SEP2 LIMITED

Google Chronicle SecOps

Chronicle SecOps (SIEM & SOAR) , powered by Google infrastructure, enables cost-effective use of security telemetry to improve SOC productivity and combat modern threats.

Features

• Chronicle ingests your data into a private environment.
• Data aggregated/normalized and linked together into a coherent timeline.
• That data is then exposed via investigation, hunting and detection.
• Data is then exposed to other security products via APIs.
• Security Orchestration, Automation and Response
• Threat-Centric Case Creation
• Playbook Execution
• Context - Driven Investigation
• Response
• Business Intelligence

Benefits

• Built on core Google infrastructure.
• Chronicle gives you an infinitely elastic container for storage.
• Ingest/normalize/index massive amounts of data and correlate to known threats.
• Access to a year or more of telemetry.
• Visual investigation platform
• Code-free playbook builder
• Securely and easily orchestrates your security tools wherever they reside
• Respond at the speed of cloud.

£2,000 a terabyte a year

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at sales@sep2.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

886272716164548

Contact

sep2 sales team
03300437372
sales@sep2.co.uk

Service scope

• Software add-on or extension: Yes, but can also be used as a standalone service
• What software services is the service an extension to: Chronicle SecOps also makes up SEP2's SEP2.security platform but can also be purchased separately.
• Cloud deployment model: Public cloud
• Service constraints: Log data is limited to 365 days, unless a separate GCP bucket is configured for longer term retention.; ; Authentication has to be via an SSO provider.
• System requirements:
  • Connectivity to the internet from the on-premise Chronicle forwarder
  • VM or PAAS environment Chronicle Forwarders (Docker/Linux image)

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Sep2 support provides 24x7x365 support for all priority incidents, with a response time of 30 minutes for Priority 1. Priority 2 incidents are responded to within 1 working hour. Priority 3 incidents are responded to within 4 working hours. Priority 4 incidents are responded to within 12 working hours.
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: None or don’t know
• Phone support: Yes
• Phone support availability: 24 hours, 7 days a week
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: All sep2 customers have an aligned account manager who manages all aspects of the customer relationship. sep2 support is priced depending on the number of licenses included.; At an additional cost, a technical account manager can be aligned to a customer where additional technical resources are required.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: Once purchased, an email address must be provided for the engagement to be initiated. ; Once scope is agreed, a SEP2 representative shall lead an instance creation and setup basic features and authentication. Additionally, a resource shall be made available to assist with deployment of the forwarder and assistance with bringing in initial sources.
• Service documentation: Yes
• Documentation formats: HTML
• End-of-contract data extraction: Chronicle can export to a GCP bucket in Google Cloud. ; The customer is responsible for notifying SEP2/Chronicle before the Term expires of any Customer Data that Customer wishes to export.
• End-of-contract process: When a contract is ended, the entire customer's tenancy is deleted on the backend and all customer data is removed from the database systems associated with that tenancy ID.

Using the service

• Web browser interface: Yes
• Supported browsers: Chrome
• Application to install: No
• Designed for use on mobile devices: No
• Service interface: Yes
• User support accessibility: None or don’t know
• Description of service interface: The service interface provides access to query log data, analyse/review the log data and set and review security detection rules.
• Accessibility standards: None or don’t know
• Description of accessibility: The service is accessible via a URL that is provided, an account is created after purchase which will have the licensed features attached.
• Accessibility testing: None.
• API: Yes
• What users can and can't do using the API: Search API; Access your security data programmatically. //; ; Detection Engine API; Create, run, and manage Detection Engine rules. //; ; Ingestion API; Send device logs to Chronicle programmatically using the Ingestion API. //; ; Google Cloud Threat Intelligence API; Get and list your Google Cloud Threat Intelligence alerts from your Chronicle account programmatically. //; ; RBAC API; Role-based access control (RBAC) enables you to tailor access to Chronicle features based on an employee's role in your organization.
• API documentation: Yes
• API documentation formats: HTML
• API sandbox or test environment: No
• Customisation available: Yes
• Description of customisation: End users can customise dashboards and create/edit detection rules.; ; When purchased with SEP2 services, SEP2 can aid in customising parsing rules where required.

Scaling

• Independence of resources: Chronicle APIs have quotas applied to them to prevent a single customer from unfairly overwhelming frontend services, likewise backend services are throttled to ensure that a consistent user experience can be maintained for all customers.

Analytics

• Service usage metrics: Yes
• Metrics types: Basic Bigquery dashboards are available for metrics such as log volume, user activity etc.
• Reporting types:
  • API access
  • Real-time dashboards

Resellers

• Supplier type: Reseller providing extra features and support
• Organisation whose services are being resold: Google

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: Up to Security Clearance (SC)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: European Economic Area (EEA)
• User control over data storage and processing locations: No
• Datacentre security standards: Supplier-defined controls
• Penetration testing frequency: At least once a year
• Penetration testing approach: In-house
• Protecting data at rest: Physical access control, complying with another standard
• Data sanitisation process: Yes
• Data sanitisation type: Explicit overwriting of storage before reallocation
• Equipment disposal approach: In-house destruction process

Data importing and exporting

• Data export approach: SEP2 can assist the customer with exporting to a GCS bucket utilising the Data Export API.; ; Additionally, the Alerts, Threat Intelligence APIs provide an opportunity to perform realtime export.
• Data export formats: Other
• Other data export formats: JSON
• Data import formats:
  • CSV
  • Other
• Other data import formats:
  • JSON
  • SYSLOG
  • KEY VALUE
  • XML
  • SYSLOG + KV
  • SYSLOG + JSON
  • SYSLOG + XML
  • LEEF
  • CEF

Data-in-transit protection

• Data protection between buyer and supplier networks: TLS (version 1.2 or above)
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • Other
• Other protection within supplier network: Data centers are typically connected via high-speed private links to provide secure and fast data transfer between data centers. This is designed to prevent data from being read, copied, altered or removed without authorization during electronic transfer or transport or while being recorded onto data storage media. Google transfers data via Internet standard protocols.

Availability and resilience

• Guaranteed availability: The following URL defines service level agreements for availability and reimbursement triggers - https://chronicle.security/legal/service-level-agreement/
• Approach to resilience: Redundancy. Infrastructure systems have been designed to eliminate single points of failure and minimize the impact of anticipated environmental risks. Dual circuits, switches, networks or other necessary devices help provide this redundancy. The Services are designed to allow Google to perform certain types of preventative and corrective maintenance without interruption. All environmental equipment and facilities have documented preventative maintenance procedures that detail the process for and frequency of performance in accordance with the manufacturer’s or internal specifications. Preventative and corrective maintenance of the data center equipment is scheduled through a standard change process according to documented procedures.
• Outage reporting: Outages are reported to the Google Cloud services reporting page: https://status.cloud.google.com/index.html

Identity and authentication

• User authentication needed: Yes
• User authentication: Identity federation with existing provider (for example Google Apps)
• Access restrictions in management interfaces and support channels: Google employs a centralized access management system to control personnel access to production servers, and only provides access to a limited number of authorized personnel. Google’s authentication and authorization systems utilize SSH certificates and security keys, and are designed to provide Google with secure and flexible access mechanisms. These mechanisms are designed to grant only approved access rights to site hosts, logs, data and configuration information. Google requires the use of unique user IDs, strong passwords, two factor authentication and carefully monitored access lists to minimize the potential for unauthorized account use.
• Access restriction testing frequency: At least once a year
• Management access authentication:
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)

Audit information for users

• Access to user activity audit information: Users contact the support team to get audit information
• How long user audit data is stored for: Between 1 month and 6 months
• Access to supplier activity audit information: Users contact the support team to get audit information
• How long supplier audit data is stored for: Between 1 month and 6 months
• How long system logs are stored for: User-defined

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: EY CertifyPoint
• ISO/IEC 27001 accreditation date: 18/12/2018
• What the ISO/IEC 27001 doesn’t cover: The ISMS mentioned in the above scope is restricted as defined in the ‘Chronicle Information Security Management System (ISMS) Implementation Manual’ (formal ISMS location listing; document), reviewed on February 23, 2021, by the Director, Engineering Compliance.
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: No
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: ISO/IEC 27001
• Information security policies and processes: SEP2 are ISO27001 accredited for "The provision of cyber security services including security assessment, consultation and security management as per statement of applicability version 0.2" ; ; Chronicle will maintain at least the following for the Services in order to evaluate the continued effectiveness of the Security Measures: ISO 27001 certification (the “Compliance Certification”) and SOC 2 Type 2 accreditation (the “SOC Report”). Chronicle may add standards at any time. Chronicle may replace a Compliance Certification or SOC Report with an equivalent or enhanced alternative.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: Preventative and corrective maintenance of the data center equipment is scheduled through a standard change process according to documented procedures.; ; Release notes are regularly updated that track changes to the service.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: Google does not publicly share this information. Any information around this matter will require formal legal approval to share.; ; Google additionally have a publicly accessible vulnerability reporting service.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: Google - Tightly controlling the size and make-up of Google’s attack surface through preventative measures; employing intelligent detection controls at data entry points; and employing technologies that automatically remedy certain dangerous situations.; ; Incident Response. Google monitors a variety of communication channels for security incidents, and Google’s security personnel will react promptly to known incidents.; ; Where SEP2 are controlling the Identity Provider, anomalous incidents surrounding the customer's credentials will be raised with the customer promptly and response taken.
• Incident management type: Supplier-defined controls
• Incident management approach: Google monitors a variety of communication channels for security incidents, and Google’s security personnel will react promptly to known incidents.

Secure development

• Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Tackling economic inequality
  • Equal opportunity
  • Wellbeing

  Fighting climate change

  SEP2 have a published Carbon Reduction Plan, available at https://www.sep2.co.uk/carbon-reduction-plan/. As per the information within that plan, SEP2 are committed to achieving Net Zero by 2035. SEP2 already have a number of initiatives in place to help manage our carbon footprint, including: • During 2020, SEP2 fleet vehicles were changed to be 100% Batter Eclectic Vehicles (BEV), and any and all additions to the SEP2 fleet will continue to be full 100% BEV. • SEP2 are a member of Cycle2Work scheme and encourage employees to reduce their emissions through cycling to work. • SEP2 provide re-usable bottles and cups for all employees and do not allow single use paper or plastic cups in the offices. • Hybrid home working is common across SEP2 to reduce commute emissions and direct Scope 2 GHG emissions. Future considerations in support of our plans to be Net Zero by 2035, the following future initiatives are being discussed within the SEP2 Senior Leadership Team • Electric car salary sacrifice scheme for employees who do not have a fleet vehicle • Projects to increase management of Scope 2 emissions through use of PIR/non-occupancy timers and other such technology within our office space • Review of company travel policy to better understand carbon emissions within Scope 3 that can be managed in this way • Review of our Scope 3 emissions within our supply chain to better understand our abilities to manage these with our suppliers By the end of 2024 SEP2 aim to have an established Environmental, Social and Governance committee which will have produced a report capturing the current initiatives that are in place within SEP2 to manage such considerations, as well as capturing a 12, 36 and 60 month plans detailing future initiatives in aim of meeting our NetZero by 2035 stated mission.

  Tackling economic inequality

  During one of the topical discussions in the Women in SEP2 group, Maya wanted to explore the reasons why, during recent recruitment for the SEP2 Central Response Team, only 7% of applications were Women. Maya said: “We considered the full route into Cyber Security, where does the interest begin? And how can we create opportunities? We decided it made sense to start with younger kids, getting them interested at an early age and showing them how exciting Cyber Security can be! We expanded this to not only girls and women, but to other minority groups who exist in schools and may not have the same level of access into a career in tech”. The outcome of this was the development of the SEP2 Cyber Schools initiative. SEP2 partnered with and invited local high schools within the Leeds area to come into the SEP2 offices and SOC and to participate in a day of activities to help educate students as to the potential career opportunities within the Cyber Security industry. Key goals of the event was to show the attendees of SEP2 Cyber Security School one of three distinctive areas of our business, as a good general starting point: 1. Attack (White hat, of course) 2. Defend 3. Analysis By providing a sample session on each focus area, we hope to encourage our students to be able to help identify their areas of interest and start to ask practical questions on how they can advance their learning to get one step ahead of their competition as they try to get their first foot through the door. We also held group presentations covering an overview of the industry as well as more practical sessions led by our People Manager who specialises in Learning and Development on topics such as CV writing.

  Equal opportunity

  SEP2 is a Medium Sized business, having between 50 and 250 employees. SEP2 is owned by three individuals, and a core commitment from the owners is shared and social responsibility. Within SEP2, there is a Share Ownership Scheme which over the past years and with future considerations included will see over 10% of the ownership of SEP2 be owned by our employees at all levels and across all teams. This is delivered primarily through a EMI incentive platform where employees are given actual shares, not share options as part of their ongoing development with SEP2. SEP2 have an award-winning Apprenticeship programme that spans a number of our different teams. Within the last 3 years we have had 20 apprentices join and go through this programme. Of the total, 8 are still within the programme and 8 have graduated into full roles within SEP2. Women in SEP2 is a community that fosters empowerment and collaboration. We aim to create a supportive and safe space for the Women in our business; a place where ideas can be shared, achievements celebrated, and advice sought from other Women in Tech. Each session is based around a 'Ponder Point', that we collectively think about before the session and come together to discuss. Anyone in the group can suggest a ponder point, some of the previous ones being Imposter Syndrome, Being Assertive Without Being Seen as a B*tch, and the underrepresentation of Women in Tech. Maya Lea-Langton, Cyber Security Analyst, has found a lot of value in joining these meetings. They said, “These sessions are also valuable for being a space to get to know people you may be unlikely to meet day-to-day due to remote working or being in different departments. Being able to have fun and thought-provoking discussions makes asking for help easier.”

  Wellbeing

  SEP2 pay the Living Wage to all employees SEP2 offer a number of benefits to our employees including being a member of the Cycle2Work Scheme to allow for employees to access bikes and cycling equipment without initial upfront expenditure. SEP2 are also a member of the TechScheme, which is a similar initiative allowing employees to purchase technology from places such as Currys via a salary sacrifice scheme. In addition, in 2022 to assist our employees with the cost of living crisis, SEP2 partnered with Sodexo to offer an employee benefit portal (SEP2 Rewards) that brings a huge number of options to our employees such as 3-10% savings on day to day shopping at locations such as Asda, Tesco etc, as well as benefits for the wider family such as discounted cinema tickets, bowling tickets etc. This is all available via an easy to use app and has enabled many of our employees to make significant savings across their daily spend. SEP2 provides our employees access to an Employee Assistance Program (EAP). The EAP provides; • Freephone advice, information and counselling service • 24 hours a day, 365 days of the year • Online information regarding health, fitness, nutrition and stress management resources SEP2 recognises the importance of employee wellbeing and seek to support this via Medicash, a healthcare cashback scheme which is delivered within our EAP program. With this benefit our employees are able to claim back their medical outgoings to a specific amount plus giving them numerous other services and products. Medicash can be extended to employee spouses and up to 4 children under the age of 18 who will receive half of the outlined monetary benefits.Medicash is available for all SEP2 employees and all new joiners will be auto enrolled onto the scheme

Pricing

• Price: £2,000 a terabyte a year
• Discount for educational organisations: No
• Free trial available: No

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at sales@sep2.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.