INTEGRITY360 LIMITED

Cynet360

Cynet 360 is the world’s first autonomous breach protection platform that consolidates and automates Monitoring & Control, Attack Prevention & Detection and Response Orchestration a Cynet 360 delivers these capabilities by use of Cynet Sensor Fusion™ to collect and analyze all endpoint, user, file, network activities across the environment.

Features

• EDR – End Point Detection & Response
• EPP – End Point Protection (AV & NGAV)
• NGAV – Next-Generation Anti-Virus
• Network Analytics – Network Traffic Analytics
• UBA – User Behaviour Analytics
• Deception –
• SOAR – Security Orchestration, Automation & Response
• MDR – Managed Decetion and Response
• Threat Intelligence
• Incident Response – Cyber Incident Response

Benefits

• Radically reduce time invested in deployment and management
• Save on NGAV/EDR/UBA/Network Analytics and Deception products
• Consolidate protection against commodity/advanced threats in a single platform
• Empower the security team to resolve incidents
• Resolve incidents rapidly with automated prevention, detection and response
• Enhance the security team’s skill and capacity with CyOps
• Provide the CISO 24\7 visibility/control with Cynet CISO Kit

£11 a unit

• Free trial available

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

• Modern Slavery statement

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at bidreviewboard@integrity360.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 13

Service ID

748824791746070

Contact

Davide Poli
02083721000
bidreviewboard@integrity360.com

Service scope

• Software add-on or extension: No
• Cloud deployment model:
  • Public cloud
  • Private cloud
  • Community cloud
  • Hybrid cloud
• Service constraints: Supported OS for Windows:; Endpoints:; o Windows XP Service Pack 3; o Windows 7 32/64 bit; o Windows 8.1 32/64 bit; o Windows 10 32/64 bit; Servers:; o Windows 2003 R2 32/64 bit; o Windows 2008 R2 32/64 bit; o Windows 2012 32/64 bit; o Windows 2012 R2 32/64 bit; o Windows 2016 32/64 bit ; ; Supported OS for UNIX\MAC\Linux:; Ubuntu 15 and Above; RedHat 7.2 and Above; Centos 6.7 and Above; Fedora 21 and Above; Debian 8.4 and Above; Suse 12 and Above; MAC (El Capitan 10.11 64 bit) and Above
• System requirements: S/W versions

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Technical Support Our technical experts will assist you with any technical issues you may encounter. CyOps 24/7 The Cynet cyber SWAT team (“CyOps”) operates from Cynet’s Security Operation Center (SOC) 24x7x365 and is comprised of experienced security specialists. CyOps personnel are trained to actively engage with customers whose Cynet 360 installation has detected a threat within the customer organization. Severity CyOps Response Response Time Critical *Call and email the customer Within 2 hours High *Call and email the customer Within 4 hours Medium Email Customer Within 12 hours Low Email Customer Within 24 hours
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: None or don’t know
• Phone support: Yes
• Phone support availability: 24 hours, 7 days a week
• Web chat support: No
• Onsite support: Onsite support
• Support levels: Support and maintenance costs are included in the annual subscription cost. Depending on the product level selected, support is 8x5 or 24x7. Our technical experts will assist you with any technical issues you may encounter. ; CyOps 24/7 The Cynet cyber SWAT team (“CyOps”) operates from Cynet’s Security Operation Center (SOC) 24x7x365 and is comprised of experienced security specialists. CyOps personnel are trained to actively engage with customers whose Cynet 360 installation has detected a threat within the customer organization. CyOps Commitments; • Operational 24x7x365 days a year. • Monitor alerts from the customer’s Cynet 360 installation and contact the customer’s contact persons via approved communication channels, based on the Alert Severity Matrix below. ; • CyOps staff will be available to the customer to provide recommended remediation steps of the detected threat. Severity CyOps Response ; Response Time Critical ; *Call and email the customer Within 2 hours High ; *Call and email the customer Within 4 hours Medium Email Customer Within 12 hours Low Email Customer Within 24 hours
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: Cynet's Customer Success team will guide you through the deployment process and make sure that your goals are met. Once you purchase a subscription to Cynet360 platform, a Customer Success Manager will be assigned your account.
• Service documentation: Yes
• Documentation formats:
  • HTML
  • PDF
• End-of-contract data extraction: Cynet will terminate the SaaS tenent, which permanently deletes all customer data
• End-of-contract process: You can either renew the service for another period or Cynet will terminate the SaaS tenent, which permanently deletes all customer data.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
• Application to install: Yes
• Compatible operating systems:
  • Windows Phone
  • Other
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: N/A
• Service interface: Yes
• User support accessibility: None or don’t know
• Description of service interface: The Cynet web-based GUI is an intuitave, user-friendly interface, which has been purposely developed to simplify security controls
• Accessibility standards: None or don’t know
• Description of accessibility: Via a browser
• Accessibility testing: None
• API: Yes
• What users can and can't do using the API: Cynet offers a rest API, where specific use cases can be developed, depending on the requirement
• API documentation: Yes
• API documentation formats: HTML
• API sandbox or test environment: No
• Customisation available: Yes
• Description of customisation: Creation of custom security policies, groups, API integrations with other technology in the environment, custom remediation/playbooks

Scaling

• Independence of resources: The cynet solution uses an infrastructure with auto scaling ability, therefore additional resources are added or removed when required

Analytics

• Service usage metrics: Yes
• Metrics types: Dashboard - highlights overall security scoring of solution specific to environment; Reports - various reports available for service
• Reporting types:
  • API access
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

• Supplier type: Reseller (no extras)
• Organisation whose services are being resold: Cynet

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: Up to Security Clearance (SC)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: No
• Datacentre security standards: Managed by a third party
• Penetration testing frequency: At least every 6 months
• Penetration testing approach: Another external penetration testing organisation
• Protecting data at rest: Other
• Other data at rest protection approach: Cynet monitors all activities performed on data at rest, including all user access, creation and deletion. In addition to this, Cynet uses the lowest privilege module for managing the data, to insure only relevant employees have access to the data. For portable and sensitive computers, we also encrypt the hard drives.
• Data sanitisation process: Yes
• Data sanitisation type:
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
• Equipment disposal approach: A third-party destruction service

Data importing and exporting

• Data export approach: Users have the ability to export forensic & alert data in .CSV. Reports can be reported to .PDF
• Data export formats:
  • CSV
  • Other
• Other data export formats: PDF
• Data import formats: Other
• Other data import formats:
  • In certain instances, users can upload data
  • To achieve specific outcomes

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • TLS (version 1.2 or above)
  • Other
• Other protection between networks: Only meta data is shared with the Cynet cloud. All data is kept in a dedicated schema per customer to ensure data isolation.
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • Other
• Other protection within supplier network: Cynet takes all necessary measures to assure customer data protection.; Cynet is ISO 27001 & ISO 27032 certified.; As part of the ISO certifications, we have security standards that we comply with and include; periodical assessments to both our internal network and our cloud-based infrastructure located in; AWS

Availability and resilience

• Guaranteed availability: Cynet’s target is 100% Availability of the Services. If the Availability Percentage during a given Subscription Year is less than 99.9%, you are eligible for a credit. This SLA applies only to your production environment of the Service, and not to any non-production environment. This SLA applies separately to each account using the Service. Unless otherwise provided herein, this SLA is subject to the terms of the applicable agreement for the Services between you and Cynet (“Agreement”) and capitalized terms will have the meaning specified in the Agreement. Definitions: “Available” or “Availability” means when the user interface for the Service can be logged into. Availability excludes any period of time that the Service cannot be logged into due to (i) a failure between your computer(s) or system(s) and the Internet; (ii) factors outside of Cynet’s reasonable control; (iii) any action or inaction of you or a User; or (iv) scheduled maintenance periods and necessary but unscheduled emergency maintenance.
• Approach to resilience: The Cynet 360 SaaS solution is deployed on the Amazon AWS IaaS. We utilize various AWS services such as EC2, EBS, RDS, Backup and more, to ensure high availability and disaster recovery. The System is deployed on multiple AWS Regions to ensure best performance for all customers. At each region we deploy a scalable traffic router for best ingestion of all incoming traffic that is then directed to the relevant internal service for further analysis.
• Outage reporting: Dashboards, alerting and email alerts

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Username or password
• Access restrictions in management interfaces and support channels: RBAC with 2-factor authentication Identity federation with existing provider (for example Google apps) Username or password
• Access restriction testing frequency: At least every 6 months
• Management access authentication:
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Username or password

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: Between 6 months and 12 months
• Access to supplier activity audit information: Users have access to real-time audit information
• How long supplier audit data is stored for: Between 6 months and 12 months
• How long system logs are stored for: Between 6 months and 12 months

Standards and certifications

• ISO/IEC 27001 certification: No
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: No
• Cyber essentials plus: No
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: ISO/IEC 27001
• Information security policies and processes: Based on ISO 27001, ISO 27032, our security program includes all GRC aspects. ; In addition Cynet is following NIST guidance and SSDLC

Operational security

• Configuration and change management standard: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Configuration and change management approach: Change request -> change approval chain -> approval -> test env implemention -> pre prod -> production
• Vulnerability management type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Vulnerability management approach: Our infrastructure is located on AWS. • Next generation firewall: • We maintain and regularly audit security groups in AWS and make sure only relevant employees have access to the back-end infrastructure. • All access to this environment is restricted to specific IP access, given only to the relevant employees and using multi factor authentication for each access. • All access to this environment is logged and monitored by our company SOC 24/7. • Data in motion – Cynet encrypts all data in motion. • Data at rest – Cynet monitors all activities performed on data at rest.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: All our servers are protected by the Cynet360 agent and monitored 24/7 by our CyOps SOC team.
• Incident management type: Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
• Incident management approach: The Cynet SOC is a 24/7/365 off-site secured location comprised of experiences security specialists. SOC personnel are trained to actively engage Customers whose Cynet 360 installation has detected a threat within The Customer’s organization. Incidents can be reported either by email, through the Cynet UI or automated through the tool itself. Incident reports can be requested by email or phone

Secure development

• Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

• Connection to public sector networks: No

Social Value

• Fighting climate change:

  Fighting climate change

  Cynet is committed to reduce the environment impact that its business activities may have. ; ; • Cynet uses as much as it can recyclable products.; • Cynet encourages greener transport by doing any of the following:; o Encourage staff to walk, cycle, car share or use public transport to get to work if possible.
• Tackling economic inequality:

  Tackling economic inequality

  Cynet is doing its bit to support local communities. ; ; • Sponsorship of or monetary donations to local charities.; • Staff participation in volunteering days.; • Supporting the surrounding community by employing local people.
• Equal opportunity:

  Equal opportunity

  • Cynet is for diversity and equal employment opportunities. Cynet adheres to the Equal Opportunities legislation such as the Human Rights Act 2010, Modern Slavery Act 2015, Employment (Equal Opportunities) Law, 5748-1988 and the Equal Rights For Persons With Disabilities Law, 5758-1998.; • Cynet encourages its’s employees to invest in their health, and in the environment, by providing free of charge Pilates training, working from home at least 2 times per week, etc. ; • Cynet’s wages exceed the National Minimum/ Living Wage, includes pension benefits, and healthcare plans* ; • Cynet has a dedicated HR personal, which regularly conduct interviews with company’s employees to ensure their satisfaction. ; • Cynet invests in the welfare of its employees by providing with leisure activities and rewarding work environment

Pricing

• Price: £11 a unit
• Discount for educational organisations: No
• Free trial available: Yes
• Description of free trial: Risk score Calculation of all the findings across the assessed environment Active threats Malware of various types, connection to phishing/malware distribution sites, etc Industry comparison Overall risk score of the assessed organization relative to its industry peers Vulnerable systems and apps Operating system and applications that miss critical security updates
• Link to free trial: https://go.cynet.com/free-threat-assessment

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

• Modern Slavery statement

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at bidreviewboard@integrity360.com. Tell them what format you need. It will help if you say what assistive technology you use.