ITHQ LTD

Rapid7 InsightIDR SIEM & UEBA

The cloud SIEM for faster detection and response of incidents.

InsightIDR provides immediate and accurate detection and reduces the time to respond to attacks by combining behavioural analytics, threat intelligence, and automation in a scalable, easy to love solution that boasts the fastest deployment times in the industry.

Features

• User Behaviour Analytics: expose compromised accounts & lateral movement
• Attacker Behaviour Analytics: find known bad micro-behaviours that cause breach
• Endpoint Detection and Visibility: includes remote & travelling workers
• Centralised Log Management: simple, cloud-based performant search
• Visual Investigation Timeline: investigate incidents 20x faster
• Deception Technology: add new monitoring capabilities for malicious behavior
• File Integrity Monitoring (FIM): meet multiple compliance requirements w/InsightIDR
• Network Traffic Analysis: helps detect intrusions/security events on the network.
• Automation-Assisted Patching
• Automated Containment

Benefits

• Search and Visualize Your Security Data
• Detect Compromised Users and Lateral Movement
• Identify Evolving Attacker Behaviour
• 20x Faster Investigations and Incident Response
• Automatically Contain Compromised Users and Assets
• Solve Multiple Compliance Regulations
• Streamlined Case Management

£17 to £70 a unit a year

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at bidteam@ithq.pro. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

927736063099241

Contact

Dale Nursten
02039977979
bidteam@ithq.pro

Service scope

• Software add-on or extension: Yes, but can also be used as a standalone service
• What software services is the service an extension to: Rapid7 InsightVM; Rapid7 InsightCloudSec; Rapid7 InsightAppSec; Rapid7 InsightConnect; Rapid7 ThreatCommand
• Cloud deployment model: Public cloud
• Service constraints: In order to deliver our user and asset attribution based detections, organisations will need support ingestion of logs and events from the following four foundational sources: DHCP, LDAP, AD, DNS. The solution also requires an agent deployment for endpoint integration and response, in order to provide the best value for organisations we recommend that deployment is in excess of 80% of all Windows/Linux/Mac endpoints and servers.
• System requirements:
  • Collector: 2GHz processor, 8GB RAM, internet access (HTTPS)
  • Recommended 60GB+ disk space

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: S1 - Critical - <2 hours S2 - High - <4 business hours S3 - Medium - <12 business hours
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: None or don’t know
• Phone support: Yes
• Phone support availability: 24 hours, 7 days a week
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: Customer Support Levels: https://www.rapid7.com/globalassets/_pdfs/whitepaperguide/rapid7-customer-support-guidebook.pdf/; ; Technical Account Management: https://www.rapid7.com/contentassets/27cecc8df3274f698972f0c2a69e6b40/rapid7-technical-account-management-support-brief.pdf/
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: ITHQ will support the on-boarding of the solution with an agreed Scope of Works document customised to meet the customers' requirements.
• Service documentation: Yes
• Documentation formats:
  • HTML
  • PDF
• End-of-contract data extraction: All data is available for export at the end of the contract.
• End-of-contract process: At the end of a contract, you will have the opportunity to collect and transfer any data possible to export. If you request that Rapid7 delete all of your data, the request will be processed within 14 days. No additional fees apply.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
• Application to install: Yes
• Compatible operating systems:
  • Linux or Unix
  • MacOS
  • Windows
• Designed for use on mobile devices: No
• Service interface: Yes
• User support accessibility: None or don’t know
• Description of service interface: Admin & reporting interface through the web.
• Accessibility standards: None or don’t know
• Description of accessibility: Further details available on request
• Accessibility testing: Further details available on request
• API: Yes
• What users can and can't do using the API: The InsightIDR API supports the Representation State Transfer (REST) design pattern. Unless noted otherwise, this API accepts and produces the application/json media type.; ; Users can access Investigations, Threats, Queries and Logs through the API.
• API documentation: Yes
• API documentation formats: Open API (also known as Swagger)
• API sandbox or test environment: Yes
• Customisation available: Yes
• Description of customisation: Dashboards, queries and even custom connectors can be requested.

Scaling

• Independence of resources: Cloud components are hosted in AWS. Rapid increases in CPU, memory, storage, and networking capacity are performed on demand to meet the scaling and performance needs of enterprise customers. There are currently more than 9000 customers using the platform globally.

Analytics

• Service usage metrics: Yes
• Metrics types: All logins and changes are audited and available in reporting.
• Reporting types: Real-time dashboards

Resellers

• Supplier type: Reseller providing extra features and support
• Organisation whose services are being resold: Rapid7

Staff security

• Staff security clearance: Conforms to BS7858:2019
• Government security clearance: Up to Security Clearance (SC)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: European Economic Area (EEA)
• User control over data storage and processing locations: Yes
• Datacentre security standards: Supplier-defined controls
• Penetration testing frequency: At least every 6 months
• Penetration testing approach: Another external penetration testing organisation
• Protecting data at rest: Other
• Other data at rest protection approach: All of the data processed and stored is encrypted at rest using various file or disk level encryption mechanisms. Data is encrypted using industry standard AES-256 encryption with keys managed through AWS’s Key Management Service (KMS). Where possible, Rapid7 utilizes AWS’s services to manage encryption at rest (e.g. S3, EBS, RDS, etc.). When not possible, Rapid7 utilizes block level encryption provided by LUKS.; ; Block level encryption is used for ElasticSearch (only used to index some asset metadata). For all other persistence technologies/layers, AWS KMS is used.
• Data sanitisation process: Yes
• Data sanitisation type: Explicit overwriting of storage before reallocation
• Equipment disposal approach: A third-party destruction service

Data importing and exporting

• Data export approach: You can export all data in either CSV or PDF format. This is available from the admin console / dashboard.
• Data export formats:
  • CSV
  • Other
• Other data export formats: PDF
• Data import formats:
  • CSV
  • Other
• Other data import formats:
  • Syslog
  • CEF
  • UEF
  • Windows Event Log
  • Custom Logs
  • Database Audit Logs
  • Raw Data

Data-in-transit protection

• Data protection between buyer and supplier networks: TLS (version 1.2 or above)
• Data protection within supplier network: TLS (version 1.2 or above)

Availability and resilience

• Guaranteed availability: During the term of Customer’s subscription, the Service will perform in accordance with and subject to this Service Level Agreement (“SLA”). Rapid7’s target is 100% System Availability. If the System Availability during a given month is less than 99.95%, Customer may be eligible for a credit (“Service Credit”), which is the sole and exclusive remedy for any failure to meet the SLA.
• Approach to resilience: Rapid7 maintains a Business Continuity Plan for the Insight platform. The primary goal of this plan is to ensure organizational stability, as well as coordinate recovery of critical business functions in managing and supporting business recovery in the event of disruption or disaster. Thus, the plan accomplishes the following: • Ensures critical functions can continue during and after a disaster with minimal interruption; • Identifies and decreases potential threats and exposures; and • Promotes awareness of critical interdependencies. We can share a high-level overview of our Business Continuity Plan for the Insight platform upon request.
• Outage reporting: Service status is available at status.rapid7.com. Users may elect to subscribe to notifications from this site.

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Username or password
• Access restrictions in management interfaces and support channels: All access is granted through role-based access controls and utilises a least privilege and zero trust approach. Members of the team using InsightIDR can be made Administrator (full access), Investigator (Incident-only access), or Read Only. These roles will limit the functional access of the user, but will not restrict the data that is accessible in InsightIDR. Creating this three-level structure allows interested members outside of the security team to gain insight into the network and view incident alerts without disrupting the workflow of others.
• Access restriction testing frequency: At least once a year
• Management access authentication:
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Username or password

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: User-defined
• Access to supplier activity audit information: Users have access to real-time audit information
• How long supplier audit data is stored for: User-defined
• How long system logs are stored for: Between 6 months and 12 months

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: QMS International Ltd
• ISO/IEC 27001 accreditation date: 15/03/2022
• What the ISO/IEC 27001 doesn’t cover: N/A
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: Yes
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards:
  • ISO/IEC 27001
  • Other
• Other security governance standards: The Insight platform is hosted by AWS. All AWS compliance and audit reports, including SOC 2, SOC 3, FedRAMP Partner Package, ISO 27001:2013 SoA etc. are easily accessible; ; SOC2 Type II; HIPAA; GDPR
• Information security policies and processes: The Information Security team distributes relevant policies internally upon hire, including the Rapid7 Acceptable Use Policy, which addresses the following standards: Asset Usage, Data Protection, Secure Access, Software Usage, Monitoring, Loss and Theft, and Physical and Computer Security. The Information Security and Information Technology groups are responsible for monitoring compliance with data security policies and procedures. Users found in violation of information security policies may be subject to disciplinary action, up to and including termination of employment and legal action. When required, Information Security will work with Legal and People Strategy to address any instance of noncompliance.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: Rapid7 applies a systematic approach to managing change so that changes to services impacting Rapid7 and our customers are reviewed, tested, approved, and well communicated. Separate change management processes are in place for corporate IT systems and Insight platform systems to ensure changes are tailored to the specifics of each environment. The goal of Rapid7’s change management process is to prevent unintended service disruptions and to maintain the integrity of services provided to customers. All changes deployed to production undergo a review, testing, and approval process.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: The Information Security team continuously monitors Rapid7’s corporate IT and Insight platform environments for system vulnerabilities in accordance with formally documented vulnerability management processes and procedures. Information Security conducts network and agent-based vulnerability scans of these environments on a continuous basis using InsightVM, with new vulnerability results coming in daily or weekly. Information Security partners with Rapid7’s Managed Vulnerability Management team to augment our vulnerability management processes.Rapid7 also utilizes InsightAppSec and Information Security partners with Rapid7’s Managed AppSec team to monitor Insight platform and Rapid7 web properties for web application vulnerabilities.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: The Platform Security team ensures security is built into our products by providing security requirements, code analysis, and infrastructure configuration monitoring throughout multiple stages of our software development lifecycle
• Incident management type: Supplier-defined controls
• Incident management approach: Rapid7 uses InsightIDR to monitor on-premises and cloud environments for security incidents. Information Security partners with the MDR and Incident Response services teams to augment Rapid7’s incident response program. InsightIDR alerts are regularly reviewed by analysts and escalated via a paging system when indications of potentially malicious activity are detected.Rapid7 maintains a formal Incident Response process for analysis, containment, eradication, recovery, and follow up in the event of a security incident. Rapid7 will notify customers of any breaches affecting their data within 48 hours. For other breaches, Rapid7 will follow internal policy and all applicable federal, state, and local laws

Secure development

• Approach to secure software development best practice: Conforms to a recognised standard, but self-assessed

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  • Tackling economic inequality
  • Equal opportunity

  Tackling economic inequality

  ITHQ runs a corporate social responsibility programme called Life In IT in South East England. Life In IT allows us to recondition tech devices donated from businesses headed for disposal and pass them on to local non- profit organisations that put them to great use. Schools in particular are now benefitting from free technology that creates fresh learning opportunities through increased access to education platforms for more students.

  Equal opportunity

  To specifically address equal opportunity, our Life In IT programme prioritises collaboration with schools that support students from diverse backgrounds, including low-income families, minorities, and those with disabilities. We provide customised technology solutions that cater to a wide range of learning needs and styles, thereby ensuring all students have the opportunity to succeed. By doing so, ITHQ is committed to creating a more inclusive educational environment where every student, regardless of their socioeconomic status or background, can benefit from equal access to high-quality digital education.

Pricing

• Price: £17 to £70 a unit a year
• Discount for educational organisations: No
• Free trial available: No

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at bidteam@ithq.pro. Tell them what format you need. It will help if you say what assistive technology you use.