Lookout Security Service Edge SSE - From HANDD Business Solutions

Service scope

Software add-on or extension: Yes, but can also be used as a standalone service
What software services is the service an extension to: On premise DLP, Data Classification tools, SIEM/SOAR
Cloud deployment model: Public cloud
Service constraints: N/A
System requirements: N/A

User support

Email or online ticketing support: Email or online ticketing
Support response times: 30 minutes to 8 hours depending on issue severity.
User can manage status and priority of support tickets: Yes
Online ticketing support accessibility: None or don’t know
Phone support: Yes
Phone support availability: 24 hours, 7 days a week
Web chat support: No
Onsite support: Yes, at extra cost
Support levels: HANDD provide bespoke configuration, support, management and managed service offerings depending on size and complexity. Vendor support is included in th costs provided
Support available to third parties: Yes

Onboarding and offboarding

Getting started: Customers will have access to a dedicated support portal containing but not limited to: Documentation and deployment guides, Elearning and videos, test plans and internal roll out communications.
Service documentation: Yes
Documentation formats: HTML

PDF
End-of-contract data extraction: Lookout does not store sensitive customer data within the solution, deleting all customer meta data according to the data retention period configured by the customer. Data retention can be configured between 3 & 36 months.
End-of-contract process: Upon contract termination the customer tenat with its accociated data are deleted.

Using the service

Web browser interface: Yes
Supported browsers: Internet Explorer 11

Microsoft Edge

Firefox

Chrome

Safari

Opera
Application to install: Yes
Compatible operating systems: Android

IOS

MacOS

Windows
Designed for use on mobile devices: Yes
Differences between the mobile and desktop service: N/A
Service interface: Yes
User support accessibility: None or don’t know
Description of service interface: Lookout Cloud Security provides a single pane of glass approach to management with the web based GUI designed to provide all administrative and investigative features within a single UI. Accessable globally in a responsive design, the intuitive user experience lets authorised users access the management console for any type of role, including:
System Administrator
Key Administrator
Application Administrator
Read Only User
Compliance User
Accessibility standards: None or don’t know
Description of accessibility: N/A
Accessibility testing: N/A
API: Yes
What users can and can't do using the API: Lookout SSE provides various enterprise intergrations that enhance the overall security posture of an organisation:
Threat management/sandboxing
Enterprise DLP
Enterprise Mobility
Endpoint protection
SIEM
SSO
Data Clasification
User Directory
Log agents
Open API
Notification
Maxmind

In addition to the ability to intergrate into external services Lookout provides inbound intergrations via API. The following usecases are typically associated with the use of the HTTPS RESTful API:
Create Category
List all categories
Get category
add values to a category
Revove values from a category
Reset category
Insights API: entity type, entity ID, result type (device, location, application, content, user) time
Profile user: Get user, create user, Remove user (user email, user risk rating)
Admin audit: Timestamp, auth user, source IP, sub system, action, target type, target name
API documentation: Yes
API documentation formats: Open API (also known as Swagger)
API sandbox or test environment: Yes
Customisation available: Yes
Description of customisation: The Lookout Cloud Security Platform is highly customisable. Customisations can be carried out be authourised user/administrators through the web management console. The following aspects are customisable:
Logo / Org name
Reports
Notifications (pop-ups, emails, slack bots, messages, alerts, remediation pages)
Security Policies
Enterprise Intergrations
Dashboards
Traffic steering Policies
Environments / Nodes

Scaling

Independence of resources: The solution has been designed with the following principles to ensure that users aren't effected by demandon the service. The solution supports true cloud principles with auto-scaling capabilities with the infrastructure implemented using cloud native technologies such as micro-services, virtualisation, containerisation, message brokers, elastic load balancers and data lakes. Each of the components within the solution are designed to scale as and when required.

Analytics

Service usage metrics: Yes
Metrics types: They are available within the Management Console (real time dashboard) enabling authourised users to access license usage and licence availability. Fleet deployment status is available via API into the EMM/MDM or via open RESTful API.
Reporting types: API access

Real-time dashboards

Regular reports

Reports on request

Resellers

Supplier type: Reseller providing extra features and support
Organisation whose services are being resold: We sell our own Professional services including pre/post-sales support

Staff security

Staff security clearance: Conforms to BS7858:2019
Government security clearance: Up to Developed Vetting (DV)

Asset protection

Knowledge of data storage and processing locations: Yes
Data storage and processing locations: United Kingdom

European Economic Area (EEA)

Other locations
User control over data storage and processing locations: Yes
Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency: At least every 6 months
Penetration testing approach: Another external penetration testing organisation
Protecting data at rest: Physical access control, complying with CSA CCM v3.0

Physical access control, complying with SSAE-16 / ISAE 3402

Physical access control, complying with another standard

Encryption of all physical media
Data sanitisation process: Yes
Data sanitisation type: Deleted data can’t be directly accessed
Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data export approach: All telemetry that is provided through the Lookout Cloud Security Platform can be exported via the web based management console GUI, exported as reports/CSV or accessed through the various enterprise/API intergrations.
Data export formats: CSV

Other
Other data export formats: HTTPS API

PDF
Data import formats: CSV

Other
Other data import formats: HTTPS API

Data-in-transit protection

Data protection between buyer and supplier networks: TLS (version 1.2 or above)
Data protection within supplier network: TLS (version 1.2 or above)

Other
Other protection within supplier network: The generation, storage and management of data encryption keys is done via Amazon KMS. Lookout uses a transparent data encryption equivilent in our databases (RDS managed encryption)
All local administrator account passwords are securely stored, encrypted and hashed.

Availability and resilience

Guaranteed availability: 99.9% for administrative
99.99% for traffic handling services
Processing latency - 95th percentile of the proccessing time not including the time taken by external clouds - Encypted Traffic < 60ms - Non encrypted traffic < 50ms
Onramp time - Traffic for worldwide users to ingress (on-ramp) onto service - 80% of users < 25ms - 100% of users < 100ms
Approach to resilience: Available upon request and signed NDA.
Outage reporting: Email notification, public dashboard.

Identity and authentication

User authentication needed: Yes
User authentication: 2-factor authentication

Identity federation with existing provider (for example Google Apps)

Username or password
Access restrictions in management interfaces and support channels: Access to the management console is restricted using SAML intergration to an existing IDP, or username, password and MFA for local accounts. Role Based Access Contral limits permissions available to users with 6 roles available from Full Access to Read Only access. Non administrative users do not have access to the management console.
Access restriction testing frequency: At least every 6 months
Management access authentication: 2-factor authentication

Identity federation with existing provider (for example Google Apps)

Username or password

Audit information for users

Access to user activity audit information: Users have access to real-time audit information
How long user audit data is stored for: User-defined
Access to supplier activity audit information: Users have access to real-time audit information
How long supplier audit data is stored for: User-defined
How long system logs are stored for: User-defined

Standards and certifications

ISO/IEC 27001 certification: Yes
Who accredited the ISO/IEC 27001: Shellman & Company, LLC
ISO/IEC 27001 accreditation date: https://public-profile.whistic.com/4a2175f5-4cce-bc91-a703139bb6f2
What the ISO/IEC 27001 doesn’t cover: https://public-profile.whistic.com/4a2175f5-4cce-bc91-a703139bb6f2
ISO 28000:2007 certification: No
CSA STAR certification: Yes
CSA STAR accreditation date: See link below.
CSA STAR certification level: Level 1: CSA STAR Self-Assessment
What the CSA STAR doesn’t cover: https://public-profile.whistic.com/4a2175f5-4cce-bc91-a703139bb6f2
PCI certification: Yes
Who accredited the PCI DSS certification: See link below
PCI DSS accreditation date: See below link.
What the PCI DSS doesn’t cover: https://public-profile.whistic.com/4a2175f5-4cce-bc91-a703139bb6f2
Cyber essentials: Yes
Cyber essentials plus: No
Other security certifications: Yes
Any other security certifications: SOC2

GDPR

FedRAMP

StateRAMP

CCPA

EU-US Privacy Shield

Security governance

Named board-level person responsible for service security: Yes
Security governance certified: Yes
Security governance standards: ISO/IEC 27001

Other
Other security governance standards: SOC2
FedRAMP
StateRAMP
Cyber Essentials
CCPA
EU-US Pricacy Shield
GDPR
Information security policies and processes: To be shared upon signiture of NDA

Operational security

Configuration and change management standard: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Configuration and change management approach: Lookout treats security as an essential part of the design and implimentation. Lookout security, developers and other technical staff apply information security engineering principles in the specification, design, development, implementation and mobification of the infomation system by following the Lookout SDLC and industry standard security principles. Lookout implements a defense in depth security engineering philosophy. Futher detail is available on proceedures and technology implemented upon request.
Vulnerability management type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Vulnerability management approach: Lookout treats security as an essential part of the design and implimentation. Lookout security, developers and other technical staff apply information security engineering principles in the specification, design, development, implementation and mobification of the infomation system by following the Lookout SDLC and industry standard security principles. Lookout implements a defense in depth security engineering philosophy. Futher detail is available on proceedures and technology implemented upon request.
Protective monitoring type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Protective monitoring approach: Lookout treats security as an essential part of the design and implimentation. Lookout security, developers and other technical staff apply information security engineering principles in the specification, design, development, implementation and mobification of the infomation system by following the Lookout SDLC and industry standard security principles. Lookout implements a defense in depth security engineering philosophy. Futher detail is available on proceedures and technology implemented upon request.
Incident management type: Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
Incident management approach: Lookout treats security as an essential part of the design and implimentation. Lookout security, developers and other technical staff apply information security engineering principles in the specification, design, development, implementation and mobification of the infomation system by following the Lookout SDLC and industry standard security principles. Lookout implements a defense in depth security engineering philosophy. Futher detail is available on proceedures and technology implemented upon request.

Secure development

Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

Connection to public sector networks: Yes
Connected networks: Other
Other public sector networks: Any internet connected solution

Social Value

Equal opportunity

HANDD’s Equal Opportunities Policy The aim of this policy is to communicate the commitment of the Board and management to the promotion of equality of opportunity in HANDD Business Solutions. It is our policy to provide equality of staff membership to all, irrespective of: gender, including gender reassignment marital or civil partnership status having or not having dependents religious belief or political opinion race (including colour, nationality, ethnic or national origins, being an Irish traveller) disability sexual orientation age We are opposed to all forms of unlawful and unfair discrimination. All members of the organisation will be treated fairly and will not be discriminated against on any of the above grounds. Decisions on membership, selection for office, training or any other benefit will be made objectively, without unlawful discrimination, and based on aptitude and ability. To request a copy of this policy please email careers@handd.co.uk

Pricing

Price: £24 a user a year
Discount for educational organisations: Yes
Free trial available: Yes
Description of free trial: Short term bespoke, limited rollout, Proof of Concepts can be made available and individual device versions. Extended PoC and paid PoC's also available on request

Lookout Security Service Edge SSE - From HANDD Business Solutions

Features

Benefits

Service documents

Framework

Service ID

Contact

Service scope

User support

Onboarding and offboarding

Using the service

Scaling

Analytics

Resellers

Staff security

Asset protection

Data importing and exporting

Data-in-transit protection

Availability and resilience

Identity and authentication

Audit information for users

Standards and certifications

Security governance

Operational security

Secure development

Public sector networks

Pricing

Service documents

Cookies on Digital Marketplace

Lookout Security Service Edge SSE - From HANDD Business Solutions

Features

Benefits

Pricing

Service documents

Framework

Service ID

Contact

Service scope

User support

Onboarding and offboarding

Using the service

Scaling

Analytics

Resellers

Staff security

Asset protection

Data importing and exporting

Data-in-transit protection

Availability and resilience

Identity and authentication

Audit information for users

Standards and certifications

Security governance

Operational security

Secure development

Public sector networks

Social Value

Pricing

Service documents