THRIVE OPERATIONS LIMITED

Thrive Managed SIEM as a Service with Security Monitoring

Thrive’s Managed SIEM (Security Incident and Event Management ) as a Service with Security Monitoring collects data from client subscribed IT devices and services. When a security event occurs, an Incident is created in the Thrive security platform and initial triage is performed by the Thrive Security Operations Centre.

Features

• Implementation of dedicated SIEM tenant
• 7x24x365 log collection and security monitoring
• Configuration backup of supported network devices
• Security monitoring of supported SaaS platforms
• Email notification on security alerts
• Ongoing security alert optimization
• 10 Events Per Second per device or SaaS application
• Security Incident Dashboard
• Monthly reporting through the Thrive Client Portal
• 90 Day log retention

Benefits

• Reduce time to respond to security breaches or compromise
• Flexibility for clients with dedicated security resources & staff
• Clients can leverage global cybersecurity expertise 24x7x365
• Pre-defined compliance reports
• Triage and remediation of threats through Thrive Cybersecurity Analysts
• Little or no configuration required by client

£25 to £35 a device

• Education pricing available

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at pcotterill@thrivenetworks.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

723829772087335

Contact

Phil Cotterill
01582 429999
pcotterill@thrivenetworks.com

Service scope

• Service constraints: Service includes up to three Collectors to be deployed at the customer premise for data and log collection. Additional Collectors can be provided for an additional monthly service fee; Service Includes up to 5 VPN connections from Collector(s) to remote locations for log collection. Additional VPN connections may be added for an additional monthly service fee.; Client shall provide the virtual resources below to install the collector at each location. Collector virtual resources provided by Client must be on supported version of VMWare or Hyper-V.
• System requirements:
  • 4 vCPUs
  • 8GB RAM
  • 125Gb Disk Space

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: The response is dependent upon the severity of the incident which is determined by the Cybersecurity Analyst. ; ; P1 Incidents are responded to within 15 minutes.
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: None or don’t know
• Phone support: Yes
• Phone support availability: 24 hours, 7 days a week
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: Thrive shall notify the client of the event, and provide guidance to remediate assets in accordance with their incident response program.; Thrive shall respond to & remediate all events which occur on assets subscribed to a separate Thrive Managed Infrastructure service.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: Thrive work with client's to ensure the collector has been provisioned at all locations requiring security monitoring services and assist the client in ensuing that any network configuration required for connectivity to the services is in place.; ; Thrive's onboarding team will provide training on interacting with the SIEM dashboard and generating reports. Thrive manages the tenant on behalf of the client.
• Service documentation: Yes
• Documentation formats: PDF
• End-of-contract data extraction: Thrive will provide consultancy during the offboarding process to determine the relevant aspects of data the client wishes to extract. All residual data will be wiped/erased from Thrive systems upon completion of service termination.
• End-of-contract process: The service can be renewed, uplifted, or terminated depending upon the client's requirement.

Using the service

• Web browser interface: Yes
• Using the web interface: Users will be able to generate and view reports, alerts and events within a Thrive Managed, secure, client-dedicated tenant within Thrive's multi-tenanted Security Incident and Event Management (SIEM) platform. Clients will not have administrative access to the SIEM environment.
• Web interface accessibility standard: None or don’t know
• How the web interface is accessible: The vendor tests and provides conformance against WCAG 2.0 AA in a report dated November 3rd 2020.
• Web interface accessibility testing: This is provided by the vendor as above
• API: No
• Command line interface: No

Scaling

• Scaling available: Yes
• Scaling type: Manual
• Independence of resources: Thrive regularly reviews the infrastructure is performing as required, and adds additional resources when the requirement grows (i.e., due to onboarding new clients). This is performed as part of Thrive standard management and maintenance lifecycle(s) for the varying offerings we provide.
• Usage notifications: Yes
• Usage reporting:
  • Email
  • Other
• Other usage reporting: Thrive service delivery teams conduct a review of Event volumes with clients and implement event filtering as required. Clients can purchase additional Events Per Second (EPS) as required.

Analytics

• Infrastructure or application metrics: Yes
• Metrics types: Other
• Other metrics: Metrics provided are relevant to the service in question
• Reporting types:
  • Regular reports
  • Reports on request

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Conforms to BS7858:2019
• Government security clearance: Up to Security Clearance (SC)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations:
  • United Kingdom
  • European Economic Area (EEA)
  • Other locations
• User control over data storage and processing locations: Yes
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least once a year
• Penetration testing approach: Another external penetration testing organisation
• Protecting data at rest: Physical access control, complying with another standard
• Data sanitisation process: No
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Backup and recovery

• Backup and recovery: Yes
• What’s backed up: Configuration backup of supported network devices
• Backup controls: Users can raise a ticket to Thrive requesting to backup a configuration, however, regular configuration backups are captured.
• Datacentre setup:
  • Multiple datacentres with disaster recovery
  • Multiple datacentres
• Scheduling backups: Supplier controls the whole backup schedule
• Backup recovery: Users contact the support team

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

• Guaranteed availability: The management platforms for this service are hosted within Thrive's Data Centre environment which has a 100% uptime guarantee.
• Approach to resilience: Thrive's Data Centre environment is built on Cisco FlexPod with a fully redundant design containing no single points of failure. The networking at every layer is redundant. The internet service uses three separate ISPs diversely delivered into two Data Centres.
• Outage reporting: The systems are monitored 24/7 and use e-mail alerting into the Thrive24/7 support team. Outages are monitored for all hardware and networking and virtual infrastructure

Identity and authentication

• User authentication:
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Dedicated link (for example VPN)
  • Username or password
• Access restrictions in management interfaces and support channels: Management Interfaces are tenant orientated, with customer access restricted to their organisation tenant only.
• Access restriction testing frequency: At least every 6 months
• Management access authentication:
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Dedicated link (for example VPN)
  • Username or password
• Devices users manage the service through: Dedicated device on a segregated network (providers own provision)

Audit information for users

• Access to user activity audit information: You control when users can access audit information
• How long user audit data is stored for: Between 1 month and 6 months
• Access to supplier activity audit information: Users contact the support team to get audit information
• How long supplier audit data is stored for: Between 1 month and 6 months
• How long system logs are stored for: Between 1 month and 6 months

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: SGS UK Limited
• ISO/IEC 27001 accreditation date: 30/06/2021
• What the ISO/IEC 27001 doesn’t cover: All items not defined by our scope of certification and statement of applicability version 3.
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: Yes
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards:
  • ISO/IEC 27001
  • Other
• Other security governance standards: Cyber Essentials ; ISO9001 ; BS10012:2017
• Information security policies and processes: The information security policies and processes followed by Thrive are in line with the ISO27001 specification.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: Thrive using best practice as outlined in the ITIL framework
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: Vulnerabilities are managed within Thrives in house service management system. Vulnerabilities are identified through vendor notification, onsite tools and systems. Each vulnerability is assessed to ensure high priority items are actioned immediately in accordance with Thrives change processes. All vendor security patching and vulnerabilities are actioned immediately. Other vulnerabilities are reviewed at Operations Meetings and scheduled for assessment and rectification appropriate to the issue. Thrives cloud design is highly resilient with multiple layers of security to ensure vulnerabilities are minimised or removed. The mature platform has been operational for many years with no client outages or client affecting security impacts.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: Thrive staff are located on-site at Thrives datacentre premises to continuously monitor all aspects of the Thrive Managed Services. Thrive use multiple monitoring applications across all aspects of the service from environment, security, VMware, OS and infrastructure. All monitoring platforms alarm on triggered events but also threshold breaches. By monitoring in this way Thrive mitigate all impacts before they become client affecting.
• Incident management type: Supplier-defined controls
• Incident management approach: Incidents are captured from customers, Thrives engineers and monitoring platforms, and adhere to the nine ITIL Incident Management activities. Each incident Event is logged on Thrive's client portal and categorised in agreement with the customer according to the business impact; P1 - Major Incident 15 minutes response. P2 - Critical Incident 30 minutes response. P3 – Urgent Incident 60 minutes response. P4 - Normal Incident 4 hour response. Thrive Engineers resolve issues through telephone support, diagnostics tools and vendor support. All resolution activities are documented within the client portal and the incident is closed upon the customer’s approval.

Secure development

• Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Separation between users

• Virtualisation technology used to keep applications and users sharing the same infrastructure apart: Yes
• Who implements virtualisation: Supplier
• Virtualisation technologies used: VMware
• How shared infrastructure is kept separate: Software tenancy controls, dedicated collectors per customer

Energy efficiency

• Energy-efficient datacentres: Yes
• Description of energy efficient datacentres: The Thrive Datacentre has an energy power usage efficiency (PUE) rating of 1.3 and achieves this through the use of Fresh Air Cooling Systems (using outside ambient fresh air rather than chillers whenever possible) in addition to utilising hot isle containment and efficient UPS systems. Thrive has a policy of continual energy efficiency, heat reclamation system, and hot and cold air segregation.

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Covid-19 recovery
  • Tackling economic inequality
  • Equal opportunity

  Fighting climate change

  Thrive are providing additional environmental benefits in the performance of the contract such as flexible working, car share programs for office based staff and are actively working towards net zero greenhouse gas emissions as well as ISO14001 certification.

  Covid-19 recovery

  Thrive are a high growth business operating in a high growth sector and have created new employment opportunities, offer re-training via our Rising Tide program and other return to work opportunities for those left unemployed by COVID-19.

  Tackling economic inequality

  With our cloud and cloud managed cyber security offerings Thrive are creating a number of new roles across our organisation. In the last year the team has grown by over 300 people as we create employment and training opportunities. The current skills shortage in the UK for cyber security staff currently stands at 11,200.; Thrive has also been supporting educational attainment relevant to our G-Cloud offerings, including training to address skills gaps and result in recognised qualifications.

  Equal opportunity

  Through our "Rising Tide" program, that has been in place since 2020, Thrive are fully supporting in-work progression to help people, including those from disadvantaged or minority groups, to develop their careers and move into higher paid work by developing new skills many that are relevant to the services we are offering through the G-Cloud program.

Pricing

• Price: £25 to £35 a device
• Discount for educational organisations: Yes
• Free trial available: No

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at pcotterill@thrivenetworks.com. Tell them what format you need. It will help if you say what assistive technology you use.