CACI UK Ltd

DarkBlue® Intelligence Suite ​ Software as a Service (SaaS)

DarkBlue® is a safe space for investigators to explore the Open, Deep and Dark web. With over 6 billion AI-enhanced records, collected over two decades, it unlocks the Deep & Dark Web without direct exposure. Daily scraping of 600,000-800,000 new records ensures DarkBlue® remains a vital tool for intelligence gathering.

Features

• Powerful AI enhanced Dark Web search tool
• Historic 6bn record repository, growing by c700,000 new records daily
• Integrated Case Management for collaboration, managing workflows and ongoing investigations
• Scraping Tor, I2P, ZeroNet, OpenBazaar, Freenet, Deep, and Open Web
• AI content tags enabling users to focus on specific categories
• Comprehensive filtering across First Snapshot, Crypto, Selectors, JavaScript, Private Keys...
• Searches using Simple Query Syntax/Boolean Logic/bulk search
• Full training and ongoing support provided
• Timestamped artifact storage using secure hashing (SHA-256)
• Integrated with leading OSINT solution providers like Chainalysis/Fivecast/ShadowDragon/TRM Labs

Benefits

• Intuitive UI integrated with AI/ML capabilities, enabling quick start investigations
• Safe/secure live Darkweb investigations, isolated from your corporate network
• Real-Time monitoring of Specific keywords alerting users of updates
• Comprehensive training provided for enhanced investigation
• UK/US combined account & support teams
• Provides proven admissible evidence
• Automated leak list compilation
• Online knowledge base
• Integrates with existing technology stack using DarkBlue’s data feed APIs

£0 to £28,000 a licence

• Free trial available

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at digital.marketplace@caci.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

888589305322984

Contact

CACI Digital Marketplace Sales Team
0207 602 6000
digital.marketplace@caci.co.uk

Service scope

• Software add-on or extension: No
• Cloud deployment model: Private cloud
• Service constraints: None, other than internet access.
• System requirements: Appropriate browser enabled device and connection to the internet

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: CACI responds to questions on average within one working day, or less, from receipt during office hours. Resolution, if not achieved immediately when responding, is typically within four working days depending on the complexity of the enquiry. Enquiries logged outside of office hours will be quickly addressed on the next working day.
• User can manage status and priority of support tickets: No
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: We provide comprehensive support as standard for all users. Following their account provision, we will provide users with three, 1-hour virtual initial user training (IUT), providing them with the skills and knowledge to navigate and leverage the analytics tools proficiently.; ; At an additional cost, and subject to numbers and location, further DTAC (Dark Web training & Analysis) can be offered at CACI’s Head Office, in London, or onsite. DTAC offers hands-on training for discovery on Tor, Open Bazaar, I2P, Freenet, and ZeroNet using DarkBlue. The structured curriculum will be based on students’ current analytic efforts or an approved topic.; ; Students will leave knowing the DarkBlue analyst methodology for dark web operations and how to leverage the Intelligence Suite for investigations.; ; Users will have access to a single point of contact for all enquiries. An Account Manager will field all general or technical enquiries, and depending on the nature of the enquiry, will either resolve directly, pass to the helpdesk or escalate to the technical team of experts. Customers can make contact via telephone or email.
• Support available to third parties: No

Onboarding and offboarding

• Getting started: We provide comprehensive support as standard for all users. Following their account provision, we will provide users with three, 1-hour virtual initial user training (IUT), providing them with the skills and knowledge to navigate and leverage the analytics tools proficiently.; ; At an additional cost and subject to numbers and location further DTAC (Dark Web training & Analysis) can be offered at CACI’s Head Office, in London, or onsite. DTAC offers hands-on training for discovery on Tor, Open Bazaar, I2P, Freenet, and ZeroNet using DarkBlue. The structured curriculum will be based on students’ current analytic efforts or an approved topic.; ; Students will leave knowing the DarkBlue analyst methodology for dark web operations and how to leverage the Intelligence Suite for investigations.; ; Users will have access to a single point of contact for all enquiries. An Account Manager will field all general or technical enquiries, and depending on the nature of the enquiry, will either resolve directly, pass to the helpdesk or escalate to the technical team of experts. Customers can make contact via telephone or email.
• Service documentation: Yes
• Documentation formats:
  • HTML
  • PDF
• End-of-contract data extraction: Upon contract termination, access to the platform is withdrawn from the users, as well as any APIs provided. Prior to termination any user data can be exported from the application. We assist the user to ensure no important data is lost prior to withdrawal of their access.
• End-of-contract process: Should a customer choose not to renew their license, it is a requirement for the customer to serve notice (in writing or via email) 90 days before the end of the agreement. ; This time can then be used by the customer to export any important data that they wish to retain.; Upon termination all access to the platform is withdrawn, account is closed and data is deleted.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
• Application to install: No
• Designed for use on mobile devices: No
• Service interface: No
• User support accessibility: WCAG 2.1 AAA
• API: Yes
• What users can and can't do using the API: To learn more about APIs please see:; https://resources.darkblueintel.com/en_US/darkblue-data-feeds
• API documentation: Yes
• API documentation formats: HTML
• API sandbox or test environment: Yes
• Customisation available: Yes
• Description of customisation: Customisation is discussed during implementation. This can be limited to select user groups only.

Scaling

• Independence of resources: Regular testing and enhancements to our service and hardware are conducted. Up-time and performance assurances are provided in our SLAs.

Analytics

• Service usage metrics: Yes
• Metrics types: We utilise Okta to provide detailed insights into user logins, access patterns, and usage statistics. ; Additionally, Amplitude is utilised as an analytics tool to monitor user interactions within the platform. ; Amplitude tracks user engagement, feature utilisation, and user journey analytics, offering a comprehensive view of how users interact with DarkBlue®.
• Reporting types: Reports on request

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Conforms to BS7858:2019
• Government security clearance: Up to Developed Vetting (DV)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: Other locations
• User control over data storage and processing locations: No
• Datacentre security standards: Managed by a third party
• Penetration testing frequency: At least once a year
• Penetration testing approach: ‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
• Protecting data at rest: Physical access control, complying with CSA CCM v3.0
• Data sanitisation process: No
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

• Data export approach: Guidance is given during training, although our support staff can assist if needed.
• Data export formats: CSV
• Data import formats: Other
• Other data import formats: Not applicable

Data-in-transit protection

• Data protection between buyer and supplier networks: TLS (version 1.2 or above)
• Data protection within supplier network: Other
• Other protection within supplier network: The system is protected in its own segregated environment with industry leading firewalls, with daily encrypted backups off-site.

Availability and resilience

• Guaranteed availability: System availability is over 99%. Where customers require a Service Level Agreement (SLA) and respective Key Performance Indicators (KPIs), these can be discussed and agreed at contract signature to align service availability and performance to the customers needs. ; ; Anticipated downtime for upgrades is agreed in advance with customers to avoid any impact during busy periods. This proactive approach enables communications to be sent to the user base prior to the release of upgrades or patches.
• Approach to resilience: DarkBlue® is hosted on Amazon Web Services (AWS) cloud infrastructure to ensure system resilience, particularly during high demand peaks. By deploying on AWS we can leverage the various service and features AWS offer to provide for application resiliency, maintaining high availability. These include, redundant and geographically distributed data centres with S3 replication, enhancing system resilience by minimising the risk of service disruptions, auto scaling and elastic load balancing to adjust to varying workloads. Amazon Cloudwatch to monitor and maintain availability and fault injection testing to test resiliency of the application.
• Outage reporting: In the unlikely event of service outage an email alert would be sent to the user(s).

Identity and authentication

• User authentication needed: Yes
• User authentication: Username or password
• Access restrictions in management interfaces and support channels: OKTA IAM used for strong access control in the hosting environment, ensuring only authorized personnel access administrative tools with appropriate permissions.; Each account is created with a unique ID; All authentication and administrative activities are logged within the instance; Sessions automatically time-out after a period of inactivity. This period can be de-fined by systems administrators; The solution also supports single-sign-on (SSO) where customers have Azure Active Directory.; ; Customers control the user management to their solution. ; Database access privileges and role-based user access can be assigned by the customer using the customer via the service system administration module.
• Access restriction testing frequency: At least once a year
• Management access authentication:
  • 2-factor authentication
  • Dedicated link (for example VPN)
  • Username or password
  • Other
• Description of management access authentication: The platform leverages Okta’s secure identity cloud for user authentication and management. It enables secure management for user authentication and authorization, as well as provide single sign-on (SSO) access to the application. Customers can decided which user have access privileges, locking down administrative rights to the correct users. Multifactor authentication can also be provided if required.

Audit information for users

• Access to user activity audit information: You control when users can access audit information
• How long user audit data is stored for: At least 12 months
• Access to supplier activity audit information: Users contact the support team to get audit information
• How long supplier audit data is stored for: At least 12 months
• How long system logs are stored for: At least 12 months

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: BSI
• ISO/IEC 27001 accreditation date: Initial ISO27001 certification on 11-04-2006 which was renewed on 06-07-2021
• What the ISO/IEC 27001 doesn’t cover: All relevant CACI services are covered.
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: Yes
• Other security certifications: Yes
• Any other security certifications:
  • ISO9001 - this includes additional elements regarding security
  • Data Seal - DS27001/1-2014
  • Registered with the ICO - Network and Information Systems Directive

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards:
  • ISO/IEC 27001
  • Other
• Other security governance standards: CACI holds ISO/IEC standards in 9001:2015 Quality Management Systems and (QMS), ISO/IEC 20000-1 Service Management System (SMS)
• Information security policies and processes: CACI has a comprehensive Security Policy based on the ISO 27001. The policy is owned by CACI's Executive Management Team which is an executive level body, and which assumes ultimate responsibility. The ISO standard covers: ; ; - Organisation and Management; - Information Security; - Asset Classification; - Physical and Environmental Security; - Communications and Operations Management; - System Access; - Systems Development and Maintenance; - Compliance; - Personnel and Provisioning; - Business Continuity Management; - Third Party Management ; ; CACI management supports security through leadership statements, actions and endorsement of the security policy and implementing, improving the controls specified in the policy. The policy is available to all CACI employees and contractors on the intranet. Changes to the policy are announced on the company's intranet and followed up with training and awareness programmes. ; ; New starters are required to undertake computer-based information security and data protection training, and this is repeated on at least an annual basis. Compliance to policy is overseen by internal audit.

Operational security

• Configuration and change management standard: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Configuration and change management approach: All change management is covered by CACI's ISO 27001 ISMS. We have a continuous development programme across all CACI products and services. This is managed through Agile Project Management processes, any changes and enhancements are implemented as they are reviewed and approved by our software developers and product owners.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: CACI has a comprehensive vulnerability management program that includes conducting vulnerability scans on critical systems and applications. ; New patches are promptly risk assessed and prioritised based on the severity of the vulnerability and the threat intelligence available.; Where an Emergency patch poses an imminent threat to the network it is installed without undue delay. ; All other Windows patches are installed within 14 days of receipt. ; Our system administrators subscribe to alerts and publications to ensure new are emerging threats are countered promptly and effectively and that new Technologies and security best practices are assessed and adopted where appropriate.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: Robust security logging and alerting controls are in place to capture events in order to prevent security incidents and malpractices.; Solutions are also in place to monitor systems and alert administrators of possible capacity, and resource problems.; Logs are stored centrally and reviewed regularly. ; CACI has robust and mature incident response plans and processes and business continuity management to minimise the impact of a cyber-security attack or incident.
• Incident management type: Supplier-defined controls
• Incident management approach: Our specialised cyber-monitoring, cyber-hunt and simulation capabilities enable advanced and customised cyber-security for the enterprise and unique customer missions. CACI’s advanced analytics and AI/ML tools accelerate threat detection enabling automated incident response. All employees are required to report any real, perceived or potential security incidents that may affect the confidentiality, integrity or availability of data. ; All Security Incidents are recorded in-line with our Security Incident Policy/Response Procedure. For each incident, a root cause analysis is conducted, a corrective action undertaken, and a preventative action will be implemented to prevent or reduce the probability of the incident reoccurring in the future.

Secure development

• Approach to secure software development best practice: Conforms to a recognised standard, but self-assessed

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Tackling economic inequality
  • Equal opportunity
  • Wellbeing

  Fighting climate change

  As a supplier primarily of professional IT services, CACI’s environmental impact is minimal. However, we are constantly looking at how we can operate more efficiently in our fight towards climate change. We are working towards a Net Zero Carbon business model through our delivery to our customers as promoting this to our supply chain. ; This commitment is demonstrated by our achievement of ISO14001 accreditation, which we have held for nine years. To attain this standard, we ensure our Environment Management System (EMS) met the following requirements:; -Awareness of environmental impact through procedures and controls; -Acceptance of responsibility through environmental management systems; -Reducing harmful impacts via environmental policies; -Displaying community responsibility via staff training and awareness; ; We are fully committed to working towards a circular economy approach and where practically possible CACI select the most sustainable means to operate its facilities We remain aware of any and all opportunities to share, lease, reuse, repair, refurbish and recycle existing materials and products. That includes using recycled paper, enforcing double sided printing, and using Energy Star devices. Our recycling policy includes energy/water consumption, waste materials and paper use.; CACI has an agreed Carbon Reduction Plan (CRP) which is in implementation and is published on our website. This includes a set of carbon reduction targets up until 2040, with a baseline period set from July 2020 to June 2021.

  Tackling economic inequality

  CACI is dedicated to creating employment opportunities, working with local suppliers and hiring local people. We adjust our recruitment and training processes to focus on attributes rather than qualifications, which could exclude those from a disadvantaged background or deprived areas. Inclusivity and accessibility are encouraged via unconscious bias education and positive and inclusive designs, accessible capabilities, and inclusivity in gathering requirements for digital services. For example, we work closely with the National Autistic Society and Autism at Work to create an inclusive recruitment process, actively supporting neurodiverse candidates to flourish.; CACI works with a number of outreach organisations to develop and attract individuals from minority groups into the cyber security sector, including CyberFirst. A number of our employees volunteer as Ambassadors to this NCSC led government outreach programme. This is a reflection of our belief in the programme’s mission, to develop a sustainable and diverse talent pipeline into the cyber security industry. The majority of the programme’s focus is on students in UK schools, to improve issues with massive student dropout from IT education.; ; CACI has pledged to promote equality of opportunity within our supply chain, and work with a diverse range, including specialist Small and Medium Enterprise (SME)s. Our network is diverse and wide ranging in terms of skill set, age of business, make up of employees, geographical location, and therefore varying business cultures and diversity of individuals.; We are focussed on creating opportunities from the following groups who experience barriers to employment :; -Long term unemployed; -Armed forces veterans; -Mothers returning to work; -Care leavers

  Equal opportunity

  CACI’s Equal Opportunities policy formalises our approach to not discriminate against any employee on the basis of sex or sexual orientation, marital or civil partner status, gender reassignment, race, religion or belief, colour, nationality, ethnic or national origin, disability or age, pregnancy or maternity or other characteristics defined in anti-discrimination legislation (Protected Characteristics), or trade union membership or the fact that they are a part-time worker or a fixed-term employee. Our employees and applicants for employment with CACI are not disadvantaged by any policies or conditions of service which cannot be justified as necessary for operational purposes. ; CACI is dedicated to ensuring our work environment, operational delivery and recruitment processes accommodate people with disabilities. Adjustments are made to ensure that those with disabilities are included and supported in our workplaces. ; Our Workplace Adjustment Passport (WAP) enables employees to declare a disability, workplace adjustments are driven at company level. ; CACI has signed up to the Disability Confident Scheme, formalising our commitment to play a lead role in changing attitudes for the better. We aim to successfully employ and retain disabled people and/or those with health conditions. When designing internal training or selecting an external partner, staff are consulted to capture any specialist needs to tailor sessions, including location, means of delivery and materials. This ensures all staff can develop in a comfortable and accessible environment . ; CACI also works closely with the National Autistic Society to create an inclusive recruitment process, partnering with their Autism at Work programme; actively supporting neurodiverse candidates to flourish.; CACI have funded the creation of a number of staff networks, where employees with protected characteristics have time and resources to share ideas and support in a safe private environment. CACI have also offered specific training and talks from speakers related to these characteristics.

  Wellbeing

  CACI has a range of comprehensive support initiatives that have been implemented to aid the health and wellbeing of our workforce (including contractors). Below is a comprehensive list, with specific reference to the six standards of Mental Health at Work commitment.; Promotion of an Open Culture around Mental Health:; -Team of 18 Mental Health First Aiders; -Conduct regular drop-in sessions for all staff, delivered by a Mental Health First Aider Team, focus on a particular element of Mental Health; ; Prioritising Mental Health in the Workplace by developing and delivering a systematic programme of activity:; -Regular check-ins for staff and our contractor workforce; -Annual Staff Satisfaction Survey, which includes a section on Health & Wellbeing; -Free 24/7 professional counselling ; -Private healthcare and health and wellbeing plan (extendable to family members/dependents); -Employee Assistance Programme; -Discounted gym memberships; -Physiotherapy; -Medical services; -Mental Health First Aider programme; -Stress assessments; ; Proactively ensure work design and organisational culture to drive positive mental health outcomes; -Comprehensive property and facilities management, ensuring modern, comfortable and state of the art technology for all employees; -Distributed Working Programme, allowing employees and contractors to structure their working week in a way that suits their preference and personal commitments whilst delivering against their work accountabilities; -Open and honest communications at all levels throughout the organisation; ; Increased organisational confidence and capability:; -Dedicated area of our company intranet for mental health and wellbeing, including various supporting resources and colleagues; -Line Managers and Career Coaches trained in aspects of mental health; ; Provide mental health tools and support:; -Formal Mental Health First Aid Programme including a team of MHFAs; Increase transparency and accountability through internal and external reporting: ; -Publish the results of our annual staff satisfaction survey to all staff. Includes Mental Health and Wellbeing, actions taken and areas for improvement

Pricing

• Price: £0 to £28,000 a licence
• Discount for educational organisations: No
• Free trial available: Yes
• Description of free trial: Fully functional licence limited to 30 days maximum
• Link to free trial: https://info.caci.co.uk/dark-web-intelligence-services

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at digital.marketplace@caci.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.