BlueFort Security Ltd

Silverfort Unified Identity Protection Platform powered by BlueFort Evolve

Allows organisations to protect their Active Directory Environment and Users, by the use of user behaviour analysis, MFA, Service Account Protection and ITDR

Features

• User Behaviour Analysis Monitor User Behaviour to detect cyber attack
• Service Account Discovery: Automate the Discovery of Service Accounts
• Service Account Protection: Control options to stop lateral movement
• Extend MFA: to uses accessing on-premise critical assets
• Use MFA for activities like RDP, Powershell, PSExec, Fileshare Access
• Authentication Firewall: Restrict access to critical assets
• ITDR: Detect and report malicious user activity, export to SIEM
• Identity Attack Response: Restrict user and machine activity when threatened
• Priviledge Access Management: Restrict and Monitor Privileged User Access
• Logs Management: Enhance Active Director Logs

Benefits

• Apply Zero Trust to Users and Machines
• Stop users machines moving laterally in network
• Protect AD and AD User from cyber attack
• Ransomware Protect. Stop ransomware being distributed through your environment
• Protect agaDetect changes in user behaviour and restrict user activity
• Supply Chain Management: Restrict 3rd parties and contractors network access
• Discovery Detail Service Account. Automate Service Account Discovery Classification
• Active Director Hygiene. Automate the management of Active Directory
• On-Premise Conditional Access.
• SIEM alert enrichment. Provide additional Active Directory authentication detail

£5.00 to £500 a unit

• Education pricing available
• Free trial available

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at Dave.Henderson@bluefort.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

807848768849026

Contact

David Henderson
01252 917000
Dave.Henderson@bluefort.com

Service scope

• Software add-on or extension: Yes, but can also be used as a standalone service
• What software services is the service an extension to: We extend. Microsoft Entra MFA, DUO MFA, PING MFA, OKTA MFA, FIDO Tokens, Microsoft Entra Conditional Access, Microsoft for Defender and Identity,
• Cloud deployment model: Private cloud
• Service constraints: No
• System requirements:
  • Minimum AWS - t3a.2xlarge ,
  • Minimum Azure D8as_v3
  • 32GB RAM on VMs
  • 8 CPU core
  • Port 433

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Fill in later
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: WCAG 2.1 AA or EN 301 549
• Phone support: Yes
• Phone support availability: 24 hours, 7 days a week
• Web chat support: Web chat
• Web chat support availability: 24 hours, 7 days a week
• Web chat support accessibility standard: WCAG 2.1 AA or EN 301 549
• Web chat accessibility testing: None to be reported here
• Onsite support: Yes, at extra cost
• Support levels: BlueFort can provide 24x7 to wrap around the standard service with Silverfort
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: BlueFort provide full deployment configuration management, health checks and training for Silvefort deployments. We provide full documentation.
• Service documentation: Yes
• Documentation formats: PDF
• End-of-contract data extraction: Their data is not held outside their own environment so not relevant
• End-of-contract process: The software will cease to perform if the service is not renewed.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
• Application to install: Yes
• Compatible operating systems:
  • Android
  • IOS
  • Linux or Unix
  • MacOS
  • Windows
  • Windows Phone
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: Access is secured using both mobile and desktop devices. It offers authentication methods tailored for mobile devices, such as push notifications, biometric authentication (fingerprint, face recognition), and one-time passcodes delivered via SMS or authenticator apps. Desktop typically supports a wider range of authentication methods suitable for desktop environments, such as push notifications, biometrics (if supported by the device), OTP tokens, and passwordless authentication.
• Service interface: Yes
• User support accessibility: WCAG 2.1 AA or EN 301 549
• Description of service interface: Silverfort's service interface provides a centralized platform for managing authentication and access control across various resources within an organization. The interface typically consists of a web-based dashboard accessible through a standard web browser. Here are some key features and components you might find in Silverfort's service interface
• Accessibility standards: WCAG 2.1 AA or EN 301 549
• Accessibility testing: X
• API: Yes
• What users can and can't do using the API: Ingest data feeds into behavioural analytics engine. Export data into 3rd party product. Ingest data feeds into behavioural analytics engine. Export date into 3rd party product.
• API documentation: Yes
• API documentation formats: Open API (also known as Swagger)
• API sandbox or test environment: No
• Customisation available: Yes
• Description of customisation: Authenticator can be changed to show customer logo and text

Scaling

• Independence of resources: N/a

Analytics

• Service usage metrics: Yes
• Metrics types: Silverfort can provide data on deployed users
• Reporting types:
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

• Supplier type: Reseller providing extra features and support
• Organisation whose services are being resold: Silverfort

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: Up to Developed Vetting (DV)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: European Economic Area (EEA)
• User control over data storage and processing locations: Yes
• Datacentre security standards: Managed by a third party
• Penetration testing frequency: At least once a year
• Penetration testing approach: ‘IT Health Check’ performed by a CHECK service provider
• Protecting data at rest: Other
• Other data at rest protection approach: Data at rest AES (256bit)
• Data sanitisation process: No
• Equipment disposal approach: A third-party destruction service

Data importing and exporting

• Data export approach: Their data is not held outside their own environment
• Data export formats: Other
• Other data export formats:
  • Not relevant
  • Not relevant
• Data import formats: Other
• Other data import formats:
  • N/a
  • N/a

Data-in-transit protection

• Data protection between buyer and supplier networks: Other
• Other protection between networks: N/a
• Data protection within supplier network: Other
• Other protection within supplier network: N/a

Availability and resilience

• Guaranteed availability: P1 - 2hours. ; P2 - 10 hours. ; P3 - 2 days. ; P4 - 5 Days
• Approach to resilience: Available on request and under NDA only
• Outage reporting: This will be issues via email.

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Dedicated link (for example VPN)
  • Username or password
• Access restrictions in management interfaces and support channels: The Silverfort Admin Console WebUI supports granular RBAC with the ability to create different 'Roles/Personas' within it to cater for the needs of Help/Support Desk, Auditors, Read-Only, Operators, Administrators, etc., using several different settings that can be individually set to be Not Accessible/View/Edit.
• Access restriction testing frequency: At least once a year
• Management access authentication:
  • 2-factor authentication
  • Username or password

Audit information for users

• Access to user activity audit information: Users receive audit information on a regular basis
• How long user audit data is stored for: User-defined
• Access to supplier activity audit information: Users contact the support team to get audit information
• How long supplier audit data is stored for: User-defined
• How long system logs are stored for: User-defined

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: IQNET
• ISO/IEC 27001 accreditation date: 06/12/2022
• What the ISO/IEC 27001 doesn’t cover: N/A
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: No
• Cyber essentials plus: No
• Other security certifications: Yes
• Any other security certifications: SOC2 Type2

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: ISO/IEC 27001
• Information security policies and processes: ISO 27001

Operational security

• Configuration and change management standard: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Configuration and change management approach: "In accordance with the organization's documented procedures:; • All change requests must be documented.; • All significant changes must be communicated to impacted users.; • Any changes to the security architecture or customer data handling of a system must be approved in advance by the CISO. All other changes require the approval of the VP R&D, or his delegates.; • The VP R&D shall ensure an appropriate Change Approval Board is chartered and; oversees change, at both the infrastructure and application level. This CAB should; include representatives, voting and non-voting members, who are subject matter; experts. ; Cont.....
• Vulnerability management type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Vulnerability management approach: Conforms to CIS-7-CVSS-; more detail to be given upon request. not enough room to detail this is gcloud
• Protective monitoring type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Protective monitoring approach: Conforms to CIS Vulnerability Management Lifecycle:; ASSESS & Identify Silverrfort identifies all their proprietary code, third-party; applications, sensitive data, open-source components and other digital assets, and then identiies their; weaknesses. Assessment tools and scanners help with this process, which is repeated
• Incident management type: Supplier-defined controls
• Incident management approach: 1) Predefined process for common events. 2) Users report to CISO or User Contacted dependant on type of event 3) Incidents are reported via Office of the CISO

Secure development

• Approach to secure software development best practice: Conforms to a recognised standard, but self-assessed

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  • Tackling economic inequality
  • Equal opportunity
  • Wellbeing

  Tackling economic inequality

  Through partnering with BlueFort, you will be actively supporting the creation of employment and training opportunities designed to help address the shortage of cyber security skills within the UK. Each additional contract provides a new opportunity for BlueFort to:; • Increase the amount of specialist cyber security roles within the business. Over 80% of our current workforce are in specialist cyber security roles. In line with our own growth plan, our target is to increase the amount of specialist roles by 50% by 2028. ; • Encourage the uptake of cyber security careers for school leavers and undergraduates. We commit to partnering with local schools and higher educational institutions. Our target is to offer 4 industry placements per year from 2025. ; In addition to the above, BlueFort’s service also actively supports the creation of diverse supply chains. We partner with a wide variety of specialist technology vendors and contractors to deliver our service. Each contract provides additional opportunities for new businesses, start-ups, and SMEs within the cyber security sector to grow and continue to innovate. ; • We support innovation and disruptive technologies. Our solution portfolio is continuously updated and reviewed.

  Equal opportunity

  BlueFort are actively working towards improving workforce inequality. Women and minorities are for example currently underrepresented within the cyber security industry. For example, fewer than 25% of cyber security professionals currently come from minority backgrounds. Each additional contract provides a new opportunity for BlueFort to work towards achieving our equal opportunities targets. We are currently: ; • Working with local educational institutions to promote the uptake of STEM qualifications amongst underrepresented groups. We commit to providing key staff to attend National Careers Week events at local educational institutions, with the aim to raise awareness of the benefits of work within the industry. ; • Working to increase the number of women in cyber security roles within the business. Our target is to increase the number of women in specialist roles by 75% by 2028. In order to remove key barriers, BlueFort have committed to ensure that all roles continue to be able to be worked remotely, that we continue to implement fair compensation practices, and that we offer enhanced family friendly benefits (including occupational family leave arrangements). ; • Our Equal Opportunities and Respect at Work Policy confirms our commitment to eliminating discrimination, victimisation, harassment (as defined by the Equality Act 2010) and bullying. Our Diversity and Inclusion Policy outlines our expectations of employees in their behaviours to others. To underline our commitment to equality, we have a dedicated Equality Complaints Procedure, designed to deal with such complaints in a way that makes all individuals, including those from minority groups, feel more comfortable raising concerns.

  Wellbeing

  BlueFort takes the health and wellbeing of its workforce seriously. We provide a range of wellbeing benefits and aim to treat employees who are sick with dignity and respect, providing support, and (if appropriate and practicable) workplace adjustments that may assist that individual to continue productive employment with the Company. BlueFort currently partner with Vitality to support our goal to build a healthier and happier workforce. Via Vitality Private Medical Insurance and Vitality at Work Business, we provide staff with a comprehensive health and wellbeing service offering that helps to address some of the leading causes of workplace absence, as well as offering many proven health and wellbeing benefits (including GP consultations and mental health treatment, including Cognitive Behavioural Therapy and counselling).

Pricing

• Price: £5.00 to £500 a unit
• Discount for educational organisations: Yes
• Free trial available: Yes
• Description of free trial: 14 days trial of the unified protection platform on an agreed number of domain controllers.

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at Dave.Henderson@bluefort.com. Tell them what format you need. It will help if you say what assistive technology you use.