4 DATA SOLUTIONS LIMITED

Splunk Enterprise Security (SIEM)

Splunk Enterprise Security (ES) is a next generation Security Incident and Event Management (SIEM) platform. Together with Phantom, it exploits machine data generated from security technologies to deliver automation and orchestration.

Splunk ES drives cyber security risk management by enabling security teams to quickly detect and respond to cyber attacks.

Features

• Ingest any machine data from cloud or on-premise infrastructure
• Powerful search, analysis and visualization capabilities empower users
• Fraud and cyber threat detection analysis
• Real time analysis for operational intelligence and business reporting
• Information Assurance and security analysis
• Monitor and report statutory, regulatory and policy compliance
• Monitor non-heterogeneous networks with unpredictable formats
• Investigate activities associated with a potential security incident
• Respond quickly and appropriately with automated actions and workflows
• Big Data Analytics, machine data from internet/internal network

Benefits

• Enhance incident response and investigations using security data
• Collect, aggregate, de-duplicate, and prioritize threat intelligence from multiple sources
• Streamline security operations by conducting rapid investigations using ad-hoc searches
• Wide range of uses cases for SOC, SecOps and compliance
• Detect and reduce internal and external cyber threats/abuse
• Identify, prioritize and manage security events
• Increase detection capabilities and optimize incident response
• Analyse ‘big data’ internet traffic and machine data
• Analyse machine data from systems with varying formats
• Exploit event sequences, alerts, risk scores and bespoke dashboards

£3,641.00 a licence a year

• Free trial available

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at ian.tinney@4datasolutions.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

725967884511348

Contact

Ian Tinney
+44 330 128 9180
ian.tinney@4datasolutions.com

Service scope

• Software add-on or extension: No
• Cloud deployment model:
  • Public cloud
  • Private cloud
  • Hybrid cloud
• Service constraints: None
• System requirements:
  • Hardware non-Windows > 2x6 core 2+GHZ, 16GB RAM
  • Windows > 2x6 core 2+GHZ, 16GB RAM
  • Linux, 2.6 and later
  • Mac OS X 10.10 and 10.11
  • Windows 8, 8.1, 10
  • Windows Server 2008 R2, 2012, 2012 R2

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Response within 1 hour
• User can manage status and priority of support tickets: No
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: Our Service Desk provides support for P1 to P4 where a part of the software, appliance or license previously worked and is not working as expected.; ; If an issue requires a level of Professional Services to engage, a member of the support team will discuss with your Account Manager to discuss this further. ; ; Service Desk offer support through several channels, including telephone, e-mail and remote sessions where appropriate. Any employee of our entitled customers can raise a support desk ticket via telephone or e-mail with their company e-mail address. This will be logged and assigned to an engineer who will respond within one business hour.; ; 4 Data Solutions resolve over 90% of service desk tickets without requiring the involvement of our Partners. Where Partner involvement is required, we will advise you on this process. Wherever possible, we will manage your service desk case with our Partners.; ; Our service desk is available between 9 am and 5 pm Monday to Friday, excluding Bank Holidays. Our service desk will provide support for existing customers and companies that are engaged in proof-of-concepts.; ; All our customers have a Technical Account Manager.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: Splunk can provide free evaluation licences. We will provide Professional Services to help plan and execute your deployment and offer a full catalogue of training services to support the deployment.
• Service documentation: Yes
• Documentation formats:
  • HTML
  • PDF
• End-of-contract data extraction: The Splunk tool provides analysis and visualisation of data from various sources. The data rests at its original location and does not solely reside in Splunk. Therefore there is no need for data extraction at end of contract
• End-of-contract process: If a licence is terminated Splunk can provide Professional Services at extra cost to help the Buyer to migrate their analytics need to another supplier.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 11
  • Firefox
  • Chrome
  • Safari
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: Mobile web browser functionality is the same. Splunk Mobile App does not provide visualisations but it can be used for alerting
• Service interface: No
• User support accessibility: None or don’t know
• API: Yes
• What users can and can't do using the API: The Splunk Enterprise REST API provides methods for accessing every feature in our product. Your program talks to Splunk Enterprise using HTTP or HTTPS, the same protocols that your web browser uses to interact with web pages, and follows the principles of Representational State Transfer (REST).
• API documentation: Yes
• API documentation formats:
  • HTML
  • ODF
  • PDF
• API sandbox or test environment: Yes
• Customisation available: Yes
• Description of customisation: The user is able to configure dashboards, alerts, reports and underlying target data sources. Configuration can be through Splunk Web, Splunk's Command Line Interface (CLI), Splunk's REST API or directly within configuration.

Scaling

• Independence of resources: Splunk Cloud sits on dedicated infrastructure scaled appropriately to each customers license size.; ; Alternatively Splunk sits in the buyers network or the infrastructure of their chosen cloud provider and therefore contention is under their control.

Analytics

• Service usage metrics: Yes
• Metrics types: All usage is recorded in "internal" indices and can be made available to users as real-time dashboards, regular reports or through an API call.
• Reporting types:
  • API access
  • Real-time dashboards
  • Regular reports

Resellers

• Supplier type: Reseller providing extra support
• Organisation whose services are being resold: Crowdstrike, Splunk, Cribl, Axiom, Centripetal

Staff security

• Staff security clearance: Conforms to BS7858:2019
• Government security clearance: Up to Developed Vetting (DV)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations:
  • United Kingdom
  • European Economic Area (EEA)
• User control over data storage and processing locations: Yes
• Datacentre security standards: Managed by a third party
• Penetration testing frequency: At least once a year
• Penetration testing approach: In-house
• Protecting data at rest: Other
• Other data at rest protection approach: Splunk's own cloud service uses logical data separation, authenticated user accounts, and industry standard hardening. Data in transit is encrypted with industry standard SSL and data at rest is encrypted with AES 256-bit encryption. This service is acccredited to ISO27001. We can help the buyer to enable a similar configuration suitable for their data at rest protection.
• Data sanitisation process: Yes
• Data sanitisation type:
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

• Data export approach: There are many ways that a user can export data. Splunk provides a REST API to export data. Data can be exported by the Splunk Web facility. Users can use the Command Line Interface, SDK's and data forwarding tools.
• Data export formats:
  • CSV
  • Other
• Other data export formats:
  • XML
  • JSON
  • RAW DATA
• Data import formats:
  • CSV
  • Other
• Other data import formats:
  • XML
  • JSON
  • RAW DATA

Data-in-transit protection

• Data protection between buyer and supplier networks: TLS (version 1.2 or above)
• Data protection within supplier network: TLS (version 1.2 or above)

Availability and resilience

• Guaranteed availability: Splunk Cloud is considered available if you are able to log into your Splunk Cloud Service account and initiate a search using Splunk Software. Splunk continuously monitors the status of each Splunk Cloud environment to ensure the SLA of 100% uptime. In addition, Splunk Cloud monitors several additional health and performance variables.; ; Alternatively Splunk sits within the Buyers network or the infrastructure of their chosen cloud provider. Availability is controlled by the Buyer or their cloud provider
• Approach to resilience: Splunk handles resilience by replication of data across a cluster of Splunk Indexers across data centres. Splunk Cloud maintains a seven-day backup of data and configuration files and backups run continuously.; ; Alternatively Splunk sits within the Buyers network or the infrastructure of their chosen cloud provider. Resilience is the responsibility of the Buyer or their cloud provider
• Outage reporting: Splunk provides a cloud monitoring console to monitor the health of your Splunk Cloud environment. Email alerts are also available.; ; Alternatively Splunk sits within the Buyers network or the infrastructure of their chosen cloud provider. Outage reporting is the responsibility of the Buyer or their cloud provider.

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Username or password
• Access restrictions in management interfaces and support channels: The Splunk user authentication system allows the assignment of roles which provide custom permissions. The Buyer can define all roles using a list of capabilities and data access restrictions.
• Access restriction testing frequency: At least once a year
• Management access authentication:
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Username or password

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: User-defined
• Access to supplier activity audit information: Users have access to real-time audit information
• How long supplier audit data is stored for: User-defined
• How long system logs are stored for: User-defined

Standards and certifications

• ISO/IEC 27001 certification: No
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: Yes
• Other security certifications: Yes
• Any other security certifications:
  • HIPAA
  • SOC 2 Type II

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: ISO/IEC 27001
• Information security policies and processes: Our Cloud based service uses third-party validation. Auditing of our processes and policies efforts to safeguard customer data to industry standards worldwide. Working with our audit partners, SOC 2 Type 2 attestation is completed for all Splunk Cloud customer environments and ISO 27001 certification is completed for Splunk Cloud customer environments provisioned for data ingestion of over 20GB/day

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: For Splunk initiated changes, maintenance is performed at most once per month and Customers will receive notice of Routine Maintenance by email at least 48 hours in advance. You can request an alternate time within the Routine Maintenance window if required. For Customer initiated changes, the maintenance can be performed regularly. Customer's will receive email notice when such maintenance is starting and when complete.; ; Alternatively Splunk sits in the network of the Buyer or the infrastructure of their chosen cloud provider, Configuration and change management is the responsibility of the Buyer or their supplier.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: We have a robust process for threats to the Splunk platform. We maintain a policy of evaluating all potential security vulnerabilities that are discovered internally or externally within two business days of discovery. We use the industry standard CVSSv2 to rate vulnerabilities. In the case of critical risk, high impact vulnerabilities, Splunk will make all reasonable effort to supply patches, assuming that patches are a viable stop-gap for customers who cannot otherwise upgrade Splunk.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: Splunk monitors application and platform components of the service for potential issues. Cloud Operations staff monitor alerts and logs for issues, and log a ticket for issues that require remediation. In the event of application or data compromise affecting customer data, the customer is notified immediately and remains in contact with the remediation team until resolution.; ; The security measures of Splunk and AWS are further described in the Technical Briefing paper at https://www.splunk.com/pdfs/technical-briefs/safeguarding-customer-data-in-splunk-cloud.pdf
• Incident management type: Supplier-defined controls
• Incident management approach: Splunk maintains an incident response policy and program, with defined processes, roles and responsibilities. Customers may submit security issues through the normal support channels or any additional channels as provided in the EULA.

Secure development

• Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Tackling economic inequality
  • Equal opportunity

  Fighting climate change

  4 Data Solutions Limited (“4Data”) recognises that it has a responsibility to the environment that goes beyond its legal and regulatory obligations. As such, 4Data is committed to reducing its environmental impact and continually improving its environmental impact as part of a wider business strategy for good.; ; POLICY GOALS; 4Data will endeavour to fulfil the following goals:; - Comply with all relevant regulatory requirements.; - Continually monitor and improve its environmental performance.; - Continually reduce environmental impact.; - Incorporate environmental issues into business decisions.; - Increase training and awareness for employees.; ; OFFICE IMPROVEMENTS; 4Data’s founders made the decision to use a remote-first approach to running their business. There is no permanent office, with most staff working from home. Some of the staff work from carefully selected, shared, and managed workplaces, using a company called Runway East, a certified B Corp (https://www.bcorporation.net/en-us/find-a-b-corp/company/runway-east-limited/).; ; 4Data’s lack of a permanent office means the following environmental benefits:; Paper - no paper is used at 4Data unless an ink signature is absolutely required.; Energy and Water - no energy and water are used outside of normal use at home.; Office Supplies - no office means no office supplies are needed.; ; TRANSPORTATION; 4Data is committed to:; - reduce air travel to the minimum necessary to run our business and to choose direct flights as much as possible.; - promote the use of video conferencing to reduce in-person meetings.; - find the most economical means of travel between cities when necessary.; ; MONITORING AND IMPROVEMENT; 4Data is committed to:; - Monitor our environmental performance; - Have management and employees suggest beneficial changes; - Incorporate environmental impact into business decisions; - Increase employee awareness through training; - Review this policy and any related issues at regular monthly management meetings.

  Tackling economic inequality

  Our Equal Opportunities And Diversity Policy covers economic inequality. Full details of our Equal Opportunities And Diversity Policy can be provided upon request.

  Equal opportunity

  POLICY STATEMENT; 4 Data Solutions Limited (“the Company”) is committed to achieving a working environment which provides equality of opportunity and freedom from unlawful discrimination on the grounds of race, sex, pregnancy and maternity, marital or civil partnership status, gender reassignment, disability, religion or beliefs, age or sexual orientation. Our Equal Opportunities And Diversity Policy aims to remove unfair and discriminatory practices within the Company and to encourage full contribution from its diverse community. The Company is committed to actively opposing all forms of discrimination.; The Company also aims to provide a service that does not discriminate against its clients and customers in the means by which they can access the services and goods supplied by the Company. The Company believes that all employees and clients are entitled to be treated with respect and dignity.; Any and all personal data used in connection with this Policy shall be collected, held, and processed in accordance with the Company’s Data Protection Policy.; ; Full details of our Equal Opportunities And Diversity Policy can be provided upon request.

Pricing

• Price: £3,641.00 a licence a year
• Discount for educational organisations: No
• Free trial available: Yes
• Description of free trial: Full capability of a Splunk Enterprise license for 60 days allowing indexing up to 500 megabytes of data per day. This can be converted to a perpetual Free license or the buyer can purchase an Enterprise license to continue using the expanded functionality designed for multi-user deployments.
• Link to free trial: https://www.splunk.com/en_us/download/sem.html?ac=sitelink_freedownload&gclid=Cj0KEQjw5YfHBRDzjNnioYq3_swBEiQArj4pdC_6Iz6y

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at ian.tinney@4datasolutions.com. Tell them what format you need. It will help if you say what assistive technology you use.