the service through: Directly from any device which may also be used for normal business (for example web browsing or viewing external email)

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: At least 12 months
• Access to supplier activity audit information: You control when users can access audit information
• How long supplier audit data is stored for: At least 12 months
• How long system logs are stored for: At least 12 months

Standards and certifications

• ISO/IEC 27001 certification: No
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: No
• Other security certifications: Yes
• Any other security certifications: SOC 2 Type II

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: Other
• Other security governance standards: SOC 2 Type II
• Information security policies and processes: The Information Security and Information Technology groups are responsible for monitoring compliance with data security policies and procedures. Users found in violation of information security policies may be subject to disciplinary action, up to and including 1) removal from any access to company or customer assets, data, or systems, 2) termination of employment, and/or 3) legal action. When required, Information Security will work with Legal and People Strategy to address any instance of non-compliance.; ; We use a SaaS product to manage and control relevant Information Security policies, which includes version control editors and full audit history. Rapid7 employment policies are documented in an internal employee handbook.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: Rapid7 applies a systematic approach to managing change so that changes to services impacting Rapid7 and our customers are reviewed, tested, approved, and well communicated. Separate change management processes are in place for corporate IT systems and Insight platform systems to ensure changes are tailored to the specifics of each environment. The goal of Rapid7’s change management process is to prevent unintended service disruptions and to maintain the integrity of services provided to customers. All changes deployed to production undergo a review, testing, and approval process.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: The Information Security team is continuously monitoring the Rapid7 network and our product environments in accordance with formally documented vulnerability management processes and procedures. Information Security conducts vulnerability scans on a continuous basis, at least weekly. Rapid7 begins immediate action following the identification of critical vulnerabilities and generally completes the process in well under 48 hours.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: "We use InsightIDR to monitor for suspicious and malicious behavior across our user endpoints, networks, servers, and cloud services. Our InsightIDR configuration uses a combination of user behavior analytics, attacker behavior analytics in the form of curated threat intelligence, and custom alerts. ; ; We only monitor systems that Rapid7 has implemented in our hosting environments and platform, not systems that customers deploy themselves within their environment."
• Incident management type: Supplier-defined controls
• Incident management approach: "There is a formal Incident Management process in place and we can provide our Incident Response policy. Incidents are handled by the Information Security team and are escalated to Rapid7's in-house Incident Response team when necessary.; ; Rapid7 uses InsightIDR to monitor on-premises and cloud environments for security incidents. Information Security partners with the MDR and Incident Response services teams to supplement Rapid7’s incident response program. InsightIDR alerts are regularly reviewed by analysts and escalated via a paging system when indications of potentially malicious activity are detected."

Secure development

• Approach to secure software development best practice: Supplier-defined process

Separation between users

• Virtualisation technology used to keep applications and users sharing the same infrastructure apart: Yes
• Who implements virtualisation: Supplier
• Virtualisation technologies used: Other
• Other virtualisation technology used: Virtualization is not used in the separation between users. The Insight cloud is designed as a secure multi-tenant application and is hosted on Amazon Web Services.
• How shared infrastructure is kept separate: InsightIDR is designed as a secure multi-tenant application. Each customer's user data is isolated in its own individual database in AWS, preventing other customers from accessing your user data. As an additional safeguard, each customer's log data is tokenized using a unique UUID that walls the data off from other customers, isolating your company's data.; ; For additional information on our cloud security, please refer to: https://www.rapid7.com/globalassets/_pdfs/whitepaperguide/rapid7-platform-cloud-security-overview.pdf/.

Energy efficiency

• Energy-efficient datacentres: Yes
• Description of energy efficient datacentres: ,

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Tackling economic inequality
  • Equal opportunity
  • Wellbeing

  Fighting climate change

  Rapid7s purpose is simple: secure the foundations of our technologically-dependent society. ; ; At its heart, cybersecurity health is tied to our ability to successfully manage our massive and increasingly-complex technology ecosystem. ; ; We believe Cybersecurity works best when individuals, companies and government work together. ; ; Our environmental strategy gives an overview of Rapid7s efforts as a global participant in the fight against climate change. ; ; • Our Sustainability Committee regularly explore ways to improve our approach and ensure we exceed all applicable environmental laws and regulations. ; ; Rapid7:; ; • Identify and measure the material environmental impacts of our operations. ; ; • Establish targets to reduce our environmental impact and strive for continuous improvement. As a technology company with no physical manufacturing, we still minimize our greenhouse gas (GHG) emissions. We regularly calculate our GHG emissions to review where we can make an impact. ; ; • Reuse, recycle, and responsibly dispose of electronic waste. Rapid7 is committed to using third party vendors that allow us to recycle our outdated electronics according to international guidelines.; ; • Minimize waste sent to landfill through recycling in all locations and composting of food waste in select Rapid7 offices.; ; • Conduct waste audits in larger Rapid7 offices to measure waste reduction.; ; • Switched from single use dishware and cutlery to reusable products, reducing landfill waste.; ; • Measure major greenhouse gas emissions with the aim of continuous reduction of carbon-intensive activities, improved energy efficiencies, and the procurement of renewable energy.; ; • Develop goals, practices, and metrics to measure and create more sustainable workplaces at Rapid7.; ; • Rely on conferencing technology to eliminate non-essential business travel.; ; • Locate offices near transportation hubs to maximize use of public transportation.; ; • Locate offices in areas with easy, walkable access to amenities.; ; • Use sustainable materials and systems when completing new offices builds, retrofitting where appropriate.

  Tackling economic inequality

  • Offices designed to be inclusive to all Moose, with gender-neutral restrooms and showers and mother’s suites; ; • Competitive maternity and paternity leave for expectant parents; ; • Pay equity regardless of gender or race, confirmed by routine surveys and external specialist review; ; • Curated and gamified courses on diversity, inclusion, and belonging through Linkedin Learning; ; • Expand the cybersecurity workforce by developing new talent sources and fostering STEM programs which reach underrepresented and under-resourced communities. ; ; When we create more opportunities for all people we further equality while expanding the workforce, solving one of cybersecurity’s biggest challenges.; ; • Support free and open security solutions, which provide tools to those without resources to protect their organizations, and support organizations who lack resources to effectively implement the cybersecurity measures they need.; ; • Strengthen cybersecurity outcomes and awareness for all through advocacy and research, particularly within under-resourced and vulnerable communities. ; ; We are compelled to create better policy outcomes and drive community collaboration, support those without significant security resources, and provide greater education on the realities of the threat landscape. ; ; The Rapid7 Cybersecurity Foundation invests in organizations who work in the following areas in pursuit of creating a secure and prosperous digital future for all:; ; • STEM education, Diversity, Equity & Inclusion in technology, and efforts by organizations to make careers in cybersecurity welcoming to all;; ; • Open source tools and volunteering to help make effective cybersecurity solutions available to under-resourced organizations, including non-profits and municipalities;; ; and; ; • Research and policy advocacy to strengthen cybersecurity for vulnerable communities, improve cybersecurity awareness, and make effective security outcomes available to all.

  Equal opportunity

  "At Rapid7, we fundamentally believe that every person deserves an equal opportunity to build an exceptional career and that diversity of mindset is integral to the growth and success of our company." ; ; Corey Thomas, Chairman & CEO ; ; At Rapid7, we celebrate people bringing diverse perspectives to the table as we work together to help create a secure digital future for everyone.; ; Diversity of backgrounds and mindsets help us close gaps in experience and spark innovation. A deep commitment to Diversity, Equity & Inclusion is core to the strength and success of our business. ; ; It empowers our communities, makes our company healthier, and makes our customers more secure. It’s also, quite simply, the right thing to do. Not just for us, but for the advancement of our industry and our world. This is why we are building a place where everyone feels welcome to be their authentic selves. ; ; We’re committed to bringing together people from different backgrounds and investing in programs that nurture pathways for the future talent of our tech community. ; ; This commitment is fueled by two of our core values: Be an Advocate and Bring You. We advocate for customers, underrepresented groups, and one another, to create a more connected and collaborative experience for all; and we want every person to feel empowered to embrace their own uniqueness and feel comfortable bringing their true self to work.

  Wellbeing

  We refer to our people at Rapid7 as Moose, a word that remains unchanged in both its singular and plural forms. ; ; It’s one of the many ways we work to build an internal sense of camaraderie and community. ; ; We’re one Moose and proud of the diverse perspectives that strengthen our herd.; ; Here are some notable initiatives helping to make Rapid7 a more diverse, equitable, and inclusive home for every Moose. ; ; At Rapid7, we believe that everyone has a role to play in creating an inclusive environment. ; ; We regularly create intentional moments for our people to educate themselves on the lived experience of others and grow on their personal journey of inclusion. ; ; Our goal is that anyone, no matter their background can come to Rapid7, be proud of who they are and do their best work ever.; ; Community and Culture are a big deal here, our Rapid Impact Groups (RIGs) are supported by the business, but entirely driven by employees. ; ; The only requirement is that our groups foster connection across the business, offer opportunities for professional development, aid in the elevation of the communities they were created to support and find meaningful ways to support fellow RIGs. ; ; • Offices designed to be inclusive to all Moose, with gender-neutral restrooms and showers and mother’s suites; ; • Competitive maternity and paternity leave for expectant parents; ; • Pay equity regardless of gender or race, confirmed by routine surveys and external specialist review; ; • Curated and gamified courses on diversity, inclusion, and belonging through Linkedin Learning

Pricing

• Price: £16.22 a unit a year
• Discount for educational organisations: No
• Free trial available: Yes
• Description of free trial: InsightIDR is available as a full-featured 30-day free trial. Users can:; ; • Add in security data across their network, cloud services & infrastructure, and endpoints; • Detect common and targeted threats, or simulate attacks to validate pre-built detections; • Investigate incidents & try automation and containment integrations

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at publicsector@cvdgroup.com. Tell them what format you need. It will help if you say what assistive technology you use.