e2e-assure Ltd

e2e Cloud Protective Monitoring and SOC Service

Incident Response, Case Management, log event alert monitoring, GPG-13, threat intelligence, darkweb, IPS/IDS, traffic analysis, SOC, CERT, Reporting, Collaboration, packet capture, Audit Compliance, EDR, MDR, XDR, NDR, TDR, Privileged User, MDM, Vulnerability Assessment, Cloud Security, Sentinel, Defender, MDE, MCAS, Azure, AWS, CloudTrail, CloudWatch, GuardDuty, Security Hub, GCP, Google WorkSpace, Oracle

Features

• Continuous Cyber Defence Protective Monitoring with alerts and incident response/MDR/EDR
• Multiple delivery models including Private/Public and Hybrid Cloud, Sentinel option
• SOC/virtual SOC/CERT functions 24/7 SC Cleared UK staff UK Datacentres
• Integrated threat and risk modelling with Security Analysis and Reporting
• Provides context and situational awareness to allow confident response decisions
• Integrated dynamic asset management and network discovery
• Log event correlation and analysis, monitors mobile users and devices
• NDR, Deep Packet Inspections, IDS, vulnerability scanning, blacklist monitoring
• Privileged User monitoring, Collaboration and continuous service improvement
• Consumes Darkweb/Threat Intelligence from open and commercial sources

Benefits

• Reduced cost of security monitoring, increased security coverage
• End-to-end business security confidence and essential security audit assurance
• Centralised integrated security knowledge repository with enhanced anomaly detection
• Triage and analysis services identify threats before they become incidents
• Alerting, expert advice and evidence of potential and verified threats
• Agile, adaptive cloud-aware service secures your journey to the cloud
• Dynamically discover assets, learn what is connected to every system
• Threat Detection, Attack Disruption and Response
• Flex your service level during important times or increased threats
• Standards compliance ISO27001:2022, Cyber Essentials Plus, PCI NCSC CSP compliant

£2.85 to £75 a device a month

• Education pricing available

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at mark.peart@e2e-assure.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

826745075735555

Contact

Mark Peart
07860 545078
mark.peart@e2e-assure.com

Service scope

• Software add-on or extension: Yes, but can also be used as a standalone service
• What software services is the service an extension to: E2e Vulnerability Scanning Service, Dark Web External Threat Intelligence Service
• Cloud deployment model:
  • Public cloud
  • Private cloud
  • Community cloud
  • Hybrid cloud
• Service constraints: See Service Definition
• System requirements: See Service Definition

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Dependent on agreed service level
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: None or don’t know
• Phone support: Yes
• Phone support availability: 24 hours, 7 days a week
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: See SLA information in Service Definition
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: See Terms and Conditions
• Service documentation: Yes
• Documentation formats: PDF
• End-of-contract data extraction: All customer data will be removed. The customer is expected to migrate their own data out of the service prior to the end of the service (if applicable). Optionally we can also migrate the data out of the service (such as historical access logs) on a time and material basis.
• End-of-contract process: Off-boarding is included with the following scope: all user access will be revoked and any components containing customer data will be removed and securely wiped.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Microsoft Edge
  • Chrome
• Application to install: Yes
• Compatible operating systems:
  • Android
  • IOS
  • Linux or Unix
  • MacOS
  • Windows
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: None
• Service interface: Yes
• User support accessibility: WCAG 2.1 AA or EN 301 549
• Description of service interface: Portal access and e2e-assure Teams App
• Accessibility standards: WCAG 2.1 AA or EN 301 549
• Accessibility testing: Carried out with one of our central government customers
• API: No
• Customisation available: Yes
• Description of customisation: Alerting rules and playbooks are customisable by authorised users

Scaling

• Independence of resources: Capacity Management and design of cloud systems. Use of dedicated resources for each customer.

Analytics

• Service usage metrics: Yes
• Metrics types: Detailed reports including SLA metrics, Incidents, tickets
• Reporting types:
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Conforms to BS7858:2019
• Government security clearance: Up to Developed Vetting (DV)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: Yes
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least once a year
• Penetration testing approach: ‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
• Protecting data at rest:
  • Physical access control, complying with CSA CCM v3.0
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Encryption of all physical media
  • Scale, obfuscating techniques, or data storage sharding
• Data sanitisation process: Yes
• Data sanitisation type: Explicit overwriting of storage before reallocation
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

• Data export approach: N/a
• Data export formats: CSV
• Data import formats: CSV

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

• Guaranteed availability: See Service Description
• Approach to resilience: All e2e services operated from UK datacentres in three regions (England, Scotland and Wales) with multiple power and Internet Service Providers to ensure resilience. Individual service resilience may be dependent upon the Service Level that is ordered for each service.
• Outage reporting: An incident management and response process will be agreed with each customer with email and phone alerting processes as required.

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Username or password
• Access restrictions in management interfaces and support channels: If required, support channels will agree processes for authenticating users including names users/account and the use of agreed passcodes.
• Access restriction testing frequency: At least once a year
• Management access authentication: 2-factor authentication

Audit information for users

• Access to user activity audit information: Users contact the support team to get audit information
• How long user audit data is stored for: At least 12 months
• Access to supplier activity audit information: Users contact the support team to get audit information
• How long supplier audit data is stored for: At least 12 months
• How long system logs are stored for: At least 12 months

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: BSI - Certificate Number IS 620531
• ISO/IEC 27001 accreditation date: Effective date 17/07/2021
• What the ISO/IEC 27001 doesn’t cover: The whole organisation and all services are covered
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: No
• Cyber essentials plus: Yes
• Other security certifications: Yes
• Any other security certifications:
  • Classified Material Assessment Toolkit (CMAT) inspections at DCs
  • CREST SOC Service (in progress, please check for confirmation)

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: ISO/IEC 27001
• Information security policies and processes: This is detailed in our ISO 27001:2013 documentation and a full RMADS for all services

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: All changes are documented and managed via the internal ticket system. A Separate test environment is used to ensure changes tested prior to being applied to the ‘live environment’. All changes reviewed and approved by appropriate senior staff prior to implementation to ensure they do not compromise security controls.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: All services are assess as a part of the e2e Accreditation Framework with a full IS1/2 risk assessment provided as part of the RMADS. ; e2e provide comprehensive and detailed protective monitoring services independently for customer environments and all service offerings. ; Critical security patches are typically deployed within 8 hours.; e2e ; As well as ingesting intelligence which is used by our toolsets and rules engines, threat intelligence is can also be consumed from CERT-UK, CiSP, other Service Providers and from the NCSC
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: E2e provide comprehensive and detailed protective monitoring services independently for customer environments and all service offerings. The capability provides a comprehensive set of tool-sets to proactively defend customers and services; This includes: ; Proactive Cyber Defence and Enterprise Risk Management; Integrated Enterprise wide coverage with Flexible Log Management, Network Discovery, Asset Management, Traffic Flow Analysis; NIDS, Packet Capture, Packet Analysis, Internal and External Vulnerability scanning,; Threat Intelligence and Proactive Incident Response. ; All incidents will follow a predefined incident response playbook with fully automated and manual response actions. Typical response time is 15 minutes.
• Incident management type: Supplier-defined controls
• Incident management approach: E2e have a range of operational service levels that can be provided to customers. These range from carrying out initial triage and incident prioritisation through to full Incident Management. e2e can run Incident Response through to conclusion should that be required by its customers. Reporting of incidents can be though email or phone and depneding upon the service, email reports can be provided or access to the on line ticketing and incident portal is provided.

Secure development

• Approach to secure software development best practice: Supplier-defined process

Public sector networks

• Connection to public sector networks: Yes
• Connected networks:
  • Public Services Network (PSN)
  • Joint Academic Network (JANET)

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Equal opportunity
  • Wellbeing

  Fighting climate change

  We will seek to reduce the amount of energy and water used as much as possible, ensuring lights and electrical equipment will be switched off when not in use, we will use blinds or opening windows to control the office temperature whenever possible, rather than air conditioning or heating, heating will be adjusted with energy consumption in mind.; We will evaluate the environmental impact of any new products we intend to purchase, including transport costs and favour those which are more environmentally friendly whenever possible. The energy rating of all appliances will be a factor in purchasing decisions and will reuse and recycle everything we are able to. ; We will reduce the need to travel, restricting to necessary trips only and promote the use of travel alternatives such as e-mail or video/phone conferencing. We will make efforts to accommodate the needs of those using public transport or bicycles and encourage lift sharing where possible. ; We will encourage all our customers, partners and suppliers to consider their environmental impact and work to reduce it. ; We will comply with and exceed all relevant regulatory requirements continually improving and monitoring environmental performance and impacts and incorporate environmental factors into business decisions sharing our environmental policy with suppliers, contractors and sub-contractors and ensure that they work within it on all our contracts. We will work with them to improve their environmental performance.; We will continually review our performance and see how further emissions can be reduced or off set. ; We work to increase employee awareness through training and involve staff in the implementation of this policy, for greater commitment and improved performance. ; We look to use local labour and materials where available to reduce CO² and help the community.

  Equal opportunity

  At e2e-assure we are committed to fostering a diverse and inclusive environment. Here are the key approaches and strategies that we implement: ; 1. Unconscious Bias Training: We conduct unconscious bias and neurodiversity awareness training for employees at all levels to raise awareness and foster a more inclusive culture. This training helps individuals recognise their own biases and make more objective decisions, leading to fairer hiring practices and opportunities for underrepresented groups.; 2. Diverse Recruitment Efforts: We actively seek out diverse talent and ensure an inclusive recruitment process. We partner with recruitment agencies who are committed to diversity, equity and inclusion, attend job fairs focused on underrepresented groups, and use inclusive language in our job postings to attract candidates from diverse backgrounds.; 3. Employee Resource Groups (ERGs): We establish ERGs within the company to provide a platform for employees to connect and support one another based on shared identities or experiences. These groups foster a sense of belonging and provide a space for underrepresented employees to have their voices heard.; 4. Mentoring and Sponsorship Programs: We implement mentoring and sponsorship programs that pair underrepresented employees with experienced leaders. These programs break down barriers and provide opportunities for professional growth, showcasing our dedication to supporting diverse talent and ensuring equal access to advancement opportunities.; 5. Diversity Metrics and Reporting: We track diversity metrics and regularly report progress and goals to hold ourselves accountable. Sharing this data transparently, both internally and externally, demonstrates our commitment to promoting diversity and inclusion and allows for ongoing evaluation and adjustments to our strategies.

  Wellbeing

  E2e-assure considers the wellbeing of its staff to be a priority. There are various ways in which this manifests itself. A key factor of this is ensuring that all staff are paid well over the national living wage and are fairly rewarded for the work they perform. We have recently increased salaries, in response to feedback from staff, to reflect the spiralling cost of living, which was causing concern for many people. We also provide staff with a counselling service should they feel under pressure for financial reasons. Other benefits to staff include enhanced holiday, sickness, paternity and maternity support to provide adequate rest and respite at key times.; Other initiatives that support the wellbeing of e2e-assure staff include an Employee Assistance Program consisting of telephone counselling for employees and their family members, access to a wellbeing app and online portal. We also encourage staff to participate in our Cycle to Work scheme to promote physical fitness.; E2e-assure benefits from employing a high percentage of neuro-diverse staff and these are supported through specialist programs to help them in their personal lives and professional lives, we also provide enhanced neuro-diversity training to all line managers to ensure a supportive and safe environment for these people.; E2e-assure promotes flexible working for all staff to enable them to create a good work/ life balance and to support employee wellbeing. All staff are able to work from home when necessary, however, we also allow staff to make flexible working requests as soon as they join our business and are able to provide flexibility regarding working part time or working unusual hours should staff request such measures.

Pricing

• Price: £2.85 to £75 a device a month
• Discount for educational organisations: Yes
• Free trial available: No

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at mark.peart@e2e-assure.com. Tell them what format you need. It will help if you say what assistive technology you use.