Wizard Cyber

Extended Detection & Response (XDR) Service

Extended Detection and Response (XDR) service that identifies, contains and responds to cyber threats, ensuring the continual protection of an organisation’s assets and reputation. Our XDR service provides deep threat visibility and the ability to shut down attacks before they cause damage and disruption. (Microsoft Azure Sentinel)

Features

  • 24/7 SOC for proactive threat hunting and incident response
  • On-premise, hybrid & cloud security monitoring (AWS, Azure, M365, G-Suite)
  • Experienced professionals with offensive and defensive security expertise
  • High-quality threat intelligence from internal and external sources
  • Full incident analysis, investigation and triage
  • Actionable remediation guidance and automated response actions
  • SIEM, SOAR, UEBA, EDR
  • Vulnerability Management - VM
  • Network Detection & Response - NDR
  • SIEM, EDR, NDR - Full SOC Visibility Triad Solution

Benefits

  • Supplies everything needed to detect and respond to threats
  • Quickly elevates cyber security resilience to minimise risk
  • Enhances threat visibility and coverage across networks and endpoints
  • Identifies advanced threats that evade traditional security controls
  • Accelerates incident response to eliminate threats before they cause damage
  • Improves situational awareness amongst stakeholders
  • Fast to deploy and realise value
  • Avoids capital expenditure by supplying all resources as a subscription
  • Best of breed, vendor agnostic platform
  • Acts as extension of an organisation's in-house team

Pricing

£2,000 a unit a month

  • Education pricing available
  • Free trial available

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at adam.jones@wizardcyber.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 13

Service ID

7 8 1 7 2 7 3 2 9 5 6 4 7 1 0

Contact

Wizard Cyber Adam Jones
Telephone: 0800 029 1505‬
Email: adam.jones@wizardcyber.com

Service scope

Service constraints
https://docs.microsoft.com/en-us/azure/sentinel/quickstart-onboard
System requirements
https://docs.microsoft.com/en-us/azure/sentinel/

User support

Email or online ticketing support
Email or online ticketing
Support response times
24x7
User can manage status and priority of support tickets
No
Phone support
Yes
Phone support availability
24 hours, 7 days a week
Web chat support
No
Onsite support
Yes, at extra cost
Support levels
24x7
Support available to third parties
Yes

Onboarding and offboarding

Getting started
Wizard Cybers project management & onboarding team work closely with clients to define a service implementation plan. This plan is then actioned by the implementation team, supported by the SIEM Engineering team.
Service documentation
Yes
Documentation formats
PDF
End-of-contract data extraction
SIEM is deployed in customer environment and we never store any SIEM instances in our direct ownership. Data can be requested from our CYBERSHIELD system. Data download charges may apply.
End-of-contract process
Once a contractual agreement has ended, Wizard Cyber will, upon request, provide all data, confidential information and documentation that it holds in a readable format or CSV. Wizard Cyber will also ensure that it retains all records and data in accordance with applicable law.

Where required, Wizard Cyber can provide a range of exit assistance services to help the organisation to transition the service to an alternative supplier or manage the service themselves. The required assistance will be scoped and a suitable exit management plan will presented to the organisation with an estimation of the required professional services.

Wizard Cyber will always ensure that exit assistance services are performed in a professional, efficient, and orderly manner. Wizard Cyber can also provide continued support once a contractual agreement has ended up until the organisation is ready to transition these services. Additional charges will apply accordingly.

Using the service

Web browser interface
No
API
No
Command line interface
No

Scaling

Scaling available
Yes
Scaling type
Automatic
Independence of resources
The SIEM Solution is cloud based which is highly scalable and means we do not have any restrictions.
Usage notifications
Yes
Usage reporting
  • Email
  • Other

Analytics

Infrastructure or application metrics
Yes
Metrics types
Other
Other metrics
SOC & Security Statistics
Reporting types
  • Regular reports
  • Reports on request

Resellers

Supplier type
Not a reseller

Staff security

Staff security clearance
Conforms to BS7858:2019
Government security clearance
Up to Developed Vetting (DV)

Asset protection

Knowledge of data storage and processing locations
Yes
Data storage and processing locations
  • United Kingdom
  • European Economic Area (EEA)
User control over data storage and processing locations
Yes
Datacentre security standards
Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency
At least once a year
Penetration testing approach
‘IT Health Check’ performed by a CHECK service provider
Protecting data at rest
  • Physical access control, complying with CSA CCM v3.0
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Encryption of all physical media
Data sanitisation process
Yes
Data sanitisation type
Hardware containing data is completely destroyed
Equipment disposal approach
A third-party destruction service

Backup and recovery

Backup and recovery
No

Data-in-transit protection

Data protection between buyer and supplier networks
TLS (version 1.2 or above)
Data protection within supplier network
TLS (version 1.2 or above)

Availability and resilience

Guaranteed availability
< 99.9%
Approach to resilience
Available on Request
Outage reporting
Email Alerts

Identity and authentication

User authentication
  • 2-factor authentication
  • Username or password
Access restrictions in management interfaces and support channels
Allow approved individuals can discuss account.
Access Control/RBAC in place on Portal.
Access restriction testing frequency
At least every 6 months
Management access authentication
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Username or password
Devices users manage the service through
Directly from any device which may also be used for normal business (for example web browsing or viewing external email)

Audit information for users

Access to user activity audit information
Users have access to real-time audit information
How long user audit data is stored for
Between 6 months and 12 months
Access to supplier activity audit information
No audit information available
How long system logs are stored for
At least 12 months

Standards and certifications

ISO/IEC 27001 certification
Yes
Who accredited the ISO/IEC 27001
ISOQSL
ISO/IEC 27001 accreditation date
09/10/2017
What the ISO/IEC 27001 doesn’t cover
Scope includes entire organisation
ISO 28000:2007 certification
No
CSA STAR certification
No
PCI certification
No
Cyber essentials
Yes
Cyber essentials plus
Yes
Other security certifications
No

Security governance

Named board-level person responsible for service security
No
Security governance certified
Yes
Security governance standards
ISO/IEC 27001
Information security policies and processes
ISO 27001 Information Security Policies & Processes
Available on Request

Operational security

Configuration and change management standard
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Configuration and change management approach
Wizard Cybers CYBERSHIELD platform includes a ticket management system, which tracks and displays all system changes. We have various modules within the system to track certain areas such as ARC - Analytical Rule Control module for use case changes.

Prior to any system change being performed, the SIEM engineering team assesses the potential security impact. It also takes into account the status of any open tickets.
Vulnerability management type
Supplier-defined controls
Vulnerability management approach
As a managed security service provider, Wizard Cyber utilises a combination of aggregated threat intelligence, proactive vulnerability scanning, and penetration testing to ensure the platform is rigorously tested and continually patched.
Protective monitoring type
Supplier-defined controls
Protective monitoring approach
Wizard Cybers XDR service is not only available to customers, but also deployed internally to proactively detect and respond to threats.

Utilising the full suite of detection tools and methodologies available to customers, Wizard Cybers SOC also ensures its own operations are monitored for threats 24/7.

When an incident is detected, Wizard Cybers incident responders are available to perform immediate threat analysis and remediation.
Incident management type
Supplier-defined controls
Incident management approach
Wizard Cyber follows the CREST Cyber Security Incident Response (CSIR) scheme.

Secure development

Approach to secure software development best practice
Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Separation between users

Virtualisation technology used to keep applications and users sharing the same infrastructure apart
No

Energy efficiency

Energy-efficient datacentres
Yes
Description of energy efficient datacentres
Microsoft Azure

Social Value

Fighting climate change

Fighting climate change

Cloud Based Service
Azure Datacentres - Energy Efficient

Pricing

Price
£2,000 a unit a month
Discount for educational organisations
Yes
Free trial available
Yes
Description of free trial
30-60 Day POV

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at adam.jones@wizardcyber.com. Tell them what format you need. It will help if you say what assistive technology you use.