Ve3 Global Ltd

Automated Vulnerability and Penetration Testing Solution

Next-generation vulnerability management and world’s first CREST certified automated penetration testing platform performs around-the-clock penetration testing and predicts attack path scenarios. Low network footprint, discovery of vulnerabilities, testing many attack scenarios in a very short time ensuring an undisrupted network operation. Detailed reports together with proposed remediations of attack vectors.

Features

• Unique, patented machine-based Penetration Testing platform certified by CREST
• Fully built-in vulnerability scanner
• Continuous vulnerability scanning of all on-premises and in cloud devices
• Machine-based, self-learning, full scans performed in hours not weeks
• Automatically detects critical assets and mimics how hackers could compromise
• On-premise installation for data security
• Detailed reports produced with actionable vulnerabilities alerts, remediations and recommendations

Benefits

• Low network footprint on enterprise operations and critical systems
• 24/7 continuous risk assessment scanning due to patented technology
• Continuous security validation reduce attack surface, meets GDPR Article 32
• Can deploy in global, multi-site organizations,
• Run large number of scenarios in a very short time
• Information shared across sites to represent Global Attack Path Scenarios.
• Performs network infrastructure and Web application scanning
• Minimise cost and dependency on external risk validation provider
• Audits cloud migration process to assure no gaps throughout transition

£175 to £850 a unit

• Education pricing available

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at prime@ve3.global. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

855749373533040

Contact

Nikhil Alex
02045520840
prime@ve3.global

Service scope

• Software add-on or extension: No
• Cloud deployment model:
  • Private cloud
  • Hybrid cloud
• Service constraints: No
• System requirements:
  • On-premise installation of virtual appliance (e.g. datacentre)
  • RAM 8Gb, HD 100Gb, Quad-Core-Processor, 100Mb-Ethernet, ESX v5.5
  • Network connectivity between on-premise and cloud services
  • User account with administrative privileges to access assets

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Normal response times are within 2-4 hours Monday to Friday, 09:00 to 17:00. Service-Level Agreement can be negotiated, but at additional uplift in cost.
• User can manage status and priority of support tickets: No
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: Yes, at an extra cost
• Web chat support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support accessibility standard: None or don’t know
• How the web chat support is accessible: Web chat is accessible via Website
• Web chat accessibility testing: N/A
• Onsite support: Yes, at extra cost
• Support levels: Technical Support Times between 09:00 to 18:00 UK (Monday to Friday); Severity 1 - 2 hours; Severity 2 - 4 hours; Severity 3 - 8 hours; Severity 4 - 12 hours; On-demand service requests within 1 business day during the standard coverage period.
• Support available to third parties: No

Onboarding and offboarding

• Getting started: The onboarding process assistance includes, remote tutoring, professional service installation and location specific training all supported via online video conferencing and printed documentation and resources.
• Service documentation: Yes
• Documentation formats: PDF
• End-of-contract data extraction: Upon the conclusion, termination, cancellation, or expiration of the agreement, customer data stored on the appliance will be exported or returned, unless the client explicitly requests data destruction.
• End-of-contract process: All data will either be returned or destroyed once agreed with client and the application is simply uninstalled and/or deleted of the appliance.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
• Application to install: Yes
• Compatible operating systems: Linux or Unix
• Designed for use on mobile devices: No
• Service interface: No
• User support accessibility: WCAG 2.1 AAA
• API: No
• Customisation available: No

Scaling

• Independence of resources: If software platform becomes inoperable for whatever reason, either the hardware component is replaced, or the virtual machine is re-installed.

Analytics

• Service usage metrics: Yes
• Metrics types: The VE3 software platform offers pre-configured reporting templates that are flexible and customizable to meet specific needs. These templates provide management summary metrics as well as detailed insights at a granular level. Reports can be generated on a weekly, monthly, quarterly, yearly basis, or as needed, ensuring timely and relevant information for decision-making purposes.
• Reporting types:
  • API access
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

• Supplier type: Reseller providing extra features and support
• Organisation whose services are being resold: Cronus Cyber Technologies

Staff security

• Staff security clearance: Conforms to BS7858:2019
• Government security clearance: Up to Security Clearance (SC)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: Other locations
• User control over data storage and processing locations: Yes
• Datacentre security standards: Managed by a third party
• Penetration testing frequency: At least every 6 months
• Penetration testing approach: ‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
• Protecting data at rest:
  • Physical access control, complying with CSA CCM v3.0
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Physical access control, complying with another standard
  • Encryption of all physical media
  • Scale, obfuscating techniques, or data storage sharding
• Data sanitisation process: Yes
• Data sanitisation type:
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

• Data export approach: Users will be shown how to export their data into a particular file format.
• Data export formats: CSV
• Data import formats: CSV

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • Private network or public sector network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

• Guaranteed availability: The software platform is deployed to a dedicated virtual machine that is fully maintained and supported for operational efficiency to ensure a 98% availability.
• Approach to resilience: N/A
• Outage reporting: The Service desk or front desk application users are notified directly via email and additionally will be automated to enable automatic notification via a dashboard, etc.

Identity and authentication

• User authentication needed: Yes
• User authentication: Username or password
• Access restrictions in management interfaces and support channels: Full audit-trail with end-to-end encryption.
• Access restriction testing frequency: At least every 6 months
• Management access authentication: Username or password

Audit information for users

• Access to user activity audit information: You control when users can access audit information
• How long user audit data is stored for: User-defined
• Access to supplier activity audit information: You control when users can access audit information
• How long supplier audit data is stored for: User-defined
• How long system logs are stored for: User-defined

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: EGAC
• ISO/IEC 27001 accreditation date: 06/01/2024
• What the ISO/IEC 27001 doesn’t cover: N/A
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: Yes
• Other security certifications: Yes
• Any other security certifications:
  • ISO 22301
  • ISO 14000-1
  • ISO 22000-1
  • ISO 9000-1

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: No
• Security governance approach: Currently, we are adopt and are aligned to ISO/IEC 27001 and NIST Cyber Security Framework (CSF). We have a statement of intent to be ISO 27001 and ISO 90001 certified within the next 18 months.
• Information security policies and processes: The internal security organization of VE3 is structured in alignment with ISO 27001 and NIST frameworks, ensuring compliance with contractual, legal, and regulatory obligations. Our operational standards and procedures encompass various data categories, including personal, sensitive, critical, and business data, with adherence to GDPR directives and other relevant data security requirements where applicable.; ; The board holds accountability for all Governance, Risk, and Compliance obligations throughout the company. This entails overseeing regular audits, assessments, and security testing, conducted on a scheduled basis such as quarterly, bi-annually, and annually, to uphold the highest standards of security and compliance.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: The VE3 process comprises:; Version Control: Ensuring meticulous recording of all changes with a comprehensive audit and version history.; Change and Release Management: Documenting the latest version release, its contents, and detailed implementation/deployment information.; Review and Audits: Conducting thorough reviews and audits of the configuration and versioning system to ensure accuracy, correctness, and consistency.; Documentation Process: Documenting agreed-upon processes and aligning them across all teams to ensure compliance and provide oversight for implementation.; Build, Integrate, and Deploy: Utilizing either manual processes or standardized scripts to automate tasks such as building, testing, integrating, deploying, and eliminating manual errors from the process.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: INITIATE; First stage of our vulnerability management contains minimal processes and procedures with assessments and vulnerability scans.; ; MANAGED; Second stage is we define a set of procedures for vulnerability scanning which are carried out weekly and/or monthly.; ; DEFINED; Third stage the operations security team with full support from the executive team implement the appropriate end-to-end process and controls.; ; QUANTITATIVELY MANAGED; Four stage the specific attributes of a program are quantifiable and metrics are provided to the appropriate management teams.; ; OPTIMIZED; Final stage, metrics outline any continuous improvement activities to ensure continuous reduction on attack surface improving the overall security posture.
• Protective monitoring type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Protective monitoring approach: 24x7 monitoring where collected log data is generated on the key activities for both systems and users are reviewed and audited frequently, coupled with intelligent baselining and prioritisation, which enables critical alerts to be prioritised and investigated.; Regular reports and reviews to ensure the service continues to delivered to ensure expectations levels are met, meaning no event and/or incidents generated are overlooked, and alerts can be analyzed and addressed with the correct action taken.
• Incident management type: Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
• Incident management approach: The approach following a pre-defined process:; ; Incident identification; Incident logged; Incident categorisation; Incident prioritisation; Incident assessed and diagnosis; Incident escalation, if required; Incident resolution; Incident closure; ; Communication with the user community throughout the life of the incident is performed regularly. Incident management will pass to security operation to perform a root cause analysis to identify why an incident occurred. Incident management will continue to ensure the service(s) are restored within the agreed SLA.

Secure development

• Approach to secure software development best practice: Supplier-defined process

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Covid-19 recovery
  • Tackling economic inequality
  • Equal opportunity
  • Wellbeing

  Fighting climate change

  Our G-Cloud service provision is deeply committed to fighting climate change, recognizing the urgent need for collective action to address environmental challenges. Here's how our services deliver against this social value theme: ; ; Environmental Sustainability in Operations: ; ; We prioritize running efficient operations to reduce emissions and minimize environmental impacts. This includes implementing energy-efficient practices, optimizing resource usage, and adopting renewable energy sources wherever possible within our data centers and infrastructure. ; ; Promoting Sustainable Practices: ; ; VE3 actively engages with our suppliers and clients to promote sustainable business practices. Through our services, we advocate for the adoption of environmentally friendly technologies, responsible sourcing, and waste reduction strategies, thereby reducing carbon footprints across the supply chain. ; ; Responsible by Design Framework: ; ; Our G-Cloud services adhere to a 'Responsible by Design' framework, ensuring that environmental considerations are integrated into the development and deployment of digital solutions. By prioritizing environmental protection and minimizing negative impacts, we strive to deliver sustainable outcomes for our clients. ; ; Training and Education: ; ; VE3 invests in training and education programs focused on environmental sustainability. Through initiatives like the Sustainability Quotient (SQ) training, we equip our teams with the knowledge and skills to adopt climate-smart behaviors and implement environmentally conscious practices in their work. ; ; Community Engagement: ; ; We actively engage with communities to support environmental objectives and promote climate action. By partnering with local organizations and stakeholders, we contribute to initiatives aimed at addressing climate change, such as tree planting programs, clean energy projects, and environmental education campaigns.

  Covid-19 recovery

  Our G-Cloud service provision plays a crucial role in supporting the COVID-19 recovery effort by facilitating resilience, adaptation, and innovation in the face of unprecedented challenges. Here's how our services contribute to the recovery process: ; ; Remote Work Enablement: ; ; VE3's digital solutions empower organizations to transition to remote work seamlessly. By providing secure and reliable cloud-based infrastructure, collaboration tools, and remote access solutions, we enable businesses to maintain productivity while ensuring the safety and well-being of their employees. ; ; Business Continuity Planning: ; ; We assist organizations in developing and implementing robust business continuity plans to mitigate disruptions caused by the pandemic. Our services include data backup and recovery solutions, disaster recovery planning, and resilience testing to ensure operational continuity in the face of unforeseen events. ; ; Digital Transformation Acceleration: ; ; VE3 accelerates digital transformation initiatives to help organizations adapt to the new normal. By modernizing legacy systems, implementing cloud-based technologies, and digitizing processes, we enable businesses to optimize efficiency, improve agility, and remain competitive in a rapidly evolving landscape. ; ; Healthcare Support Solutions: ; ; We provide specialized healthcare support solutions to assist frontline workers and healthcare organizations in responding to the COVID-19 crisis. This includes telemedicine platforms, patient management systems, and data analytics tools to enhance patient care, streamline operations, and support decision-making processes. ; ; Economic Stimulus through Innovation: ; ; VE3 fosters innovation and entrepreneurship to stimulate economic recovery in the aftermath of the pandemic. Through our G-Cloud services, we support startups, small businesses, and enterprises in developing and deploying innovative solutions that address emerging challenges, create new opportunities, and drive economic growth.

  Tackling economic inequality

  We recognize the importance of tackling economic inequality and are committed to leveraging our G-Cloud service provision to address this pressing social issue. Here's how our services contribute to tackling economic inequality: ; ; Access to Affordable Technology: ; ; We strive to make cutting-edge technology accessible and affordable to all, regardless of economic status. By offering scalable and cost-effective cloud-based solutions, we enable organizations, including small and medium-sized enterprises (SMEs) and underserved communities, to access the tools and resources they need to compete in the digital economy. ; ; Skills Development and Training: ; ; VE3 invests in skills development and training programs to empower individuals with the knowledge and expertise needed to thrive in the digital age. Through initiatives like online courses, certifications, and workshops, we equip people from diverse backgrounds with the skills required for high-demand roles in technology and innovation, thereby enhancing their employability and economic prospects. ; ; Support for Minority-Owned Businesses: ; ; We actively support minority-owned businesses and entrepreneurs by providing access to mentorship, networking opportunities, and resources to help them grow and succeed. Through initiatives like supplier diversity programs and partnerships with minority business organizations, we promote inclusion and diversity in the technology sector and contribute to creating more equitable economic opportunities. ; ; Digital Inclusion Initiatives: ; ; VE3 is committed to promoting digital inclusion and bridging the digital divide by ensuring that everyone has access to essential digital services and technologies. We collaborate with governments, nonprofits, and community organizations to implement initiatives such as digital literacy programs, affordable internet access schemes, and community technology centers, thereby empowering underserved populations and promoting economic equity. ; ; Fair and Transparent Procurement Practices: ; ; We adhere to fair and transparent procurement practices to create opportunities for businesses of all sizes and backgrounds to participate in government contracts and procurement processes.

  Equal opportunity

  We recognize the importance of tackling economic inequality and are committed to leveraging our G-Cloud service provision to address this pressing social issue. Here's how our services contribute to tackling economic inequality: ; ; Access to Affordable Technology: ; ; We strive to make cutting-edge technology accessible and affordable to all, regardless of economic status. By offering scalable and cost-effective cloud-based solutions, we enable organizations, including small and medium-sized enterprises (SMEs) and underserved communities, to access the tools and resources they need to compete in the digital economy. ; ; Skills Development and Training: ; ; VE3 invests in skills development and training programs to empower individuals with the knowledge and expertise needed to thrive in the digital age. Through initiatives like online courses, certifications, and workshops, we equip people from diverse backgrounds with the skills required for high-demand roles in technology and innovation, thereby enhancing their employability and economic prospects. ; ; Support for Minority-Owned Businesses: ; ; We actively support minority-owned businesses and entrepreneurs by providing access to mentorship, networking opportunities, and resources to help them grow and succeed. Through initiatives like supplier diversity programs and partnerships with minority business organizations, we promote inclusion and diversity in the technology sector and contribute to creating more equitable economic opportunities. ; ; Digital Inclusion Initiatives: ; ; VE3 is committed to promoting digital inclusion and bridging the digital divide by ensuring that everyone has access to essential digital services and technologies. We collaborate with governments, nonprofits, and community organizations to implement initiatives such as digital literacy programs, affordable internet access schemes, and community technology centers, thereby empowering underserved populations and promoting economic equity. ; ; Fair and Transparent Procurement Practices: ; ; We adhere to fair and transparent procurement practices to create opportunities for businesses of all sizes and backgrounds to participate in government contracts and procurement processes.

  Wellbeing

  Environmental Sustainability: ; ; We are committed to environmental sustainability as a core component of wellbeing. By prioritizing eco-friendly practices, resource conservation, and carbon reduction efforts in our operations and services, we contribute to creating a healthier and more sustainable environment. We prioritize the wellbeing of individuals and communities in all aspects of our G-Cloud service provision. Here's how our services contribute to enhancing wellbeing: ; ; User-Centric Design: ; ; VE3 designs our G-Cloud services with a user-centric approach, prioritizing usability, accessibility, and intuitive design. By focusing on the needs and preferences of users, we create digital experiences that enhance overall wellbeing by reducing frustration, stress, and cognitive load. ; ; Health and Safety Protocols: ; ; We implement robust health and safety protocols to protect the wellbeing of employees, clients, and partners. This includes adherence to strict security standards, data privacy regulations, and compliance with industry best practices to ensure the safety and integrity of our digital infrastructure and services. ; ; Promotion of Work-Life Balance: ; ; VE3 recognizes the importance of work-life balance in maintaining overall wellbeing. Through our G-Cloud services, we enable remote work, flexible scheduling, and collaboration tools that empower individuals to achieve a healthy balance between their professional and personal lives, leading to greater job satisfaction and wellbeing. ; ; Mental Health Support: ; ; We prioritize mental health support for our employees and clients by offering resources, programs, and initiatives aimed at promoting mental wellbeing. This includes access to counseling services, mindfulness training, stress management workshops, and employee assistance programs designed to support individuals in times of need. ; ; Community Engagement and Social Impact: ; ; VE3 actively engages with communities to address social determinants of health and promote holistic wellbeing. Through partnerships, philanthropic initiatives, and volunteer efforts, we support local organizations and projects focused on improving access to healthcare, education, housing, and other essential services that contribute to overall community wellbeing.

Pricing

• Price: £175 to £850 a unit
• Discount for educational organisations: Yes
• Free trial available: No

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at prime@ve3.global. Tell them what format you need. It will help if you say what assistive technology you use.