2T Security Ltd

Devo (Cloud Native Logging & Security Analytics)

Devo is a cloud-native logging and security analytics platform that releases the potential of your data to empower bold, confident action when it matters most. The Devo platform delivers real-time visibility, high-performance analytics, scalability, multitenancy, and low TCO for monitoring and securing business operations as enterprises migrate to the cloud.

Features

• Cloud-native logging
• Real-time alerting and data analytics
• Security analytics
• Real time interactive visualisation through Devo Activeboards (Dashboards)
• Rich API integration capabilities
• 400 days hot data
• Data encryption in transit and at rest
• Unlimited queries
• Unlimited user access
• Query speed independent of volume of data ingested

Benefits

• Out of the box support for hundreds of technologies
• All-inclusive license
• 24 / 7 / 365 customer support
• Support tens of terabytes per day
• Add new data sources at will
• True multi tenancy with 'SoC of SoCs' capability

£18,000 a licence a year

• Education pricing available
• Free trial available

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at tony.badsey-ellis@2t-security.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

828580957284694

Contact

Antony Badsey-Ellis
07711 037701
tony.badsey-ellis@2t-security.com

Service scope

• Software add-on or extension: No
• Cloud deployment model: Public cloud
• Service constraints: Devo is not currently optimised to work on mobile devices such as tablets or smartphones.
• System requirements:
  • Google Chrome
  • Mozilla Filefox

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: We aim to respond within one hour for critical issues
• User can manage status and priority of support tickets: No
• Phone support: Yes
• Phone support availability: 24 hours, 7 days a week
• Web chat support: No
• Onsite support: No
• Support levels: Critical – Initial Response within 2 hours - Max. Target Resolution Time 12 hours; Major – Initial Response within 4 hours - Max. Target Resolution Time 24 hours; Minor – Initial Response within 24 hours - Max. Target Resolution Time Next release
• Support available to third parties: No

Onboarding and offboarding

• Getting started: Online training is available, along with full online user documentation. ; ; Full design and implementation service is available in combination with 2T Security's 'Security Architecture' and 'Security Monitoring Consultancy' G-Cloud services.
• Service documentation: Yes
• Documentation formats: HTML
• End-of-contract data extraction: All customer data resides in cloud infrastructure, from ingestion to data deletion. Devo has a process for data deletion and termination for all customers based on contract termination across all infrastructure through Devo software services and AWS instance/storage management.
• End-of-contract process: A Devo engagement will include a number of consultancy days, for supporting client staff, as well as a subscription to the platform. The subscription is annual. We encourage customers to create a call-off contract so that they have the ability to engage us on an ad hoc basis for particularly complex integrations or migrations to alternative products. ; ; If a customer chooses not to renew their subscription they will no longer be able to use the platform

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Firefox
  • Chrome
• Application to install: No
• Designed for use on mobile devices: No
• Service interface: No
• User support accessibility: None or don’t know
• API: Yes
• What users can and can't do using the API: Devo’s APIs enable users and administrators to integrate Devo with 3rd part technologies such as SOAR or orchestration engines via an API delivered alerting mechanism. The APIs can also be used to Create/Edit/Delete Devo Alerts, run Devo Queries outside of the Devo UI and also to provision and manage users and roles with Devo; depending on customer needs and use cases this can include: ticketing/case management, CMDB and vulnerability information, or SOAR and orchestration integrations. Some examples of integrations include: PaloAlto XSOAR, Phantom, Siemplify and ServiceNow.
• API documentation: Yes
• API documentation formats:
  • HTML
  • PDF
• API sandbox or test environment: Yes
• Customisation available: Yes
• Description of customisation: Devo provides extensive customisation capability, allowing customisation of the interface, dashboards, reporting, as well data source ingestion.

Scaling

• Independence of resources: Devo scales on every component of the architecture to ensure optimal performance. Scalability is automatic in SaaS deployments in public cloud environments by adding more data nodes and meta nodes.

Analytics

• Service usage metrics: Yes
• Metrics types: Performance metrics from customers can be consumed as a data source for reporting, alerting, analytics. Devo also provides metrics around the platform's consumption and ingestion of data (EPS, throughput, storage), web response times, etc
• Reporting types:
  • API access
  • Real-time dashboards
  • Regular reports

Resellers

• Supplier type: Reseller (no extras)
• Organisation whose services are being resold: Devo

Staff security

• Staff security clearance: Staff screening not performed
• Government security clearance: Up to Developed Vetting (DV)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: European Economic Area (EEA)
• User control over data storage and processing locations: Yes
• Datacentre security standards: Managed by a third party
• Penetration testing frequency: At least every 6 months
• Penetration testing approach: Another external penetration testing organisation
• Protecting data at rest:
  • Encryption of all physical media
  • Other
• Other data at rest protection approach: All data stored at rest on data node attached storage or ephemeral storage supports cipher strength and key size appropriate with current industry standards
• Data sanitisation process: No
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

• Data export approach: Data can be exported in source format as well as JSON, CSV, TSV, or XLSX; Reports can also be printed to PDF or hard copy directly from the browser, with media style sheets ensuring correct formatting.
• Data export formats:
  • CSV
  • Other
• Other data export formats:
  • JSON
  • XML
  • Original Source format
  • XLSX
• Data import formats:
  • CSV
  • Other
• Other data import formats:
  • JSON
  • XML
  • Syslog
  • Devo has over 2000 prebuilt data parsers

Data-in-transit protection

• Data protection between buyer and supplier networks: TLS (version 1.2 or above)
• Data protection within supplier network: TLS (version 1.2 or above)

Availability and resilience

• Guaranteed availability: Service levels for Devo Platform. Devo commits to providing best efforts to achieve the following Service Levels, provided that Devo makes no such commitment in case the Service is deployed as an on-premise offering:; Uptime Service Level: Devo endeavors to provide 24/7 service availability and shall in any case make the Platform available in accordance with the uptime availability service levels set forth below in this Section a) (“Uptime”):; ● 99.85% for High Availability (HA) configuration; ● 99.00% for standard configuration
• Approach to resilience: The service is designed to be hosted on Amazon Web Services, GCP, or other cloud providers (private or public). High availability options are available as part of the architecture
• Outage reporting: Generally outages will be reported via email alerts

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Username or password
  • Other
• Other user authentication: Single Sign On
• Access restrictions in management interfaces and support channels: Client maintains full administrative rights, and can delegate this role to any number of defined users.
• Access restriction testing frequency: At least every 6 months
• Management access authentication:
  • 2-factor authentication
  • Username or password
  • Other
• Description of management access authentication: Single Sign On

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: User-defined
• Access to supplier activity audit information: Users have access to real-time audit information
• How long supplier audit data is stored for: User-defined
• How long system logs are stored for: User-defined

Standards and certifications

• ISO/IEC 27001 certification: No
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: No
• Cyber essentials plus: No
• Other security certifications: Yes
• Any other security certifications:
  • AWS service is SOC2 type II certified
  • GCP service is SOC 2 type I certified
  • Internal controls frameworks and technical controls across NIST800-53r and ISO27K
  • HIPAA HI-TECH and PCI-DSS and GDPR mapped as applicable

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: Other
• Other security governance standards: SOC 2 Type II
• Information security policies and processes: Devo map controls frameworks and technical controls across NIST 800-53r5 and ISO 27K control frameworks.; Devo are AWS SOC2 type II certified as of May, 2020, and GCP SOC 2 type I as of August 2020. ; Devo also map HIPAA HI-TECH and PCI-DSS frameworks, privacy and GDPR as applicable

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: Change control through code release in staged promotion of production cloud instances.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: Penetration tests run quarterly and on every major build of the product, as well as ongoing production environment testing
• Protective monitoring type: Undisclosed
• Protective monitoring approach: Change control through code release in staged promotion of production cloud instances.; Logging of user activity including add/modify/delete configuration changes made from UI, system, or stored data files, is audited using Devo internally. ; Query signing and log signing validation of non-repudiability of event stream.; Monthly OS, library and application patching, validation and audit –high and/or critical patches or updates patched in accordance with our SDLC and scoring for criticality.; Daily reviews focused on infrastructure, technology, performance and security logs.; Periodic user, roles and access control entitlement reviews; Time synchronization ; Virtualization Network Security; CloudWatch & CloudTrail; OSQuery/FIM ; CIS Ansible playbooks/Terraform modules
• Incident management type: Undisclosed
• Incident management approach: Incident management in the traditional sense does not apply to RiskTree, as is it a transient service used on an ad hoc basis by clients, with no data storage. If the service is unavailable when clients need to use it then we will extend the subscription period by an equivalent amount. If the service is affected by an incident then we can quickly wipe the AWS instance and restore from our original source code.

Secure development

• Approach to secure software development best practice: Supplier-defined process

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Covid-19 recovery
  • Tackling economic inequality
  • Equal opportunity
  • Wellbeing

  Fighting climate change

  At 2T Security we are fully committed to continuously improving our environmental performance, examples of which include:; 1. We assist the development of Science, Technology Engineering, and Maths (STEM) at a grassroots level and are proud to sponsor Harrington Sixth Form School who take part in the GreenPower racing series. This supports our wider sustainability aims to use renewable energy sources.; 2. Where practical, travelling via the least impactful method for a given journey e.g., rail versus flying, public transport versus car.; 3. Using ecologically friendly solutions to meet our business needs.; 4. Managing waste generated from our business operations according to the principles of reduction, re-use, and recycling.; 5. Purchasing office consumables that are from a sustainable source, reducing the reliance on single-use items, and by recycling all paper products, ink, or toner cartridges.; 6. Becoming a net producer of sustainable energy, and supplement by only purchasing energy from “green” providers.; 7. Leased or owned company cars must have zero emissions.; 8. Working with suppliers who share our environmental aims.; 9. Measuring and making public our energy consumption, generation, and environmental impact, reviewing results, and looking at how we can improve.; 10. Complying, as a minimum, with all relevant environmental legislation as well as other environmental requirements.; 11. We refine our Social Value Method Statement and associated Action Plan on a regular basis.

  Covid-19 recovery

  2T Security has worked closely with Test & Trace (now UKHSA) programme over the last 3 years, and we continue to take Covid-19 very seriously. We remain committed to the wider Covid-19 recovery and some examples of this include:; 1. SMEs were significantly impacted by Covid-19, and this is why we support local businesses and Small to Medium Enterprise (SMEs), where possible, preferring them to larger or global suppliers. ; 2. Align to the Prompt Payment Code, which ensures that SMEs are paid within 30 days of receipt of an invoice.; 3. Taking an approach that doesn't view supply chain partners just as vendors but as collaborators working towards the successful end delivery to customers, behaving responsibly and delivering with mutual respect.; 4. We refine our Social Value Method Statement and associated Action Plan on a regular basis.

  Tackling economic inequality

  At 2T Security we are fully committed to tacking economic inequality, examples of which include:; 1. Implementing strategies to benefit the lives and wellbeing of those affected by our activities within the localities and communities. We have demonstrated this by assisting the development of Science, Technology Engineering, and Maths (STEM) at a grass roots level. As such, we are proud to sponsor Harrington Sixth Form School who take part in the GreenPower racing series. GreenPower Education trust is a charity organisation seeking to kick start careers in engineering. This also supports our wider sustainability aims to use renewable energy sources.; 2. We ensure we offer fair rates of pay, above the national average and minimum requirements.; 3. Offering summer placements to university students, helping to inspire future generations.; 4. Promote workforce diversity by targeting harder-to-reach and under-represented groups and communities. ; 5. Provide accessible, entry-level employment and training opportunities for local people and develop future talent. ; 6. Promote Fairness, Inclusion, and Respect (FIR) principles.; 7. We refine our Social Value Method Statement and associated Action Plan on a regular basis.

  Equal opportunity

  At 2T Security we are fully committed to continuously improving equal opportunities, examples of which include:; 1. Providing opportunities for those disadvantaged, for example employing a Ukrainian refugee to assist us with our ISO27001 certification.; 2. Deliver with transparency, supporting knowledge sharing, improving visibility and efficiency.; 3. Value everyone’s voice, regardless of role or where they reside in the supply chain.; 4. Respect and welcome diversity, relishing difference, ensuring everyone is treated equally, underpinned by our equal opportunities and diversity policy.; 5. Collaborate with people who uphold the same social values, ethical business practices and environmental ambitions.; 6. An active participant in the CyberFirst scheme since 2019, providing experience to summer students and year-in-industry students, and recruiting graduates to support their professional cyber security journey.; 7. Proudly providing sponsorship of the CyberFirst Girls Competition 2024, supporting, and encouraging woman in Cyber careers.; 8. Our resources have experience with job coaching in the community, helping those less fortunate get back into work, something we hope to continue to build on.; 9. Providing training and qualification opportunities to our people, supporting future development and progression.; 10. Working with charities and making charitable donations, for example our recent support of Osprey Leadership foundation, who work to inspire and enable young conservation leaders.; 11. We refine our Social Value Method Statement and associated Action Plan on a regular basis.

  Wellbeing

  At 2T Security we take health and wellbeing very seriously, examples of which include:; 1. Taking an integrative approach that doesn't view supply chain partners just as vendors but as collaborators working towards the successful end delivery to customers, behaving responsibly and delivering with mutual respect.; 2. Strive to be entrepreneurial in spirit and help new organisations, as well as our people, flourish.; 3. We support a healthy work life balance, supporting our employees with families and their wellbeing, focusing on delivery outcomes above the hours spent at a desk.; 4. Look to reduce ill health and improve wellbeing, underpinned by our health and wellbeing policy.; 5. We refine our Social Value Method Statement and associated Action Plan on a regular basis.

Pricing

• Price: £18,000 a licence a year
• Discount for educational organisations: Yes
• Free trial available: Yes
• Description of free trial: Trial accounts allow usage of the Devo for a limited period of time. Right is reserved to restrict access to certain features.

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at tony.badsey-ellis@2t-security.com. Tell them what format you need. It will help if you say what assistive technology you use.