Skip to main content

Help us improve the Digital Marketplace - send your feedback

Dispel, LLC

Secure Remote Access

Dispel's secure remote access product is worth considering if your team needs to standardize, harden, monitor, or efficiently manage access into industrial control systems (for example, SCADA), legacy environments, or critical networks.

Features

  • Secure Remote Access
  • Moving Target Defence
  • Role Based Access Control
  • Enforced Multi-Factor Authentication (2FA & MFA)
  • Screen Recording and Live Streaming
  • Full Traffic Logs & SIEM integrations
  • Form-Based Access Control
  • End-to-End AES-256 Encryption
  • Active Directory, Okta, and Microsoft SSO integrations for IAM
  • Data Streaming and Exfiltration

Benefits

  • Standardize how operational technology is accessed.
  • Standardize how access to operational technology is managed.
  • Streamline your access and approval processes with forms.
  • Assert user, device, port, protocol, and timeframe control on access.
  • Make an inherently current governance model using time-based approvals.
  • Provide data streams to contractors in minutes.
  • Segment your IT, OT, and Project networks in hours.
  • Shift your networks to a Moving Target Defense posture.
  • Get coherent, auditable insight into your access processes.

Pricing

£25,000 a unit a year

  • Free trial available

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at llyr.garner@dispel.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 13

Service ID

8 2 2 8 5 2 3 7 1 2 9 3 5 1 0

Contact

Dispel, LLC Llyr Garner
Telephone: + 1 917 268 5190
Email: llyr.garner@dispel.com

Service scope

Service constraints
- Remote access is brokered to local networks via a hardware or virtual appliance. You will need to set a planned schedule to update this appliance.
- The orchestration engine responsible for providing the service is typically managed by Dispel. Customers have the ability to purchase single-tenant licenses for orchestration engines.
- Customers may supply their own cloud accounts.
- Virtual desktop and other virtual asset customizations need to be performed by Dispel.
System requirements
  • Virtual Gateway Appliance - on-premises VM size requirements
  • BYO Hardware appliance - size requirements
  • VDI (Custom Applications) - BYO licenses
  • Cloud accounts - optional BYO subscription
  • SSO Integrations - optional OAuth2.0, AD, SAML
  • MFA - optional ToTP & Hardware Tokens

User support

Email or online ticketing support
Email or online ticketing
Support response times
Within 24hrs
User can manage status and priority of support tickets
Yes
Online ticketing support accessibility
WCAG 2.1 AA or EN 301 549
Phone support
Yes
Phone support availability
24 hours, 7 days a week
Web chat support
Web chat
Web chat support availability
24 hours, 7 days a week
Web chat support accessibility standard
WCAG 2.1 AA or EN 301 549
Web chat accessibility testing
https://www.intercom.com/help/en/articles/2530813-is-the-intercom-messenger-accessible

Tested against WCAG 2.0 Level AA
Onsite support
Yes, at extra cost
Support levels
Dispel provides all customers with customer support. Dispel differentiates support from incidents. Support is defined as helping users use the services while an incident is an outage or error in services. Dispel monitors for outages and errors 24/7 and provides SLAs for response plans and uptime guarantees. Dispel actively monitors support submissions from 9 AM EST to 6 PM EST Monday through Friday, excluding nationally recognized holidays in the United States.

Dispel provides Priority 1, 2, and 3 support for customers. The target response times are 2 hours, 1 day, and 3 days respectively.

For customers that require support with implementation and custom applications, Dispel can provide packages scoped based on the type of work. Because each customer need may be different, we tailor pricing based on outcome measures.
Support available to third parties
Yes

Onboarding and offboarding

Getting started
By default, we provide training and documentation to the Admin, who in turn train and onboard their users. Upon request, we provide custom online training. For additional cost, we also provide onsite training.
Service documentation
Yes
Documentation formats
  • HTML
  • PDF
End-of-contract data extraction
All Dispel deployments are single-tenant, so when a customer's contract ends, their infrastructure is entirely destroyed and wiped. We also remove all information from that customer from the database. If they would like, we can send them a copy to store before ensuring all data relating to the customer is destroyed from Dispel systems.
End-of-contract process
All Dispel deployments are single-tenant, so when a customer's contract ends, their infrastructure is entirely destroyed and wiped. We also remove all information from that customer from the database. If they would like, we can send them a copy to store before ensuring all data relating to the customer is destroyed from Dispel systems

Using the service

Web browser interface
Yes
Using the web interface
Users log into their account, request access, and receive credentials for their remote access session through the web interface.

Admins use the web interface to manage user accounts, approve access requests, and configure access rules for devices.
Web interface accessibility standard
WCAG 2.1 AA or EN 301 549
Web interface accessibility testing
For UK Article 3(1) of Commission Implementing Decision (EU) 2018/1523, Dispel's accessibility statement was prepared using Version 2.4 of the ITI Voluntary Product Accessibility Template® (VPAT®) INI edition. The evaluation methods used were based on general product knowledge and testing with assistive technologies.
API
Yes
What users can and can't do using the API
Dispel's API is a closed access API which users cannot directly access. User actions are brokered through the front-end web console.
API automation tools
Ansible
API documentation
Yes
API documentation formats
Open API (also known as Swagger)
Command line interface
No

Scaling

Scaling available
Yes
Scaling type
Automatic
Independence of resources
Each user has a dedicated (single-tenant) virtual desktop. Each regional cloud SD-WAN is independent of other customer networks and other regional networks within a single customer.
Usage notifications
Yes
Usage reporting
  • Email
  • Other

Analytics

Infrastructure or application metrics
Yes
Metrics types
  • Memory
  • Network
  • Number of active instances
Reporting types
Reports on request

Resellers

Supplier type
Not a reseller

Staff security

Staff security clearance
Conforms to BS7858:2019
Government security clearance
Up to Developed Vetting (DV)

Asset protection

Knowledge of data storage and processing locations
Yes
Data storage and processing locations
  • United Kingdom
  • European Economic Area (EEA)
  • Other locations
User control over data storage and processing locations
Yes
Datacentre security standards
Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency
At least once a year
Penetration testing approach
Another external penetration testing organisation
Protecting data at rest
  • Physical access control, complying with CSA CCM v3.0
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Encryption of all physical media
  • Scale, obfuscating techniques, or data storage sharding
Data sanitisation process
Yes
Data sanitisation type
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
Equipment disposal approach
Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Backup and recovery

Backup and recovery
Yes
What’s backed up
  • Wicket VM instances.
  • Customized routing nodes.
  • Deployed VMs that are networked into an Enclave.
  • Recorded virtual desktop sessions.
  • All databases behind admin console.
  • Traffic Logs - often sent to customer SIEM.
Backup controls
(1) Wicket virtual appliances may be backed up manually dependent upon the virtualization platform they are deployed on.
(2+3) Cloud VMs may be "snapshot" at the cloud provider level on a schedule or ad-hoc.
(4) Specific recordings may be exported for backup purposes on an ad-hoc basis.
(5) Databases are automatically backed up, and may be backed up on an ad-hoc basis as well.
(6) Traffic logs are often backed up by being sent to a local SIEM for storage.
Datacentre setup
  • Multiple datacentres with disaster recovery
  • Single datacentre with multiple copies
Scheduling backups
Supplier controls the whole backup schedule
Backup recovery
Users contact the support team

Data-in-transit protection

Data protection between buyer and supplier networks
  • Private network or public sector network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
Data protection within supplier network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

Guaranteed availability
Dispel will maintain at least 99.9% Uptime for Online Service hosted by Dispel and at least 99% Uptime for Network Service hosted by Dispel (“Service Levels”). The Uptime calculation for each Service Feature that may be included with the applicable Services is described below (“Uptime Calculation”). If Dispel does not meet a Service Level in any calendar quarter during the applicable Order Term, Customer will be entitled to receive service credit to Customer’s account (“Service Credits”) based on a pre-specified policy (“Service Credits Calculation”).

If Dispel does not meet a Service Level, Customer may redeem any applicable Service Credits only upon written request to Dispel within thirty (30) days of the end of the calendar quarter in which Dispel failed to meet the Service Level. Written requests for Service Credits redemption must be sent to Dispel Support. Service Credits may take the form of a credit to Customer's account, cannot be exchanged into a cash amount, are limited to a maximum of ninety (90) days of paid service per calendar quarter, require Customer to have paid all outstanding invoices, and expire upon expiration or termination of Customer's agreement with Dispel.
Approach to resilience
Resilience is built into our Moving Target Defense posture. Further information is available on request, but at a high level, our infrastructure is (1) Cloud agnostic, (2) data centre agnostic, (3) disposable, and (4) rebuilds in approximately 10-30 minutes depending on configuration. These capabilities allow for single tenant deployments that are fully segmented from one another and can be resilient to geographic or even cloud provider-level outages.
Outage reporting
Dispel's team actively monitors customer deployments. If we identify any outages, including those isolated to a single network, our team provides email alerts to all relevant stakeholders.

Identity and authentication

User authentication
  • 2-factor authentication
  • Identity federation with existing provider (for example Google apps)
  • Dedicated link (for example VPN)
  • Username or password
Access restrictions in management interfaces and support channels
MFA on all administrative console logins.
Backend infrastructure limited to isolated network with access brokered
by individual, certificate-based encrypted connections.

Support communication channels are protected with MFA logins and remote support tunnels to deployed wickets are initiated from the wicket in an outbound-only fashion.
Access restriction testing frequency
At least every 6 months
Management access authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Username or password
Devices users manage the service through
Directly from any device which may also be used for normal business (for example web browsing or viewing external email)

Audit information for users

Access to user activity audit information
Users have access to real-time audit information
How long user audit data is stored for
User-defined
Access to supplier activity audit information
Users have access to real-time audit information
How long supplier audit data is stored for
User-defined
How long system logs are stored for
User-defined

Standards and certifications

ISO/IEC 27001 certification
Yes
Who accredited the ISO/IEC 27001
A-LIGN Assurance
ISO/IEC 27001 accreditation date
(Pending Audit)
What the ISO/IEC 27001 doesn’t cover
N/A
ISO 28000:2007 certification
No
CSA STAR certification
No
PCI certification
No
Cyber essentials
No
Cyber essentials plus
No
Other security certifications
Yes
Any other security certifications
SOC 2 (Pending Audit)

Security governance

Named board-level person responsible for service security
Yes
Security governance certified
No
Security governance approach
Dispel aligns its security governance standards to IEC/ISO 27001 and SOC 2. Dispel is currently undergoing its audit for certification.
Information security policies and processes
Dispel maintains an information security policy aligned to SOC 2 2017, ISO 27001 v2013, and HIPAA security controls. Dispel partnered with Drata to perform an independent review of Dispel's conformance to applicable security controls. Drata continuously monitors the company's policies, procedures, and IT infrastructure ensuring adherence.

To do this, Drata connects directly to the company's infrastructure accounts, version control and developer tools, task trackers, endpoints, hosts, HR tools, and internal policies. Drata then continuously monitors these resources to determine if the company meets defined framework standards.

Dispel controls include: Acceptable Use Policy, Annual Penetration Tests, Annual Risk Assessment, Background Checks, Backup Policy, BCP/DR Tests Conducted Annually, Code of Conduct, Code Review Process, Contractor Requirements, Cryptography Policies, Customer Data Policies, Data Protection Policy, Disaster Recovery Plan, Disclosure Process for Customers, Disposal of Sensitive Data on Hardware, Encryption Policy, Firewalls, Incident Response Plan, Information Security Policy, Least-Privileged Policy for Customer Data Access, Logging/Monitoring, Login Password, MFA on Accounts, Multiple Availability Zones, Password Policy, Physical Security, Remediation Plan, Risk Assessment Policy, Security Policies, Security Team/Steering Committee, Security Training, SLA for Security Bugs, Software Development Life Cycle Policy, System Access Control Policy, Unique Accounts Used, Version Control System, and Web Application Firewall.

Operational security

Configuration and change management standard
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Configuration and change management approach
Dispel's Software Development Life Cycle (SDLC) Policy governs change management at the Company. This policy establishes and maintains processes for ensuring that its computer applications or systems follow an SDLC process which is consistent and repeatable, and maintains information security at every stage.

Information security implications are addressed and reviewed regularly, and responsibilities for information security are defined and allocated to the roles defined in the project management methods. Secure system principles fall within four categories; Business, Data, Application, and Technology.
Vulnerability management type
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Vulnerability management approach
Dispel's Vulnerability Management Policy requires all product systems must be scanned for vulnerabilities at least annually; all vulnerability findings must be reported, tagged, and tracked to resolution in accordance with the SLAs defined herein; and records of findings must be retained for at least 5 years. The Policy dictates how we assess potential threats to the Company's services, how quickly patches are deployed, and where we receive information on threats from.
Protective monitoring type
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Protective monitoring approach
Dispel uses a shared security responsibility model for monitoring. Dispel uses public cloud providers such as Amazon Web Services, who monitor their infrastructure. We also use Heroku, who provide security monitoring of their platform. We provide tools to our customers which allow for logging and monitoring of activity within the system.
Incident management type
Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
Incident management approach
Dispel uses an Incident Response Plan conformant with SOC 2 Criteria: CC2.2, CC2.3, CC4.2, CC5.1, CC7.3, CC7.5, CC9.1; and ISO 27001 Annex A: A.16. Dispel's security incident response policy is intended to establish controls to ensure detection of security vulnerabilities and incidents, as well as quick reaction and response to security breaches. This policy requires that all users report any perceived or actual information security vulnerability or incident as soon as possible.

Secure development

Approach to secure software development best practice
Conforms to a recognised standard, but self-assessed

Separation between users

Virtualisation technology used to keep applications and users sharing the same infrastructure apart
Yes
Who implements virtualisation
Supplier
Virtualisation technologies used
Other
Other virtualisation technology used
Cloud providers (Azure or AWS for example). For local virtual appliances, the hypervisor is customer dependent.
How shared infrastructure is kept separate
Dispel networks are single-tenant for any given customer and are built in the cloud provider/datacentre defined by the customer. Each user is given a single-tenant virtual desktop for their remote access connection.

Energy efficiency

Energy-efficient datacentres
Yes
Description of energy efficient datacentres
They meet guidelines for the European Code of Conduct for Energy Efficiency in Data Centres.
(AZURE) https://blogs.microsoft.com/eupolicy/2021/05/20/microsoft-azure-adheres-to-the-eu-cloud-code-of-conduct/
(GCP) https://cloud.google.com/security/compliance/eu-cloud-code-of-conduct
(AWS) https://sustainability.aboutamazon.com/environment/the-cloud

Social Value

Fighting climate change

Fighting climate change

To learn more about Dispel's Environment & Sustainability Statement, please visit: https://legal.dispel.io/social/environment-and-sustainability

Dispel understands that its operations have an environmental impact. From our travel to meet with clients, to running cloud data centers, our daily activities create GHG. The continued robust increase in GHGs in the atmosphere is currently the primary force in climate change (IPCC, 2014). Our climate change mission is therefore to measure our impact on GHG, reduce where we can, and offset through carbon capture an equivalent or greater amount of GHG to those we cannot eliminate. As a tech company our climate impact is relatively minimal compared to other industries. Clients use our products as an environmental alternative to older business practices. It is, after all, better for the earth to log on rather than drive to a site. Nevertheless, the individual contributions toward and prioritization of the environment at all companies helps society grapple with climate change.

Dispel has a five step climate strategy: 1) Define, 2) Measure, 3) Target, 4) Reduce, and 5) Communicate. In addition to our own climate goals and practices, Dispel’s products help companies achieve carbon neutrality by reducing their need for travel, hardware, and shipping. Remote access to industrial control systems obviates the need for plant managers and third-party vendors to fly or drive to sites. Dispel virtual desktops eliminate the need for buying, shipping, and disposing of laptops for plant commissioning events and “for SCADA use only” cybersecurity framework compliance.
Covid-19 recovery

Covid-19 recovery

Dispel's remote access allows operational environments and critical infrastructure to continue functioning during remote work. By allowing secure remote access, we are helping slow COVID spread, allowing users to stay home but still do their job.
Tackling economic inequality

Tackling economic inequality

For a complete overview of Dispel's Diversity, Equity & Inclusion practices, please visit https://legal.dispel.io/social/diversity-equity-and-inclusion

Dispel is committed to complying with all federal, state, and local equal employment laws. To that end, the company is dedicated to maintaining a work environment that is free from harassment and discrimination on the basis of age, race, creed, color, national origin (including ancestry), religion, gender or sex, sexual orientation (including transgender status, gender identity or expression), pregnancy (including childbirth, lactation, and related medical conditions), alienage or citizenship status (unless required by law), disability, reproductive health decision making (including, but not limited to, the decision to use or access a particular drug, device, or medical service), marital status, partnership status, caregiver status, domestic violence victim status, familial status, military status, unemployment status, genetic information (including genetic characteristics), or any other protected status under federal, state, or local laws. The company is dedicated to the fulfillment of this policy with respect to all aspects of employment, including, but not limited to, recruiting, hiring, placement, transfer, training, promotion, compensation, termination, and all other terms, conditions, and privileges of employment.

Building a company community requires people, which means hiring them. We pride ourselves on a highly motivated, competitive culture solving complex and challenging problems. Our products and technology help defend against sophisticated and well-funded adversaries. Dispel maintains programs supporting underrepresented communities (URC), women, Indigenous Americans, and the LGBTQ+ community.
Equal opportunity

Equal opportunity

Dispel is committed to complying with all federal, state, and local equal employment laws. To that end, the Company is dedicated to maintaining a work environment that is free from harassment and discrimination on the basis of age, race, creed, color, national origin (including ancestry), religion, gender or sex, sexual orientation (including transgender status, gender identity or expression), pregnancy (including childbirth, lactation, and related medical conditions), alienage or citizenship status (unless required by law), disability, reproductive health decision making (including, but not limited to, the decision to use or access a particular drug, device, or medical service), marital status, partnership status, caregiver status, domestic violence victim status, familial status, military status, unemployment status, genetic information (including genetic characteristics), or any other protected status under federal, state, or local laws. The Company is dedicated to the fulfillment of this policy with respect to all aspects of employment, including, but not limited to, recruiting, hiring, placement, transfer, training, promotion, compensation, termination, and all other terms, conditions, and privileges of employment.

The Company will conduct a prompt and thorough investigation of all allegations of discrimination, harassment, or retaliation, or any violation of the Equal Employment Opportunity Policy in a confidential manner. The Company will take appropriate corrective action, if and where warranted. The Company prohibits retaliation against employees who provide information about, complain about, or assist in the investigation of any complaint of discrimination or violation of the Equal Employment Opportunity Policy.

The Company encourages employees to report incidents of discrimination and harassment internally. Employees who believe they have been subjected to discrimination or harassment in the workplace, consistent with N.Y. Lab. Law § 203-E, also may seek relief by filing a complaint with the New York Division of Human Rights and the U.S. Equal Employment Opportunity Commission (EEOC).
Wellbeing

Wellbeing

Dispel maintains a robust and competitive wellness and benefits program for all its employees. The Company provides comprehensive medical, dental, vision; life, long-term disability, and short-term disability insurance; a company-matching 401k retirement plan; generous unlimited PTO for vacation; education support for professional improvement supporting company goals; wellness time for physical fitness; and an option pool to give employees a stake in the company's long-term vision.

You can see reviews from Dispel's employees on Glassdoor: https://www.glassdoor.com/Reviews/Dispel-Reviews-E7142963.htm

Pricing

Price
£25,000 a unit a year
Discount for educational organisations
No
Free trial available
Yes
Description of free trial
Dispel offers full-featured 6-week pilot deployments at a single site. After the pilot period, the deployment rolls over into the contracted production deployment.

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at llyr.garner@dispel.com. Tell them what format you need. It will help if you say what assistive technology you use.