BT PLC

BT Managed CrowdStrike Falcon XDR

The BT Managed CrowdStrike Falcon XDR service utilises BT’s managed security services capability and CrowdStrike's XDR technology to provide customers with the capabilities to detect and prevent ransomware attacks, malware infections, and other advanced threats around the clock. Starting with endpoints and servers and then extending to identity sources.

Features

• Endpoint protection with machine learning, AI and threat intelligence
• Next generation anti-virus capability
• Known vulnerability assessment of endpoints
• Application, asset, device and account inventories
• USB device control
• Device software firewall
• Identity protection to protect against identity based attacks
• Integrated threat intelligence
• Cloud security - CSPM and CWP
• Third party solution integration

Benefits

• BT's 24/7 security operations centre
• Lightweight agent, broad support, no reboots
• BT's skilled cyber security specialists provide configuration and setup
• Security posture via detailed dashboards and reporting
• Threat led detection to stop modern adversaries
• MITRE ATT&CK mapping - understand and stop attacks early
• Scan-less vulnerability insight for endpoints
• Understand when credentials have been compromised
• Platform designed for the cloud performant and highly scalable
• CrowdStrike's world class threat led detection

£65 to £188 a device a year

• Free trial available

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at ccsframeworks@bt.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

695695654435241

Contact

Frameworks Team
0800 3288077
ccsframeworks@bt.com

Service scope

• Software add-on or extension: No
• Cloud deployment model: Private cloud
• Service constraints: The Falcon agent supports a wide range of Windows, macOS, Linux, Android and IOS based operating systems. The latest supported platform list can be found: https://www.crowdstrike.co.uk/products/faq/ (Deployment)
• System requirements:
  • Host system must be capable of installing the Falcon agent
  • Port 443 non-SSL inspected comms to 2 Cloud FQDN addresses
  • Access to control console with Google Chrome Browser + 2FA
  • Microsoft Active Directory
  • Azure Active Directory

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Response times are based on the severity/priority of the detected security incident: Priority 1 within 15 minutes, Priority 2 within 30 minutes.
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: WCAG 2.1 AAA
• Phone support: Yes
• Phone support availability: 24 hours, 7 days a week
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: All support is 24/7. ; There are three different grades of service. ; ; Foundation - covers endpoint security and provides a basic alerting and reporting service. Reporting is self-service and bi-annual with a nominated BT resource.; ; Foundation Plus - covers endpoint and identity security and provides more advanced alerting with remediation/mitigation advice and manual mitigation actions. Reporting is quarterly via a dedicated BT resource.; ; Premium - covers endpoint, identity and cloud security and provides more advanced alerting with remediation/mitigation advice and automated mitigation actions. Reporting is monthly via a dedicated BT resource.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: BT have a standard onboarding process that provides a structure methofd for onboarding customers to the service.; BT will: ; 1. provide a Technical Order Form (TOF), to capture and agree the technical details needed for the correct set-up and configuration of the service, this will include any specific policy requirements that fall outside of the standard BT default policies.; 2. provide the customer with access to BT’s Customer Hub to enable the creation of change requests and service incidents.; 3. provide standard best practice set of default policies which the customer can agree or adapt to their own specific needs.; 4. conduct an initial deployment to enable the customer to understand the policies and processes needed to roll out the Falcon agent across all in-scope endpoints.; ; Once the initial setup has been completed BT will conduct and period of controlled deployment. This is a defined period for customer testing and service optimisation. Controlled Deployment period helps ensure policies are tuned correctly to achieve the customer’s desired outcomes.
• Service documentation: Yes
• Documentation formats:
  • HTML
  • PDF
• End-of-contract data extraction: CrowdStrike Falcon is a cloud based software as a service platform. If requested and if available under the data retention selected at order time, there is the possibility for raw and uncompressed EDR log file extraction for complete telemetry archival to be provided. Please be aware that this is likely to be 30-300MB per machine per day so consideration should be made on data storage and/or SIEM or log management processing costs.
• End-of-contract process: CrowdStrike Falcon is a subscription-based service so if the active licence expires, continuing use of the platform comprises a breach of EULA. If the licence no longer requires the Falcon Platform, then the console will be locked from use. The logs stored within will expire in accordance with the data retention policy selected. The customer instance will then be deleted by CrowdStrike so that no data remains. If the buyer does require the product and has let the licence elapse in error, they must contact the Supplier in order to ensure that the instance remains accessible whilst the licence renewal takes place.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Microsoft Edge
  • Chrome
• Application to install: Yes
• Compatible operating systems:
  • Android
  • IOS
  • Linux or Unix
  • MacOS
  • Windows
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: The service uses two distinct Falcon agents for mobile and desktop. Android and iOS mobile devices are supported.
• Service interface: Yes
• User support accessibility: WCAG 2.1 AA or EN 301 549
• Description of service interface: CrowdStrike Falcon is managed by BT through an HTTPS Web Interface. The BT service is designed to provide different roles for BT and its customers. BT provide resource to administer and make changes in the security settings, monitor security detections, threat hunt etc. ; Access to the console uses role-based administration with 2FA access.; Customers are provided specific roles to allow them to review reports and dashboards.
• Accessibility standards: WCAG 2.1 AA or EN 301 549
• Accessibility testing: The Falcon Platform is tested with JAWS + Voice Over for Mac as well as automated accessibility testing.
• API: Yes
• What users can and can't do using the API: Within the context of BT's managed service the API is not open to customers as standard. BT can discuss the use of the API on a case by case basis.
• API documentation: Yes
• API documentation formats: Open API (also known as Swagger)
• API sandbox or test environment: No
• Customisation available: Yes
• Description of customisation: As part of the BT managed service the CrowdStrike platform can be customised by BT cyber security engineers under change control to meet specific customer requirements. ; Customisations can be created to cater for security policies, file exclusions, import of customer IOCs, dashboard/report customisation.

Scaling

• Independence of resources: CrowdStrike Falcon is a cloud native environment designed to extremely scalable. The platform has been designed utilising automatic fault recovery and scalability capabilities in order to ensure scalability, high performance and uptime for all customers/users.

Analytics

• Service usage metrics: Yes
• Metrics types: The service is based on the number of endpoints, identities or cloud services that need to be protected. CrowdStrike Falcon provides visibility of the actual number of Falcon agent sensors, identities and cloud services that are in active protection. The actual number of active agents must less than or equal to the licence quantities purchased.
• Reporting types:
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

• Supplier type: Reseller providing extra support
• Organisation whose services are being resold: CrodwStrike Inc.

Staff security

• Staff security clearance: Conforms to BS7858:2019
• Government security clearance: None

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: European Economic Area (EEA)
• User control over data storage and processing locations: No
• Datacentre security standards: Managed by a third party
• Penetration testing frequency: At least once a year
• Penetration testing approach: ‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
• Protecting data at rest:
  • Physical access control, complying with another standard
  • Encryption of all physical media
• Data sanitisation process: Yes
• Data sanitisation type:
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

• Data export approach: CrowdStrike Falcon is a cloud-based software as service technology where customers do not have data stored within a private instance and have nothing to extract. Security event telemetry can be extracted on request as required and this can be stored in external systems such as SIEM, SOAR or log management system.
• Data export formats:
  • CSV
  • Other
• Data import formats:
  • CSV
  • Other

Data-in-transit protection

• Data protection between buyer and supplier networks: TLS (version 1.2 or above)
• Data protection within supplier network: TLS (version 1.2 or above)

Availability and resilience

• Guaranteed availability: BT and CrowdStrike's business continuity program is based on establishing and maintaining high availability and automated recovery for customer facing services. The program is managed by BT and CrowdStrike's Business Resilience group and implemented in coordination with all major lines of business, with oversight from senior management.
• Approach to resilience: BT and CrowdStrike application products and supporting infrastructure are maintained across multiple active and redundant data centres.
• Outage reporting: BT use an ITSM system that generates emails to report security incidents and threats. BT also have a secure portal for change and service incidents. ; CrowdStrike use Tech Alert emails to keep BT informed about service incidents affecting the CrowdStrike platform. These Tech Alert emails are communicated to CrowdStrike's service providers through the company's online support service.

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
• Access restrictions in management interfaces and support channels: User access to the CrowdStrike Falcon cloud platform requires either Single Sign-On via the customer's identity provider, or direct login with multi-factor authentication.
• Access restriction testing frequency: At least once a year
• Management access authentication: 2-factor authentication

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: User-defined
• Access to supplier activity audit information: Users contact the support team to get audit information
• How long supplier audit data is stored for: At least 12 months
• How long system logs are stored for: At least 12 months

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: Schellman
• ISO/IEC 27001 accreditation date: 11/08/2023
• What the ISO/IEC 27001 doesn’t cover: N/a
• ISO 28000:2007 certification: No
• CSA STAR certification: Yes
• CSA STAR accreditation date: 19/10/2023
• CSA STAR certification level: Level 2: CSA STAR Attestation
• What the CSA STAR doesn’t cover: N/a
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: No
• Other security certifications: Yes
• Any other security certifications: https://www.crowdstrike.com/why-crowdstrike/crowdstrike-compliance-certification/

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: ISO/IEC 27001
• Information security policies and processes: BT and CrowdStrike's information security program is assessed and certificated to the ISO/IEC 27001 framework and is regularly reviewed by senior management as part of the companies' Enterprise Risk Management processes. The program consists of various layers of technical and administrative controls to ensure the confidentiality and integrity of customer data.

Operational security

• Configuration and change management standard: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Configuration and change management approach: Both BT and CrowdStrike's customer facing and internal operations follow a documented change management procedure. Access control, infrastructure and application changes are documented and tracked through internal ticketing systems that capture review and authorisation for the change.
• Vulnerability management type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Vulnerability management approach: Vulnerability remediation is a multi-stage process where findings from scans are assessed, triaged, and assigned for remediation through internal ticketing systems. Remediation timeframes are dependent on the severity of the issue.
• Protective monitoring type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Protective monitoring approach: Monitoring and alerting are configured by CrowdStrike Security teams to identify and notify operational and management personnel of incidents when early warning thresholds are crossed on key operational metrics.
• Incident management type: Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
• Incident management approach: BT and CrowdStrike have well developed formal incident response plans which are documented to provide a well-defined, organised approach for handling any potential threat to BT's and CrowdStrike's systems and data.

Secure development

• Approach to secure software development best practice: Conforms to a recognised standard, but self-assessed

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Covid-19 recovery
  • Tackling economic inequality
  • Equal opportunity
  • Wellbeing

  Fighting climate change

  BT Group has been a leader on climate action for over 30 years. We have been tracking our carbon reductions since 1992 and become one of the first companies in the world to set a science-based target in 2008. Our networks and buildings are all powered by renewable electricity, and we are aiming to transition majority of our fleet to electric or zero-emission vehicles by 2030 (now over 2,400 in total). To date, our electric fleet has travelled more than 7.9 million miles, saving over 2,200 tonnes of CO2e, which helps us transition to a net zero economy much faster. ; ; We are investing in full fibre broadband and 5G networks that will pave the way for lower-carbon ways of life and work. We believe to reach Net Zero renewable energy, low-emission vehicles and technology hardware are important, which the Crown Commercial Services also believe. Due to our solutions for Carbon reduction aligning, BT can consider setting a workshop with CCS to share ideas and objectives on how to achieve net zero.; ; We have pledged to become a net zero business by the end of March 2031, and we are targeting net zero for our supply chain and customer emissions by the end of March 2041.We have also set a target to help customers avoid 60 million tonnes of CO2e by the end of March 2030. We aim to contribute to a circular economy by reducing waste and enhancing opportunities to repair, refurbish and recycle. This year, our customers returned more than 1.8 million home hubs and set-top boxes to us and through our refurbishment operation, we reused 83% and recycled the rest. We also collected over 190,000 mobile devices through trade-in schemes, all of which were reused (97%) or recycled.

  Covid-19 recovery

  At BT we understand the important of showing support to others, especially those who are in vulnerable situations. To show our support, BT has launched the award-winning Care Companions initiative during Covid – matching BT volunteers with residents in care homes, providing a befriending service with weekly calls brightening someone’s day. From those humble beginnings there are now around 400 BT volunteers from 29 contact centres across the UK making weekly calls to around 15,000 care home residents. As well as befriending residents, tackling loneliness and isolation, BT volunteers have also continued to support the care homes with fundraising and gardening.; ; We also work closely with Home-Start. A local community network of trained volunteers and expert support, helping families with young children through challenging times. Our partnership helps people improve their digital skills, whilst opening fantastic fundraising and volunteering opportunities for our colleagues. ; ; Our partnership aims to support Home-Start families with: ; · Digital Confidence ; · Data Connectivity ; · Access to devices ; ; Staff will use their volunteering hours to help support families with digital support. We will be teaching families basic digital skills such as using a laptop, tablet, or mobile phones. Also, we would use these hours to help families apply for schools, colleges, and jobs to put them in a position for a better future. ; ; We also offer flexible working. Since Covid people have been through demanding situations, and now going through cost-of-living issues. Giving our employees the chance to work from home twice a week, allows them to save on expenditures traveling from and to the office including spending while within the office. We also understand how covid affected many people through losing loved ones. We hope flexibility allows employees to be more around their loved ones and support each other after going through such tough times.

  Tackling economic inequality

  At BT we are aware, in the UK there are skill shortages for many people who face multiple barriers into employment for several reasons out of their control. This is why we have supported more than 51,000 people with employability guidance and work life digital skills since 2014. Our aim is to boost social mobility and economic productivity by helping young people succeed in an increasingly digital world of work.; ; We are committed to being responsible, sustainable, and inclusive. It is fundamental to our purpose that we ‘connect for good’. BT is one of the largest employers of apprentices in the UK. In 2022, we ranked third place in the top 100 Apprenticeship employers in the UK and recruited more than 2,600 apprentices and graduates over the past four years. An addition to this, we hired 400 apprentices and graduates in 2023 in different cities across the UK such as London, Birmingham, Manchester, and Bristol and more. ; As well as employment schemes, BT have delivered over 185 workshops reaching over 4900 pupils aged between 11 and 19. Our employees share their work skills and experiences with this next generation of employees and drive aspirations to work in engineering, innovation, and technology industries. ; Our 5-hour workshops: ; • Give young people the opportunity to explore their individuality, skills and interests through group activities and challenges, supporting their careers education at school. ; • Align with the Gatsby Benchmarks to support schools to deliver great careers education across the UK and Northern Ireland and work towards their quality education standards e.g. OFSTED Inspections ; • Feature STEM (science, technology, engineering, maths) activities that link curriculum-based learning to the skills employers are looking for in areas such as Software Design and Engineering, Fibre Network Build and Cybersecurity Planning and Solutions.

  Equal opportunity

  Everyone, regardless of background, experience, or their place in society, should be afforded opportunities to help them learn and grow. This is the foundation upon which a modern, progressive, and inclusive society functions. In achieving this, we all benefit. We benefit from talent, no matter from where it comes; being able to grow, mature and prosper. This is BT’s philosophy.; ; We have set out some 2030 ambitions relating to gender, ethnicity, and disability. By 2030, our workforce will be; ; • 50% Gender (we want 50% of BT Group colleagues (excl. Openreach) to be women); • 25% Ethnicity (we want 25% of BT Group colleagues (UK workforce, excl. Openreach) to be Black, Asian or from an ethnic minority background); • 17% Disability (we want 17% of BT Group colleagues (UK workforce ex Openreach); • ; We have partnerships with different agencies which we work with to support equal opportunity. Such is Purple Goat, which is one of the UK’s only communications agencies run by disabled people. We partnered with them to deliver a series of videos highlighting the experiences of colleagues with a range of disabilities – including diabetes, autism, and visual and hearing impairments. ; We have also built relationships with Code First Girls, Women Returners, Black Girls Tech Summit, and Girls Talk London. These initiatives help delegates develop their skills and network with peers, creating more opportunities for women to move into technology careers. ; And as lead sponsor of the Avado FastFutures programme, we are helping upskill over 7,000 18–24-year-old learners from ethnically diverse backgrounds. We want to help them develop digital and data skills to unlock opportunities and launch their careers.

  Wellbeing

  At BT, we always put wellbeing and safety first. For us, there are no shortcuts in keeping everyone safe. We work on creating fulfilled, safe, happy, and healthy employees in a culture where everyone can thrive. BT’s supporting wellbeing in the workplace includes: ; ; SilverCloud, which provides programmes designed to help improve and maintain wellbeing by addressing core underlying issues that can have a negative impact on how employees live their lives. We will ensure that all our staff within the contract are aware of this support option if needed. These include modules on stress, money worries, perinatal wellbeing, anxiety and more. Users would usually be recommended to complete one module of their choice within a week period. ; ; We will measure the mental health in respect of the contract using a ‘YourSay’ survey, published annually, of: ; · No. of individuals are aware of the support services. ; · No. of individuals have participated in mental health awareness events. ; · No. of managers who completed the mandatory training. ; · Additionally, managers that qualified mental health first aiders. ; ; BT also provide their Employee Assistance Programmes (EAP). EAP's provide a range of services, notably employee counselling, but also legal advice, practical financial information, and advice on dealing with debts. BT's EAP includes a comprehensive range of personal and group services to help our people deal with worrying or tricky situations. It is entirely free of charge for users. ; The EAP is delivered by Optum - our Occupational Health & Wellbeing Centre of Expertise makes sure the services are delivered to the highest standards to meet our people's needs. You can contact the EAP, in confidence, 24 hours a day, 7 days a week, 365 days a year so that help is available whenever it is needed. Assistance can be provided face-to-face basis or via telephone.

Pricing

• Price: £65 to £188 a device a year
• Discount for educational organisations: No
• Free trial available: Yes
• Description of free trial: The 15-day trial includes the Falcon sensor and platform as well as the Prevent (NGAV), Intelligence, Device Control and FW management modules. There is an option to test additional modules at no extra cost.
• Link to free trial: https://www.crowdstrike.com/products/trials/try-falcon-prevent/?ft-trial

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at ccsframeworks@bt.com. Tell them what format you need. It will help if you say what assistive technology you use.