Brookcourt Solutions

Cyber Threat Intelligence - Intel471

Threat Intelligence platform providing visibility into real-time malware threats targeting customers. Alerts about high-risk vulnerabilities and supporting patch management. Visibility into threat actors mentioning organizations in illicit communities. Identification of high-value credentials coming up or being sold by illicit threat actors. Steady stream of high fidelity IOC’s and malicious infrastructure.

Features

• Malware provides near Real Time Intel on Malware Families.
• Adversary provides an overview on attacks and who's behind them.
• Credential provides compromised emails with passwords and their context.
• Marketplaces monitors all sales of your PII on the underground.
• Vulnerability gives context about relevant CVEs exposed in your network.
• SpiderFoot reviews the entire infrastructure revealing shadow IT &unmanaged assets.
• Complete API Integrations included in our packages.
• Request-For-Information creates custom reports to solve tactical intelligence needs.

Benefits

• Intel 471 is the premier Cyber Threat Intelligence vendor.
• See full context as it pertains IT Asset & Emails
• See full context as it pertains malware & adversaries
• See full context as it pertains events & vulnerabilities
• Alerts to threats to human and infrastructure within your organisation
• Requests for Information- deeper investigations in to threats & adverseries

£44,200 a licence a year

• Free trial available

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at contact@brookcourtsolutions.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

929904416773594

Contact

Phil Higgins
01737 886111
contact@brookcourtsolutions.com

Service scope

• Software add-on or extension: Yes, but can also be used as a standalone service
• What software services is the service an extension to: Intel471 can be integrated in to an existing threat intelligence platform to provide further intel and context to threats. E.g. Threat Connect TIP.
• Cloud deployment model: Public cloud
• Service constraints: Constraints are explained through the packages. If for example, a customer would not be interested in purchasing one type of Cyber Threat Intelligence, say Vulnerability, then the package can be build such that our offering does not include said item. In reality, this is more flexibility than it is a constraint. Access to the console is designed for individual use, so each Intel Analyst gets an account they can customize to suit their needs.
• System requirements: Latest version of supported web browsers and an Internet connection

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Intel 471 does not have an SLA in place for support. Normally questions are answered within minutes, hours since the first Point of Contact is the Intelligence Collection Manager that's assigned to the organization and the service is called 'phone-a-friend' Normally there are channels of communication via WhatsApp, Signal, Slack, Teams and so on. Now, questions regarding an issue are usually answered in 1-3 business days.
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: None or don’t know
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: No
• Onsite support: Onsite support
• Support levels: Intel 471 emphasizes the 3-year subscription model with fully dedicated support and a Senior Intelligence Collection Manager which is an Intelligence Practicioner that provides 360 degree coverage and enhances internal operations on demand.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: We have a dedicated integrations team based in England that builds integrations on demand for our customers. There's documentation as well as training videos in case you would like to raise your own integrations. Finally, Intel 471 already has turn-key integrations with major vendors that are our technology partners: https://intel471.com/partners/integration
• Service documentation: Yes
• Documentation formats:
  • HTML
  • Other
• Other documentation formats: Videos, Training on demand via video conference, and Training onsite
• End-of-contract data extraction: "What do we store/log upon usage:; Unless we have a contractual requirement not to store this, all of your activity including contents of queries and what you have viewed on Titan is logged including time of access, browser version (user agent) and IP accessed from is stored for one year. If we have a contractual requirement to store not to store log what your organization has viewed, we still store access information but do not know what you viewed or searched.; ; This usage logging is done purely and only for security auditing purposes whereby we would need to investigate a leak of Intel 471 sensitive information. In no case would we seek to use your usage activity to drive our intelligence function or provide it to your employer. We spend a lot of time, resources and money on building placement and access and losing those would have a detrimental effect on both Intel 471 and our customer’s intelligence programs. Access to usage logs within Intel 471 is also tightly controlled to a small number of employees at the company."
• End-of-contract process: Access to the API and the Web-based console is closed, and users are not able to leverage the service anymore.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: Exact same functionality and features, just the aspect ratio is different to accommodate proper spacing on mobile devices
• Service interface: Yes
• User support accessibility: None or don’t know
• Description of service interface: Request For Information is a service interface in which the user commands our intel analysts and researchers to fulfill a tactical intelligence engagement
• Accessibility standards: None or don’t know
• Description of accessibility: The service is accessible via a web portal. API's can be set up to provide the feeds in to the TIP. ; Set up scans, monitoring criteria and intelligence feeds - dependant on modules purchased.; Requests for Information (RFI) are submitted via the portal to the human intelligence team at intel471.
• Accessibility testing: None. Intel 471 offers HUMINT or Human Intelligence
• API: Yes
• What users can and can't do using the API: Each enabled API User has 10.000 API Calls per day. All use cases have the ability to perform integrations via this alloted allowance. However, Intel 471 can increase the access if needed.
• API documentation: Yes
• API documentation formats: Open API (also known as Swagger)
• API sandbox or test environment: Yes
• Customisation available: Yes
• Description of customisation: Every API call can be made to host a number of answers and parse for specific time, so the intelligence or sources of information provided can actually be made fully customized to comply with your objectives. Lastly, all of our integrations are included in your package.

Scaling

• Independence of resources: Enviornments are microsegmented for the organization in the backend so heavy usage of other members do not pose any threat. What's more, Intel 471 uses a private cloud vendor to accommodate for scalability issues.

Analytics

• Service usage metrics: Yes
• Metrics types: KPIs are based on showing how many alerts are generated based on your keyword searches. General Intelligence Requirements return metrics Weekly, Monthly, Quarterly and Yearly on your ROI for the tool.
• Reporting types:
  • API access
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

• Supplier type: Reseller providing extra support
• Organisation whose services are being resold: Intel471

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: Up to Security Clearance (SC)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations:
  • European Economic Area (EEA)
  • Other locations
• User control over data storage and processing locations: Yes
• Datacentre security standards: Supplier-defined controls
• Penetration testing frequency: At least every 6 months
• Penetration testing approach: Another external penetration testing organisation
• Protecting data at rest:
  • Encryption of all physical media
  • Scale, obfuscating techniques, or data storage sharding
  • Other
• Other data at rest protection approach: Data at rest is encrypted and stored in our private cloud. We operate with a SOC2 compliance in that environment.
• Data sanitisation process: Yes
• Data sanitisation type:
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
• Equipment disposal approach: In-house destruction process

Data importing and exporting

• Data export approach: Via API or manually through the GUI on the browser
• Data export formats:
  • CSV
  • Other
• Other data export formats: JSON, PDF, DOC, JPEG, PNG
• Data import formats:
  • CSV
  • Other
• Other data import formats:
  • Binaries, Hashes, Bitcoin addresses, Malware Samples, IPv4, IPv6
  • IP CIDR Notation, Images, Signatures, Telephone Numbers, Usernames, Emails, et-cetera

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • Private network or public sector network
  • TLS (version 1.2 or above)
  • Legacy SSL and TLS (under version 1.2)
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Legacy SSL and TLS (under version 1.2)

Availability and resilience

• Guaranteed availability: Intel 471 does not have an SLA for availability. The service is accessed 99% of the time. If there are outages, they are reported immediately to our users.
• Approach to resilience: The envrionment is running in a cloud service that allows for delivery in most parts of the world. There is a of course segmentation of the customer so that the organization is not encumbered by the activity of other parties. None of the data of customers are stored other than the email login and the password used which both are encrypted (hashed + salt).
• Outage reporting: Directly via our Intelligence Collection Managers and via email.

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
• Access restrictions in management interfaces and support channels: Support is made via the GUI and/or email so Authentication above needs to happen. Access management is simple, there are consoles dedicated to customers environments down to the individual analysts
• Access restriction testing frequency: At least every 6 months
• Management access authentication:
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Dedicated link (for example VPN)
  • Username or password
  • Other
• Description of management access authentication: MFA is needed to access resources, devices and to be able to post intel to the production environment.

Audit information for users

• Access to user activity audit information: Users contact the support team to get audit information
• How long user audit data is stored for: At least 12 months
• Access to supplier activity audit information: Users contact the support team to get audit information
• How long supplier audit data is stored for: At least 12 months
• How long system logs are stored for: At least 12 months

Standards and certifications

• ISO/IEC 27001 certification: No
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: No
• Cyber essentials plus: No
• Other security certifications: Yes
• Any other security certifications: SOC2

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: Other
• Other security governance standards: SOC2 Compliance
• Information security policies and processes: As part of the European Union’s General Data Protection Regulation (GDPR) we will provide you with what information we collect and store on you and the reasons why.; As part of signing up with us and having an account on Titan we store your account name, email address and a hashed and salted password hash.; Your account name which is typically set to your real name is provided to us as part of us creating your account on Titan. When you login to Titan you can set your account name to anything that you wish. We do not store your account name in any other place. The account name is used purely for aesthetics in Titan’s web user interface and automated emails.; All activity is logged including time of access, browser version (user agent) and IP accessed from is stored for one year. Usage logging is done purely and only for security auditing purposes whereby a need to investigate a leak of Intel 471 sensitive information.; We store your hashed and salted password hash. At no point do we store any password in cleartext. The hashed and salted password hash is used for authentication in conjunction with your email address.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: There are two environments one in production and one where infrastrcture updates are implemented, tested and then released. Releases happen during early hours of the morning on weekends. In addition, there is a constant stream of intelligence reports being published throught the day in the console without any impact to the service to our customers.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: Quality and security standards are upheld throughout our software development life cycle (SDLC) using SonarQube and Snyk.; SonarQube acts as an inspector, ensuring well-designed code to prevent future issues, while Snyk functions as a detector, identifying hidden 3rd party vulnerabilities in our codebase.; These tools are now integrated into our deployment process for the NextGen platform
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: Quality and security standards are upheld throughout our software development life cycle (SDLC) using SonarQube and Snyk.; SonarQube acts as an inspector, ensuring well-designed code to prevent future issues, while Snyk functions as a detector, identifying hidden 3rd party vulnerabilities in our codebase.; These tools are now integrated into our deployment process for the NextGen platform.
• Incident management type: Supplier-defined controls
• Incident management approach: As mentioned on our vulnerability management process, we have a number of tools on top of the Cyber Threat Intelligence that we create to proactively target weak points in our network with the background behind a threat.

Secure development

• Approach to secure software development best practice: Supplier-defined process

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  • Equal opportunity
  • Wellbeing

  Equal opportunity

  Intel471 believe in supporting an inclusive culture that encourages all of our people to be themselves, collaborate, and grow their professional skills and career. Our culture is founded on our core values, which sets the tone for how we work together and treat each other. It empowers all of us – and fosters a contagious team spirit.

  Wellbeing

  Our culture of humility and quiet professionalism is a core attribute of Intel 471 and everyone within it. Our culture is collaborative and supportive but focused on our mission – protecting the world’s organizations from cyber risks and threats. We’re a mission-driven company, staffed with a talented, ‘can-do’ minded teamwith a passion for always doing the right thing.

Pricing

• Price: £44,200 a licence a year
• Discount for educational organisations: No
• Free trial available: Yes
• Description of free trial: Free trail available upon request of the base platform and required modules.
• Link to free trial: Request from Brookcourt Solutions.

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at contact@brookcourtsolutions.com. Tell them what format you need. It will help if you say what assistive technology you use.