Email Authentication, SPF, DKIM, DMARC & BIMI Platform
EmailAuthentication-as-a-Service platform enables Brand Protection, Anti-Spoofing, Anti-Phishing, enhances email deliverability and provides full visibility of email as a channel. It uses SPF, DKIM, BIMI and DMARC. DMARC is part of the Active Cyber Defence Program.
We provide Security Awareness & Training alongwith EmailRemediation to mitigate risk at the Human Layer.
Features
- UK's first & only Email Authentication-as-a-Service platform (EaaS).
- Platform does the heavy lifting associated with DMARC.
- UK based pioneer in Email Authentication. Data centres in London.
- Security: Block spoofing/phishing/impersonation emails.
- Visibility: Detailed insights giving full context of email attacks.
- Deliverability: Significantly enhance deliverability of B2C and B2B emails
- Integrate with SIEM, SOC, Firewalls, all security products & platforms.
- Deployed in under 2 minutes. NO Software to be installed.
- Exchange, Office 365, G Suite and other email services compatible.
- Real-Time threat intelligence to mitigate risk from email.
Benefits
- DMARC, SPF and DKIM implementation made easy.
- Brand-Protection, Anti-Spoofing, Anti-Phishing & Email-Deliverability in one platform.
- Email is the largest attack vector. Email Authentication mitigates risk.
- Security Automation saves time on People, Process and Technology.
- SmartSPF, SmartDKIM, Alerts-Engine, APIs achieve 'p=reject'
- Ensure no one can send email from you, except you.
- Stop email impersonation attacks on employees, partners and customers.
- Global governments are making Email Authentication 'mandatory'.
- The easiest uplift in cyber security. Deployed in under 2-minutes.
- Your Email security is 'your' responsibility. Don't react...be pro-active.
Pricing
£1,200 to £250,000 an instance a year
- Education pricing available
- Free trial available
Service documents
Request an accessible format
Framework
G-Cloud 13
Service ID
8 0 3 3 3 2 3 0 0 1 0 4 5 6 4
Contact
Infosec Ventures
Ankush Johar
Telephone: +442079930067
Email: aj@infosecventures.com
Service scope
- Software add-on or extension
- No
- Cloud deployment model
-
- Public cloud
- Private cloud
- Community cloud
- Hybrid cloud
- Service constraints
- No
- System requirements
-
- No specific requirements.
- SaaS based service accessible via a simple browser.
User support
- Email or online ticketing support
- Email or online ticketing
- Support response times
- UK Business Hours Support
- User can manage status and priority of support tickets
- Yes
- Online ticketing support accessibility
- WCAG 2.1 AAA
- Phone support
- Yes
- Phone support availability
- 9 to 5 (UK time), Monday to Friday
- Web chat support
- No
- Onsite support
- Yes, at extra cost
- Support levels
-
Level 1: Basic.
Level 2: Advanced.
Level 3: Fully Managed.
A Customer Success Manager is assigned to each customer. - Support available to third parties
- Yes
Onboarding and offboarding
- Getting started
- Easy to use and understand interface built to modern standards ensures that minimal training is required. Contextual help where required is provided. Additional training is available remotely or on-site at an extra cost.
- Service documentation
- Yes
- Documentation formats
- End-of-contract data extraction
- A data file can be provided to export data out of the system. Additional cost may be incurred depending on duration and effort required.
- End-of-contract process
- 12 Months data is available free of cost. Data older than 6 months needs to be pulled from Archives, and this may incur a fee depending on the duration data is requested for.
Using the service
- Web browser interface
- Yes
- Supported browsers
-
- Internet Explorer 11
- Microsoft Edge
- Firefox
- Chrome
- Safari
- Opera
- Application to install
- No
- Designed for use on mobile devices
- Yes
- Differences between the mobile and desktop service
- Some configuration options may not be available on the mobile to ensure good user experience.
- Service interface
- No
- User support accessibility
- WCAG 2.1 AAA
- API
- Yes
- What users can and can't do using the API
- APIs can be used to integrate with other security platforms including but not limited to Email Security Gateways, Firewalls, SIEM among others.
- API documentation
- Yes
- API documentation formats
-
- HTML
- Other
- API sandbox or test environment
- Yes
- Customisation available
- Yes
- Description of customisation
- Customisation is possible for all features across the service.
Scaling
- Independence of resources
- This is a SaaS platform. Scaling is built within the architecture and due to availability on hugely scalable infrastructure this is not an area of concern.
Analytics
- Service usage metrics
- Yes
- Metrics types
- Detailed Analytics on IPs, Emails Authenticated, Threat intelligence, among others
- Reporting types
-
- API access
- Real-time dashboards
- Regular reports
- Reports on request
Resellers
- Supplier type
- Not a reseller
Staff security
- Staff security clearance
- Conforms to BS7858:2019
- Government security clearance
- Up to Developed Vetting (DV)
Asset protection
- Knowledge of data storage and processing locations
- Yes
- Data storage and processing locations
-
- United Kingdom
- European Economic Area (EEA)
- Other locations
- User control over data storage and processing locations
- Yes
- Datacentre security standards
- Managed by a third party
- Penetration testing frequency
- At least every 6 months
- Penetration testing approach
- Another external penetration testing organisation
- Protecting data at rest
- Scale, obfuscating techniques, or data storage sharding
- Data sanitisation process
- Yes
- Data sanitisation type
-
- Explicit overwriting of storage before reallocation
- Deleted data can’t be directly accessed
- Equipment disposal approach
- A third-party destruction service
Data importing and exporting
- Data export approach
- Available on request
- Data export formats
- Other
- Data import formats
- Other
Data-in-transit protection
- Data protection between buyer and supplier networks
- TLS (version 1.2 or above)
- Data protection within supplier network
-
- TLS (version 1.2 or above)
- Other
- Other protection within supplier network
- Industry best practices
Availability and resilience
- Guaranteed availability
- SLAs are defined by the Terms of service. Service is available 24X7, with a 99.5% uptime assurance.
- Approach to resilience
- Available on request
- Outage reporting
- Email Alerts
Identity and authentication
- User authentication needed
- Yes
- User authentication
-
- 2-factor authentication
- Identity federation with existing provider (for example Google Apps)
- Username or password
- Access restrictions in management interfaces and support channels
- Access is restricted to authorised and authenticated users only.
- Access restriction testing frequency
- At least every 6 months
- Management access authentication
-
- 2-factor authentication
- Public key authentication (including by TLS client certificate)
- Identity federation with existing provider (for example Google Apps)
- Limited access network (for example PSN)
- Dedicated link (for example VPN)
- Username or password
Audit information for users
- Access to user activity audit information
- Users contact the support team to get audit information
- How long user audit data is stored for
- At least 12 months
- Access to supplier activity audit information
- Users contact the support team to get audit information
- How long supplier audit data is stored for
- At least 12 months
- How long system logs are stored for
- User-defined
Standards and certifications
- ISO/IEC 27001 certification
- Yes
- Who accredited the ISO/IEC 27001
- INTERCERT
- ISO/IEC 27001 accreditation date
- 31/12/2020
- What the ISO/IEC 27001 doesn’t cover
- Covered entirely.
- ISO 28000:2007 certification
- No
- CSA STAR certification
- No
- PCI certification
- No
- Cyber essentials
- No
- Cyber essentials plus
- No
- Other security certifications
- No
Security governance
- Named board-level person responsible for service security
- Yes
- Security governance certified
- Yes
- Security governance standards
- ISO/IEC 27001
- Information security policies and processes
- Strict policies & processes are in place, and are overseen by Risk officers regularly.
Operational security
- Configuration and change management standard
- Supplier-defined controls
- Configuration and change management approach
- Industry best practices are followed to very high standards.
- Vulnerability management type
- Supplier-defined controls
- Vulnerability management approach
- Industry best practices are followed to very high standards. Continuous security testing is carried out including but not limited Source code reviews, constant pen-testing, Securathons, Crowd-Security powered constructs among others.
- Protective monitoring type
- Supplier-defined controls
- Protective monitoring approach
- Industry best practices are followed to very high standards.
- Incident management type
- Supplier-defined controls
- Incident management approach
- Industry best practices are followed to very high standards.
Secure development
- Approach to secure software development best practice
- Supplier-defined process
Public sector networks
- Connection to public sector networks
- No
Social Value
- Fighting climate change
-
Fighting climate change
Fighting climate change. Further information is available. - Covid-19 recovery
-
Covid-19 recovery
Covid-19 recovery. Further information is available. - Tackling economic inequality
-
Tackling economic inequality
Tackling economic inequality. Further information is available. - Equal opportunity
-
Equal opportunity
Equal opportunity. Further information is available. - Wellbeing
-
Wellbeing
Wellbeing. Further information is available.
Pricing
- Price
- £1,200 to £250,000 an instance a year
- Discount for educational organisations
- Yes
- Free trial available
- Yes
- Description of free trial
- Limited to full access available during the trial.