Creative Networks

Anti Phishing Services

Creative Networks, offers an Anti-Phishing Service to protect businesses from phishing attacks. Our proactive measures include email filtering, web security, employee training, incident response, and continuous monitoring. We ensure organisations stay ahead of evolving threats, safeguarding their digital assets effectively.

Features

• Email filter: Block phishing emails with suspicious links or attachments.
• Web security: Stop access to phishing sites and malicious content.
• Staff training: Teach recognition and response to phishing attempts.
• Swift response: Act fast to minimise damage from phishing incidents.
• Real-time analysis: Monitor threats for immediate action.
• Custom policies: Tailor security to specific organisational needs.
• Continuous monitoring: Identify emerging phishing threats proactively.
• Awareness campaigns: Cultivate security awareness in the organisation.
• Reporting: Offer insights into phishing trends and vulnerabilities.
• Regular updates: Equip systems to combat evolving phishing techniques.

Benefits

• Enhanced security: Protect sensitive data from phishing attacks.
• Reduced risk: Minimise the threat of financial and reputational damage.
• Increased productivity: Prevent disruptions caused by phishing incidents.
• Peace of mind: Ensure a safe digital environment for users.
• Cost savings: Avoid potential losses associated with phishing scams.
• Improved compliance: Meet regulatory requirements with robust protection.
• Better decision-making: Access actionable insights from threat analytics.
• Streamlined operations: Focus on core tasks without phishing distractions.
• Heightened user confidence: Build trust in digital communications.
• Sustainable growth: Safeguard business continuity against cyber threats.

£3.50 to £7.50 a user a month

• Education pricing available
• Free trial available

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at aj@creative-n.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

709288142804750

Contact

Azeem Javed
03303337337
aj@creative-n.com

Service scope

• Software add-on or extension: No
• Cloud deployment model:
  • Public cloud
  • Private cloud
  • Community cloud
  • Hybrid cloud
• Service constraints: Buyers should note potential constraints such as planned maintenance downtime, hardware compatibility requirements, and bandwidth limitations. Scalability, regulatory compliance, and integration challenges may also affect service implementation. Additionally, geographic restrictions and limited support for specific hardware configurations should be considered. Understanding these constraints enables informed decision-making and effective planning for service usage.
• System requirements:
  • Internet connection with adequate bandwidth for data transmission.
  • Compatible web browsers (Chrome, Firefox, Safari, Edge, etc.).
  • Updated operating systems (Windows, macOS, Linux, etc.).
  • Secure network infrastructure with firewalls and encryption protocols.
  • Regular software updates and patches for optimal performance.
  • Compatibility with virtual machine environments for testing and deployment.
  • Anti-virus software with updated virus definitions for enhanced security.
  • Adequate storage space for data storage and backups.
  • Access to administrative privileges for system configuration and maintenance.
  • Compliance with licensing agreements and regulatory requirements.

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Support response times - 08:30 - 18:00 Weekdays, excluding Bank Holidays. Out of hours support available where necessary. 30 minutes to 8 hour response dependent on priority call, P1 - 30 mins, P2 - 1 hour, P3 - 4 hours, and P4 - 8 hours.
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: WCAG 2.1 A
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: Web chat
• Web chat support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support accessibility standard: WCAG 2.1 A
• Web chat accessibility testing: We have not conducted any testing of web chat accessibility with users employing assistive technology.
• Onsite support: Onsite support
• Support levels: End-user training can be provided at an ad hoc cost. We provide a UK based Service Desk for support. Out of hours support is available. Our helpdesk is made up of 1st, 2nd and 3rd Line technical expertise. A Technical Account Manager will be assigned as standard as a part of our standard and premium IT Support, see our pricing schedule and SFIA Rate Card for details.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: We assist users in adopting the service through a variety of resources tailored to their needs. Our user documentation offers step-by-step guides, FAQs, and troubleshooting tips for independent learning. Additionally, we provide interactive online training sessions and webinars led by experienced instructors to guide users through setup and configuration processes effectively. For those preferring personalised assistance, optional onsite training sessions can be arranged to address specific organisational requirements. Our dedicated technical support team is readily available to assist users with any inquiries or challenges they may encounter, offering prompt resolution via email, phone, or online chat. With these resources and support channels in place, we aim to ensure a smooth onboarding experience and empower users to harness the full capabilities of the service for their communication needs.
• Service documentation: Yes
• Documentation formats: PDF
• End-of-contract data extraction: Exported upon request. Contact the Support Helpdesk or Technical Account Manager.
• End-of-contract process: At the end of the contract services will continue on a rolling 30 day agreement until either party serves notice. If it is decided the client will exit, Creative Networks will assist in transitioning and migration of services ensuring continuity and a smooth handover. We will, where applicable deliver an Exit Plan which sets out the proposed methodology for achieving an orderly transition of Services on the expiry or termination of the contract. The Exit Plan will contain at minimum: Separate mechanisms for dealing with Ordinary Exit and Emergency Exit. The management structure to be employed during both transfer and cessation of the services and a detailed description of both the transfer and cessation processes, including a timetable. Document how the Services will transfer including details of the processes, documentation, data transfer, systems migration, security and the segregation of technology components. Specify the scope of the Termination Services that may be required and any charges that would be payable for the provision of such Termination Services and detail how such services would be provided. Provide a timetable and identify critical issues and set out the management structure to be put in place and employed during the Termination Assistance Period.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: The Hornetsecurity Anti-Phishing Service maintains core functionality across mobile and desktop platforms, with user interface adjustments for screen size and input methods. Mobile interfaces are optimised for smaller screens, featuring simplified navigation. Certain features may be prioritised or streamlined for mobile use, while advanced settings may be more accessible on desktops. Overall, while functionality remains consistent, the user experience is tailored to suit the characteristics of each platform, ensuring usability and efficiency across both mobile and desktop devices.
• Service interface: Yes
• User support accessibility: None or don’t know
• Description of service interface: The service interface of Hornetsecurity Anti-Phishing is user-friendly, featuring intuitive navigation and clear visuals. Users can access various features such as configuring settings, viewing reports, and managing phishing incidents. The interface provides comprehensive tools for monitoring and managing phishing threats effectively. It offers easy access to real-time analytics, allowing users to make informed decisions promptly. Additionally, the interface is designed to streamline workflows and simplify tasks, enhancing user productivity. With its intuitive design and robust functionality, the service interface empowers users to protect their digital assets against phishing attacks efficiently.
• Accessibility standards: WCAG 2.1 A
• Accessibility testing: Creative Networks have not conducted any interface testing with users of assistive technology.
• API: Yes
• What users can and can't do using the API: Through the Hornetsecurity Anti-Phishing Service API, users can automate setup, configuration changes, monitoring, and incident response. They can integrate the service with their systems to define security policies, adjust parameters, and manage access controls. This includes modifying phishing detection rules, updating whitelists or blacklists, and tracking phishing incidents in real-time. Users can also retrieve analytics reports and initiate response actions such as quarantining suspicious emails or blocking malicious URLs.; ; However, there are limitations to API usage. Users may have restricted access based on their assigned permissions, limiting their ability to perform certain administrative functions. Additionally, making complex configuration changes through the API may require in-depth knowledge of the service's capabilities and API documentation. Rate limits may also be enforced to prevent abuse, restricting the number of API calls users can make within a given timeframe. While the API offers flexibility and automation, users should be mindful of these constraints to ensure effective management of the anti-phishing service.
• API documentation: Yes
• API documentation formats: PDF
• API sandbox or test environment: Yes
• Customisation available: Yes
• Description of customisation: Users of the Hornetsecurity Anti-Phishing Service have various options for customisation to tailor the service to their specific security needs. They can define custom phishing detection rules, configure security policies, and adjust notification settings to align with their organisation's requirements. Additionally, users can manage user access controls, whitelists, and blacklists to control email communications and access privileges.; ; These customisation options empower administrators to fine-tune the service's functionality and adapt it to their organisation's unique security posture. The customisation process typically occurs through a user-friendly web-based administration portal or programmatically via API. Administrators with appropriate permissions can access and modify settings, rules, and configurations seamlessly.; ; However, the extent of customisation rights may vary based on organisational roles and responsibilities. Typically, designated administrators or security personnel have the authority to customise the service, ensuring that modifications align with security policies and compliance requirements. This approach facilitates effective management of the anti-phishing service while maintaining control over security measures and configurations.

Scaling

• Independence of resources: We ensure users aren't impacted by demand through scalable infrastructure, resource allocation, load balancing, continuous monitoring, and capacity planning. Our system dynamically allocates resources, balances traffic, and optimises performance to maintain service quality for all users, regardless of demand fluctuations.

Analytics

• Service usage metrics: Yes
• Metrics types: Yes, the Hornetsecurity Anti-Phishing Service furnishes users with service usage metrics. These metrics offer insights into various aspects, including detected phishing incidents, user activity, policy compliance, performance indicators, and trend analysis. By providing this data, users can effectively monitor their anti-phishing measures, identify trends, and make informed decisions to bolster their security defences.

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Conforms to BS7858:2019
• Government security clearance: Up to Baseline Personnel Security Standard (BPSS)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: Yes
• Datacentre security standards: Managed by a third party
• Penetration testing frequency: Less than once a year
• Penetration testing approach: Another external penetration testing organisation
• Protecting data at rest: Physical access control, complying with another standard
• Data sanitisation process: Yes
• Data sanitisation type:
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
• Equipment disposal approach: A third-party destruction service

Data importing and exporting

• Data export approach: Users of the Hornetsecurity Anti-Phishing Service can export their data through various methods. They can generate and export reports using the reporting interface, programmatically retrieve data via the API, or schedule automated exports. Additionally, manual export options may be available through the service interface. These methods enable users to access and download datasets such as phishing incident logs, user activity reports, and policy configurations. With flexible export capabilities, users can efficiently manage and analyse their data for security monitoring, compliance, and decision-making purposes.
• Data export formats:
  • CSV
  • ODF
• Data import formats:
  • CSV
  • ODF

Data-in-transit protection

• Data protection between buyer and supplier networks: TLS (version 1.2 or above)
• Data protection within supplier network: TLS (version 1.2 or above)

Availability and resilience

• Guaranteed availability: Hornetsecurity typically guarantees a high level of availability for its Anti-Phishing Service, often backed by service level agreements (SLAs). While specific SLAs may vary depending on the service plan and customer agreement, common availability targets are often in the range of 99.9% or higher.
• Approach to resilience: The Hornetsecurity Anti-Phishing Service is intricately designed for resilience, incorporating several key features to ensure uninterrupted protection against phishing threats. Our infrastructure is built with redundancy across multiple geographically dispersed data centers, minimising the impact of hardware failures, network outages, or natural disasters. Load balancing mechanisms evenly distribute traffic, preventing overloads and maintaining consistent performance. Automated failover systems swiftly redirect traffic to redundant servers or data centres in case of failure, minimising disruptions and ensuring uptime.; ; Continuous monitoring tools and processes enable proactive identification and resolution of potential issues, maintaining optimal service availability and performance. Regular backups of critical data and configurations safeguard against data loss and facilitate rapid recovery in unforeseen incidents. By employing these resilience measures, the Hornetsecurity Anti-Phishing Service provides users with a reliable and robust defense against phishing threats, instilling confidence in their cybersecurity posture.
• Outage reporting: Email Alerts.

Identity and authentication

• User authentication needed: Yes
• User authentication: Username or password
• Access restrictions in management interfaces and support channels: Supplier defined controls. Access to management interfaces is restricted to designated users and controlled with user name and password protection.
• Access restriction testing frequency: Less than once a year
• Management access authentication: Username or password

Audit information for users

• Access to user activity audit information: Users contact the support team to get audit information
• How long user audit data is stored for: Less than 1 month
• Access to supplier activity audit information: Users contact the support team to get audit information
• How long supplier audit data is stored for: Less than 1 month
• How long system logs are stored for: Less than 1 month

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: UKAS
• ISO/IEC 27001 accreditation date: 24/10/2022
• What the ISO/IEC 27001 doesn’t cover: Areas not covered by ISO/IEC 27001 certification include specific business processes unrelated to information security, certain third-party services or suppliers, or compliance with other industry-specific regulations.
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: Yes
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: ISO/IEC 27001
• Information security policies and processes: Organisations adhering to ISO 27001 establish robust information security practices. They develop policies aligned with ISO 27001 requirements, covering areas like access control, data protection, and incident response. Through risk assessments, they identify and prioritise security risks, implementing controls to mitigate them. Employees receive training on security policies and procedures to enhance awareness and compliance. Monitoring and review processes ensure the effectiveness of security controls, with regular audits and assessments conducted. A designated individual or team oversees the implementation and maintenance of the Information Security Management System (ISMS), reporting to senior management or the board. To ensure policy adherence, organisations employ various mechanisms such as audits, reviews, and ongoing monitoring. Non-compliance issues prompt corrective actions and improvements to the ISMS. By following these practices, organisations demonstrate their commitment to information security and continuously strive to enhance their security posture in line with ISO 27001 standards.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: Creative Network's have in place a Change Management Process that follows the ISO 20000 Standard. A change is proposed with the Change Manager and then added to the Changes-overview. The change is scheduled to be executed and a roll back plan is created (if necessary). Rollback is actioned immediately upon confirmation as per following the rollback matrix, resources are freed and announcements are published. Periodically, the overview of archived changes is checked.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: Creative Network's have a Vulnerability Management process that implements the following: Receives information about zero day threats from the National Cyber Security Center; Subscribe to newsletters from vendors and used products, in contact with special interest groups; Technical vulnerabilities are handled either using the Incident management process or the Change management process; Patches are tested following the Installation of software on operational systems.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: All devices have a monitoring agent on them which can identify potential issues and report back to our service desk. If an issue is identified we have an internal 4 hour SLA to ensure remedial actions are carried asap, the seriousness of an incident will be assessed on discovery so that any priority issues can be responded to quickly. We have multiple alert systems in place and monitor them constantly. We exclusively use Linux for phone system hosting. We automatically patch daily as and when required.
• Incident management type: Supplier-defined controls
• Incident management approach: Fully developed Business Continuity and Disaster Recovery management process developed in line with ISO 22301. Creative Network's have a pre-defined Incident Management Process in place where by an incident is reported with the Incident Manager and then added to the Incidents-overview. After which, relevant log files (from all systems affected) and evidence is gathered. The incident is corrected by implementing a patch, temporary fix or workaround. It is determine whether future occurrences of the incident can be prevented, e.g. by modifying/strengthening one or more controls. Periodically, the overview of archived incidents is checked for apparent trends and effectivity of corrections.

Secure development

• Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  • Tackling economic inequality
  • Wellbeing

  Tackling economic inequality

  By mitigating the potential financial losses and reputational damage caused by phishing incidents, the service indirectly supports economic equality by preserving resources and maintaining stability within organisations.

  Wellbeing

  The Anti-Phishing Service can contribute to Wellbeing by fostering a safer online environment, reducing stress and anxiety associated with cyber threats. By preventing phishing attacks, it safeguards personal and financial information, promoting peace of mind and enhancing overall mental health.

Pricing

• Price: £3.50 to £7.50 a user a month
• Discount for educational organisations: Yes
• Free trial available: Yes
• Description of free trial: Hornetsecurity's free trial of the Anti-Phishing Service typically offers basic protection features, limited customisation options, and basic reporting tools for a specified trial period, such as 14 or 30 days. Premium features, comprehensive reporting, and support services are not included in the trial.

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at aj@creative-n.com. Tell them what format you need. It will help if you say what assistive technology you use.