NETBUILDER DIGITAL LTD

The Splunk Platform

Splunk monitors and analyses machine data from any source to deliver Operational Intelligence to optimise your IT, security and business performance. With intuitive analysis features, machine learning, artificial intelligence, packaged applications and open APIs, alongside Phantom, ITSI and SIEM.

Features

• Cloud, hybrid or enterprise deployment
• Collects and indexes log and machine data from any source
• Powerful search, analysis and visualization capabilities empower users
• Fraud and cyber threat detection analysis
• Real time analysis for operational intelligence and business reporting
• Information Assurance and security analysis
• Monitor and ensure compliance issues
• Monitor Logistics RFID and logistics databases machine data (HUMS)
• Monitor and manage internet of things including SCADA data
• Big Data Analytics, machine data from internet/internal network

Benefits

• Delivers real-time visibility of the service user experience
• Troubleshoot performance or security incidents in minutes, not hours
• Collect and index any machine data from virtually any source
• Delivers the scalability, reliability and functionality you need
• Find the relationships within your data
• Use built-in Splunk analytics modules to tackle impactful issues
• Make more sense of your huge volumes of data
• Choose from a wide range of charts and visualizations
• Use the dashboards to continually monitor events, conditions or KPIs
• Provides secure data handling, access controls, auditability and assurance

£165 a gigabyte a year

• Free trial available

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at NETbuilderPublicSector@netbuilder.io. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

693601647485535

Contact

Maxwell Ashley
07481 758650
NETbuilderPublicSector@netbuilder.io

Service scope

• Software add-on or extension: No
• Cloud deployment model: Hybrid cloud
• Service constraints: In order to operate in an efficient and secure manner, the Splunk Cloud Service requires routine maintenance and upgrades. These are Splunk’s policies regarding offline periods so that maintenance may be performed.; ; ROUTINE MAINTENANCE - is performed at most once per month and lasts no more than 4 hours. Customers can request a maintenance window around the clock starting Sunday 3 PM through Friday 5 PM PST.; ; EMERGENCY MAINTENANCE - service-affecting maintenance is only performed in circumstances that require immediate attention, it is not scheduled. Splunk will make commercially reasonable efforts to notify Customers should Emergency Maintenance become necessary.
• System requirements:
  • Windows> 2 x 6 core 2+GHZ, 12GB RAM
  • Non Windows> 2 x 6 core 2+GHZ, 12GB RAM
  • Linux, 2.6 and later
  • Mac OS X 10.10 and 10.11
  • Windows 8, 8.1, 10
  • Windows Server 2008 R2, 2012, 2012 R2

User support

• Email or online ticketing support: Yes, at extra cost
• Support response times: NETbuilder will provide prioritised support services for the Managed Services, to be accessed by Customer’s Technical Support Contacts 24 hours a day, 7 days a week (each such request a “Service Request” or an “Incident” or a “Change Request”) according to an agreed set of Response Times for each service request type and priority level.
• User can manage status and priority of support tickets: No
• Phone support: Yes
• Phone support availability: 24 hours, 7 days a week
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: "Our Production Support Level ensures that our customer’s technology estate is operational whilst providing them significant autonomy in daily application and business operations. Production customers are assisted with a self-service portal that makes it easy to request help, search knowledgeable content and track progress on issues, and by the NETbuilder Technical Support team composed of service desk agents and a named Service Delivery Manager (SDM) primarily tasked with system maintenance, health reporting, and solution monitoring on a 24x7 basis.; ; Our Enterprise offering is a premium full-service package developed with the goal of empowering customer teams to focus on their core business and deliver effectively at scale. This offering entitles the customer to a single point of contact with NETbuilder — Technical Account Manager (TAM), a highly skilled professional proactively supporting the customer during deployment time and production related activities, while ensuring the maintenance and troubleshooting of the technology stack. The TAM meets regularly with the customer and can assist with activities such as performance tuning, configuration, etc. "
• Support available to third parties: No

Onboarding and offboarding

• Getting started: Initiation.; In order to best kick start and setup the service, we come on site to meet the team, give an initial overview of the Managed Service and describe the next steps.; ; Discovery.; Once the introductions are completed, we run an initial discovery phase in which we review and validate the scope of the service with the business and technical stakeholders, make an inventory of the resources to support, define a service catalogue, lock down the SLA.; ; On-Boarding.; Setup the support, networking and monitoring services, put quality controls in place, check integration points, integrate to the customer business process, trial run end-to-end key use cases and live incidents, start preparing initial knowledge base, grant access etc.; ; Transition.; Smoothly switch to the new support service and check hands for an official start.; ; Maintenance and Support.; Proactively support and maintain your solution as well as regularly report on its performance.
• Service documentation: Yes
• Documentation formats:
  • HTML
  • ODF
  • PDF
• End-of-contract data extraction: Customer data can be copied to a secure repository and source data deleted. There is no additional charge for this service.
• End-of-contract process: The exit plan contains instructions as to whether the service is to be ceased or migrated to another third party.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
• Application to install: Yes
• Compatible operating systems:
  • Android
  • IOS
  • Linux or Unix
  • MacOS
  • Windows
  • Windows Phone
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: If it is through a web browser the functionality is the same. if it is through the Splunk Mobile App custom visualisations do not work
• Service interface: Yes
• User support accessibility: None or don’t know
• Description of service interface: Splunk Cloud does not allow direct access to infrastructure by customers. As a result, you do not have command line access to Splunk Cloud. Any supported task that requires command line access is performed by the self-service capabilities of Splunk or by filing a service ticket.
• Accessibility standards: None or don’t know
• Description of accessibility: Splunk Cloud does not allow direct access to infrastructure by customers. As a result, you do not have command line access to Splunk Cloud. Any supported task that requires command line access is performed by the self-service capabilities of Splunk or by filing a service ticket.
• Accessibility testing: Available on request
• API: Yes
• What users can and can't do using the API: Differences in implementation details between Splunk Cloud and Enterprise plus permissions for the sc_admin role impacts REST API access. In Splunk Cloud, you open a support ticket to enable REST API access. In addition, Splunk Cloud supports a subset of the REST API endpoints available in Splunk Enterprise. You can find more information regarding using the REST API with Splunk Cloud here https://docs.splunk.com/Documentation/SplunkCloud/7.2.6/RESTTUT/RESTandCloud
• API documentation: Yes
• API documentation formats:
  • HTML
  • PDF
• API sandbox or test environment: Yes
• Customisation available: Yes
• Description of customisation: Splunk provides an agile reporting and analytics capability. Reports and dashboards are fully customisable. Role based access is available to allow the customer full control over changes and customisations. The user is able to configure dashboards and the target data sources. Configuration can be through Splunk Web, Splunk's Command Line Interface (CLI), Splunk's REST API and directly in configuration files.

Scaling

• Independence of resources: Dedicated tenancies are enforced to ensure customer segregation. Therefore one customer service cannot be affected by another customers service.

Analytics

• Service usage metrics: Yes
• Metrics types: • CPU; • Disk; • HTTP Request and Response Status; • Memory; • Network; • Number of active instances; • Others
• Reporting types:
  • API access
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

• Supplier type: Reseller (no extras)
• Organisation whose services are being resold: Splunk

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: Up to Developed Vetting (DV)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations:
  • United Kingdom
  • European Economic Area (EEA)
• User control over data storage and processing locations: No
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least once a year
• Penetration testing approach: In-house
• Protecting data at rest:
  • Physical access control, complying with CSA CCM v3.0
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Physical access control, complying with another standard
  • Encryption of all physical media
  • Scale, obfuscating techniques, or data storage sharding
• Data sanitisation process: Yes
• Data sanitisation type:
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

• Data export approach: There are many ways that a user can export data. Splunk provides a REST API to export data. Data can be exported by the Splunk Web facility. Users can use the Command Line Interface, SDK's and data forwarding tools.
• Data export formats:
  • CSV
  • Other
• Other data export formats:
  • XML
  • JSON
  • Raw Data
• Data import formats:
  • CSV
  • Other
• Other data import formats:
  • XML
  • JSON
  • Raw Data

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • Private network or public sector network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Bonded fibre optic connections
  • Legacy SSL and TLS (under version 1.2)
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Legacy SSL and TLS (under version 1.2)

Availability and resilience

• Guaranteed availability: Mission-critical performance, scale and reliability - 100% uptime SLA; ; Splunk provides a 100% uptime SLA for Splunk Cloud. Customers receive service credits in the event of SLA failures, as set forth in our current SLA schedule. As Splunk Cloud is offered uniformly across all customers, the SLA cannot be modified on a customer by customer basis
• Approach to resilience: Splunk cloud is delivered with an SLA of 100%. The service is hosted in AWS and details of the underlying configuration can be provided on request
• Outage reporting: Email alerts

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Limited access network (for example PSN)
  • Dedicated link (for example VPN)
  • Username or password
• Access restrictions in management interfaces and support channels: Role Based Access Control is supported
• Access restriction testing frequency: At least every 6 months
• Management access authentication:
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Limited access network (for example PSN)
  • Dedicated link (for example VPN)
  • Username or password

Audit information for users

• Access to user activity audit information: You control when users can access audit information
• How long user audit data is stored for: User-defined
• Access to supplier activity audit information: You control when users can access audit information
• How long supplier audit data is stored for: User-defined
• How long system logs are stored for: User-defined

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: Alcumus
• ISO/IEC 27001 accreditation date: 18/07/2023
• What the ISO/IEC 27001 doesn’t cover: -
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: No
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: ISO/IEC 27001
• Information security policies and processes: Processes Splunk Cloud based service uses third-party validation by Brightline of our processes and policies efforts to safeguard customer data to industry standards worldwide. Working with our audit partners, SOC 2 Type 2 attestation is completed for all Splunk Cloud customer environments and ISO 27001 certification is completed for Splunk Cloud customer environments provisioned for data ingestion of over 20GB/day

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: • Customer requests change to service or solution: affected systems, possible risks, security risks, and expected implementation to qualified brief.; • Service Delivery Manager escalates the request to the engagement team who determines if the change is valid.; • Team plans the change. Details recorded about: the expected outcomes, effort estimates, resource profile, timeline, testing, ways to roll back the change, risks including security risks, dependencies and assumptions.; • Change approval board (CAB) may need to review the plan.; • Team implements the change, documenting procedures and results.; • Service Delivery Manager reviews and closes the implemented change.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: The security measures of Splunk and AWS are further described in the Technical Briefing paper at https://www.splunk.com/pdfs/technical-briefs/safeguarding-customer-data-in-splunk-cloud.pdf
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: The security measures of Splunk and AWS are further described here https://docs.splunk.com/Documentation/SplunkCloud/latest/Service/SplunkCloudservice#Security
• Incident management type: Supplier-defined controls
• Incident management approach: End users (via portal, phone or email), monitoring systems, or service desk describes and logs the incident.; Service desk records at a minimum the date and time, reporter name, and a unique ID.; Agent labels the incidents with appropriate categorisation.; Service desk prioritizes incident based on business impact and urgency.; Team diagnoses the incident, services effected, possible solutions. Agents communicate with incident reporters.; Service desk team can escalate the incident to the second or third line support.; The service desk resolves the service interruption and verifies that the fix is successful. Resolution is fully documented.; Service desk closes the incident.

Secure development

• Approach to secure software development best practice: Conforms to a recognised standard, but self-assessed

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Tackling economic inequality
  • Equal opportunity

  Fighting climate change

  NETbuilder a public target set up with SBTi (Science Based Targets) and report on EcoVadis and CDP.

  Tackling economic inequality

  NETbuilder recruits, employs and trains consultants per client engagement, often in regional areas with limited industry. We assess based on attitude and aptitude of the individual, not education alone, opening career opportunities to people moving into a technology career.; ; At a high level we:; • Provide paid full time training to employees to lower the barrier to entry. ; • Have accessible training programmes tailored to equip employees with the skillsets required customers. These programs are designed to be inclusive, making them accessible to everyone.; • Have objective recruitment processes that include training our hiring teams and equipping them with the tools to assess candidates solely based on their qualifications, skills, and fit for the role. This is managed, tracked and auditable in the SkillsNow platform; a valuable tool for diversity monitoring.; • Support investment by hiring locally. We align with our customers' goals, tapping into broader talent pools, particularly from underprivileged or less advantaged backgrounds. These individuals possess the necessary skills and potential but might not have had the opportunity to relocate or gain the right experience. ; • All employees actively contribute in our journey towards achieving net zero. Sustainability principles are being integrated into our corporate culture and governance procedures. ; Uniquely we provide transfer options for our staff to move to customer permanent employment on project handover, or after agreed timescales have been met. This promotes in region investment and increases skills over time, addresses digital skills gaps in critical technologies, supports maintenance of legacy applications.; ; NETbuilder provides upskilling and reskilling programmes to support non-technical staff to transition into CDIO, aligned to the Government Digital and Data Profession Capability Framework. This can be provided as a value add during training of our own staff pre-project deployment, combining customer employees into bootcamps, or as a standalone service.

  Equal opportunity

  NETbuilder recruits, employs and trains consultants per client engagement, often in regional areas with limited industry. We assess based on attitude and aptitude of the individual, not education alone, opening career opportunities to people moving into a technology career.; ; At a high level we:; • Provide paid full time training to employees to lower the barrier to entry. ; • Have accessible training programmes tailored to equip employees with the skillsets required customers. These programs are designed to be inclusive, making them accessible to everyone.; • Have objective recruitment processes that include training our hiring teams and equipping them with the tools to assess candidates solely based on their qualifications, skills, and fit for the role. This is managed, tracked and auditable in the SkillsNow platform; a valuable tool for diversity monitoring.; • Support investment by hiring locally. We align with our customers' goals, tapping into broader talent pools, particularly from underprivileged or less advantaged backgrounds. These individuals possess the necessary skills and potential but might not have had the opportunity to relocate or gain the right experience. ; • All employees actively contribute in our journey towards achieving net zero. Sustainability principles are being integrated into our corporate culture and governance procedures. ; Uniquely we provide transfer options for our staff to move to customer permanent employment on project handover, or after agreed timescales have been met. This promotes in region investment and increases skills over time, addresses digital skills gaps in critical technologies, supports maintenance of legacy applications.; ; NETbuilder provides upskilling and reskilling programmes to support non-technical staff to transition into CDIO, aligned to the Government Digital and Data Profession Capability Framework. This can be provided as a value add during training of our own staff pre-project deployment, combining customer employees into bootcamps, or as a standalone service.

Pricing

• Price: £165 a gigabyte a year
• Discount for educational organisations: No
• Free trial available: Yes
• Description of free trial: The Splunk free cloud trial lets you search, analyze and visualize 5GB of your own data for 15 days. You can transition your trial instance to a production account.
• Link to free trial: https://www.splunk.com/page/sign_up/cloud_trial?responsive=1&redirecturl=%2Fgetsplunk%2Fcloud_trial

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at NETbuilderPublicSector@netbuilder.io. Tell them what format you need. It will help if you say what assistive technology you use.