RAZOR THORN SECURITY LTD

Compliance & Security - Endpoint Hardening - Senteon

Senteon automates cybersecurity processes for businesses, hardening workstations, servers, and browsers against cyber threats. It enforces best practices and compliance standards, streamlining security management and reducing vulnerabilities through continuous monitoring and updating based on industry benchmarks like CIS.

Features

• Security configuration remediation.
• Configuration Monitoring.
• Setting configuration enforcement.
• Configuration set reporting.
• Setting change tracking.
• Evaluation period to identify existing risk on endpoint configurations.
• Streamlined configuration management.
• Crosswalk compliance from CIS for audits.

Benefits

• Remediate security gaps quickly.
• Aids in meeting regulatory and compliance standards.
• Limits the number of entry points to attackers.
• Enhances system performance and reliability.

£1.50 a unit

• Free trial available

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at sophia.durham@razorthorn.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

785820553605339

Contact

Sophia Durham
+447470334993
sophia.durham@razorthorn.com

Service scope

• Software add-on or extension: No
• Cloud deployment model: Public cloud
• Service constraints: No.
• System requirements:
  • Windows workstation.
  • Servers.

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Response times are slower over the weekends but we generally get to all of our support items within the next 24 hours. If items require longer to address, we will let them know.
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: None or don’t know
• Phone support: No
• Web chat support: No
• Onsite support: No
• Support levels: We only provide a single standard level of support - but will escalate necessary problems up for support calls.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: Onboarding with Senteon or certified Senteon onboarder. Documentation with step by step is available.
• Service documentation: Yes
• Documentation formats:
  • HTML
  • PDF
  • Other
• Other documentation formats: Web-based.
• End-of-contract data extraction: Export is available on all data tables within the solution.
• End-of-contract process: Agent stops enforcing processes. Services and data are still available, but settings will no longer be applied by Senteon.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Microsoft Edge
  • Firefox
  • Chrome
• Application to install: Yes
• Compatible operating systems:
  • Windows
  • Other
• Designed for use on mobile devices: No
• Service interface: Yes
• User support accessibility: None or don’t know
• Description of service interface: Webapp that allows for the management of security configurations.
• Accessibility standards: None or don’t know
• Description of accessibility: N/A
• Accessibility testing: N/A
• API: No
• Customisation available: No

Scaling

• Independence of resources: Load balancing and elastic scaling via AWS services.

Analytics

• Service usage metrics: Yes
• Metrics types: Agents in use, agent statuses and diagnostics, settings applied and drifted.
• Reporting types:
  • Real-time dashboards
  • Regular reports

Resellers

• Supplier type: Reseller providing extra support
• Organisation whose services are being resold: Senteon.

Staff security

• Staff security clearance: Staff screening not performed
• Government security clearance: None

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: Other locations
• User control over data storage and processing locations: No
• Datacentre security standards: Managed by a third party
• Penetration testing frequency: Never
• Protecting data at rest:
  • Physical access control, complying with another standard
  • Encryption of all physical media
  • Scale, obfuscating techniques, or data storage sharding
• Data sanitisation process: No
• Equipment disposal approach: In-house destruction process

Data importing and exporting

• Data export approach: They can either use our client-side report generation feature for PDF, PPTX, XLSX, or CSV reports or they can export any table within the system as a CSV.
• Data export formats:
  • CSV
  • Other
• Other data export formats:
  • PDF
  • XLSX
  • PPTX
• Data import formats: Other
• Other data import formats: N/A

Data-in-transit protection

• Data protection between buyer and supplier networks: TLS (version 1.2 or above)
• Data protection within supplier network: TLS (version 1.2 or above)

Availability and resilience

• Guaranteed availability: We guarantee a 99% availability in our service order form.
• Approach to resilience: Available on Request.
• Outage reporting: We don't currently perform any outage reporting.

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Username or password
  • Other
• Other user authentication: Email Verification.
• Access restrictions in management interfaces and support channels: We run a backend identity and access management service that controls access to management interfaces. Support channel access control is managed by the service provider and access is independent of the management interface.
• Access restriction testing frequency: At least every 6 months
• Management access authentication:
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Dedicated link (for example VPN)
  • Username or password

Audit information for users

• Access to user activity audit information: No audit information available
• Access to supplier activity audit information: Users contact the support team to get audit information
• How long supplier audit data is stored for: Between 1 month and 6 months
• How long system logs are stored for: Between 1 month and 6 months

Standards and certifications

• ISO/IEC 27001 certification: No
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: No
• Cyber essentials plus: No
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: No
• Security governance approach: Technical Excellence & Employee Handbook.
• Information security policies and processes: "We maintain our standards and process verified and approved within our knowledge base. Some of these standards include but are not limited to:; Web Browser Standards; Password/MFA Standards; File Storage Standards; Cryptographic Standards "

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: Our infrastructure is managed as infrastructure as code (IaC) and all changes go through a life cycle with testing security scans and approvals.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: We keep track of potential threats to our dependencies through their mailing lists. We run static security scans, library vulnerability scans, and print out our dependencies.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: We utilize container insights and log management to identify potential compromises.
• Incident management type: Supplier-defined controls
• Incident management approach: User reported incidents are sent to us via the standard support email. We also have a vulnerability disclosure email. There are currently no pre-defined processes for common events.

Secure development

• Approach to secure software development best practice: Supplier-defined process

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Covid-19 recovery
  • Tackling economic inequality
  • Equal opportunity
  • Wellbeing

  Fighting climate change

  "Razorthorn is dedicated to combating climate change and has set a bold target of achieving Net Zero emissions by 2025. To fulfil this commitment, we prioritise tangible reductions in emissions through collaborative efforts with key suppliers and empowering our team to make climate-conscious travel decisions.; ; As a socially responsible business, Razorthorn upholds the highest standards of ethics and professionalism. Our efforts fall into two main categories: compliance and proactiveness. Compliance entails adhering to legal obligations and community values, while proactiveness involves initiatives to promote human rights, support communities, and safeguard the environment.; In addition to meeting legal requirements, we actively engage in environmental protection initiatives such as recycling, energy conservation, and adoption of eco-friendly technologies. We are in the process of aligning our operations with ISO 14001 standards for Environmental Management to continually improve our environmental performance.; Razorthorn is committed to delivering further environmental benefits, including striving towards net zero greenhouse gas emissions, as part of our ongoing contract performance."

  Covid-19 recovery

  Razorthorn's mission is to enhance workplace conditions for COVID-19 recovery, emphasising social distancing, remote work, and sustainable travel. Our G Cloud 14 services aid organisations in managing and rebounding from COVID-19 impacts, promoting remote service delivery to mitigate transmission risks. We support remote work and enforce social distancing in offices, with travel following the most recent COVID-19 guidelines.

  Tackling economic inequality

  Razorthorn actively tackles economic inequality by strengthening supply chains and managing cyber security risks in contracts. We promote innovation in supply chains for cost-effective, high-quality goods. Our social responsibility drives us to support local charities, nurture future security professionals, and address regional inequality through inclusive recruitment and skill development initiatives.

  Equal opportunity

  Razorthorn is dedicated to detecting, managing, and mitigating modern slavery risks within contract delivery and supply chains. We actively combat employment, skills, and pay disparities within our workforce. Our firm adheres to rigorous 'Equal Opportunity' and 'Equality and Diversity' policies, ensuring fair treatment across all engagements.

  Wellbeing

  Razorthorn is deeply committed to safeguarding and promoting the physical and mental health and well-being of our workforce. Our support begins with the initial recruitment process and extends throughout every working day within the organisation. For team members facing challenges such as disabilities, mental health conditions, or caring responsibilities, we have an established network that offers a supportive environment to connect with peers, seek advice, and share experiences.

Pricing

• Price: £1.50 a unit
• Discount for educational organisations: No
• Free trial available: Yes
• Description of free trial: Free Trial for 21 days and up to 10 endpoints.
• Link to free trial: App.senteon.co

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at sophia.durham@razorthorn.com. Tell them what format you need. It will help if you say what assistive technology you use.