CyberIAM Holdings Ltd

BeyondTrust Endpoint Privilege Management

BeyondTrust Privilege Management stops attacks by removing excessive privileges on Windows, Mac, Unix, Linux and Network Devices. The solution empowers organizations to enforce least privilege by eliminating admin and root access.

Features

• MULTI-PLATFORM Windows, Mac, Linux, UNIX and Network Devices
• TRACK AND CONTROL APPLICATIONS Protect endpoints from infection
• QUICKSTART TEMPLATES Flexible workstyle templates for Windows and Mac
• PRIVILEGED THREAT ANALYTICS Correlate user behaviour against vulnerabilities
• ENTERPRISE AUDITING REPORTING Provide audit trail for all user activity
• TRUSTED APPLICATION PROTECTION Prebuilt templates stop attacks involving trusted apps
• SECURITY ECOSYSTEM INTEGRATION Built in connectors to third party solutions
• APPLICATION CONTROL Automated whitelist and elegant exception handling

Benefits

• MULTI-PLATFORM Connect with Windows, Mac, Linux, Mobile and Network Devices.
• ELEVATE APPLICATIONS NOT USERS Maintain security with least privilege
• ANALYZE USER BEHAVIOUR Collect and store all events
• ACHIEVE LEAST PRIVILEGE ON DAY ONE with QuickStart policies
• STOP MALICIOUS ATTACKS Including malware an ransomware
• JIT PRIVILEGES For complete control without hindering end user productivity
• INTEGRATION Pre-built adapters for popular Service Desk / ITSM platforms.

£45 to £200 a unit an hour

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

• Modern Slavery statement

  ODT

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at sales@cyberiam.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 13

Service ID

952973324391154

Contact

Andy Pinnington
08443350012
sales@cyberiam.com

Service scope

• Software add-on or extension: Yes, but can also be used as a standalone service
• What software services is the service an extension to: Beyondtrust Password Safe; Beyondtrust Remote Support (RS); Beyondtrust Privileged Remote Access (PRA); SIEM Integration; ITSM Integration
• Cloud deployment model:
  • Public cloud
  • Private cloud
  • Hybrid cloud
• Service constraints: UK and EU based data centres are available. No service constraints.
• System requirements: No System Requirements

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: "The content of an Incident as supplied initially is used to identify the incident Severity Level using Table 1 below as a guide.; Severity Levels range from Severity Level 1 (Critical) to Severity Level 3 (Low Priority). In collaboration with you, we will make a; reasonable determination of the Severity Level of your incident and respond accordingly. The Severity Level may also be adjusted; as the Incident progresses towards resolution.
• User can manage status and priority of support tickets: No
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: We provide technical account managers, solution architects and solution matter experts to different cloud services.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: BeyondTrust Endpoint Privilege Management Cloud Service enables customers to receive enablement training services as part of their acquisition. Further user and administrative training is available at additional cost. All course descriptions can be viewed on the website. For self-service, bomgar.com/docs delivers a comprehensive archive of documentation.
• Service documentation: Yes
• Documentation formats:
  • HTML
  • PDF
• End-of-contract data extraction: At the end of the services agreement, customers are able to receive any data stored in the cloud envrionment by coordinating with BeyondTrust's Customer Support team.
• End-of-contract process: Requirements are gathered and proposals are made. Once the customer is happy with the proposal, anything additional comes at an extra cost.; ; On the last day of the services agreement, data is permanently destroyed per NIST SP 800-88.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
• Application to install: No
• Designed for use on mobile devices: No
• Service interface: No
• User support accessibility: None or don’t know
• API: Yes
• What users can and can't do using the API: Front-end integration of the BeyondTrust API enables customers to correlate BeyondTrust Privilege Management events with third-party or in-house developed applications to pull report data, issue commands, or automatically save a backup of the Appliance's policy and configuration on a recurring basis.
• API documentation: Yes
• API documentation formats:
  • Open API (also known as Swagger)
  • HTML
  • PDF
• API sandbox or test environment: No
• Customisation available: Yes
• Description of customisation: Beyond trust Endpoint Privilege Management has comprehensive authentication / authorisation options. Customers can configure these to their requirements. The BeyondTrust prompts can also be fully customisable across the customer's branding, colours and impart terms. In addition, the API services can be utilised to integrate into the customer's broader defence-in-depth strategy.

Scaling

• Independence of resources: BeyondTrust's Cloud services team actively monitor customer's environments and provision resources as required.

Analytics

• Service usage metrics: Yes
• Metrics types: Metrics include license utilisation and service availability.
• Reporting types: Reports on request

Resellers

• Supplier type: Reseller providing extra support
• Organisation whose services are being resold: BeyondTrust

Staff security

• Staff security clearance: Conforms to BS7858:2019
• Government security clearance: Up to Security Clearance (SC)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations:
  • United Kingdom
  • European Economic Area (EEA)
• User control over data storage and processing locations: Yes
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: Less than once a year
• Penetration testing approach: Another external penetration testing organisation
• Protecting data at rest: Other
• Other data at rest protection approach: All data in Privileged Management Cloud is stored in Azure SQL databases with transparent encryption enabled.
• Data sanitisation process: Yes
• Data sanitisation type: Deleted data can’t be directly accessed
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

• Data export approach: Data can be exported on an automated basis providing a full cold backup of session data and configuration. Manual, point, backups can also be made.
• Data export formats:
  • CSV
  • Other
• Other data export formats:
  • XML
  • XLSX
  • Mp4
• Data import formats: CSV

Data-in-transit protection

• Data protection between buyer and supplier networks: Other
• Other protection between networks: N/A
• Data protection within supplier network: TLS (version 1.2 or above)

Availability and resilience

• Guaranteed availability: 99.9% during any calendar month (Excluding any Excused Downtime)
• Approach to resilience: Microsoft Azure are offered products are offered and resiliency is based upon Azure geographically diverse cloud services. Beyondtrust utilized two geographically diverse data centre; both hold SOC 2 Type 2 certifications.
• Outage reporting: A Customer Portal is provided which provides outage and maintenance information. In the even of any unscheduled outage, the Customer would be notified directly.

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Username or password
  • Other
• Other user authentication: Users can be added to the system as local users, AD users, LDAP users or any combination. 2FA is supported through RADIUS meaning that most 2FA solutions are available for use with the solution. The solution operates through a full RBAC system meaning management is just a role (or collection of roles) which can be assigned to appropriate groups of users.
• Access restrictions in management interfaces and support channels: BeyondTrust has implemented both least privilege and RBAC throughout the corporate and cloud environments. All activity is logged, monitored, and audited per our security program.
• Access restriction testing frequency: At least every 6 months
• Management access authentication:
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Username or password
  • Other
• Description of management access authentication: Users can be added to the system as local users, AD users, LDAP users or any combination. 2FA is supported through RADIUS meaning that most 2FA solutions are available for use with the solution. The solution operates through a full RBAC system meaning management is just a role (or collection of roles) which can be assigned to appropriate groups of users.

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: User-defined
• Access to supplier activity audit information: You control when users can access audit information
• How long supplier audit data is stored for: User-defined
• How long system logs are stored for: User-defined

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: DAS Certification
• ISO/IEC 27001 accreditation date: 10/05/2021
• What the ISO/IEC 27001 doesn’t cover: N/a
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: No
• Cyber essentials plus: No
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: No
• Security governance certified: Yes
• Security governance standards: ISO/IEC 27001
• Information security policies and processes: BeyondTrust has a formal Information Security Management System (ISMS) which is certified under ISO 27001, ISO 27701, and aligned to the standards identified within NIST SP 800-53. This ISMS serves as the foundational baseline of security requirements our organization must adhere to ensure confidentiality, integrity, and availability of corporate data. The structure of this ISMS encompasses the requirements for various departments within BeyondTrust regarding best security practices and is managed/reviewed by the Governance, Risk, and Compliance (GRC) Team and approved by the Governance, Risk, and Compliance (GRC) Committee.

Operational security

• Configuration and change management standard: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Configuration and change management approach: BeyondTrust uses a vulnerability management solution in our cloud environment(s). The solution scans at least every 24 hours and submits its findings back to the main console as well as to our SIEM. This includes IAM misconfigurations, authentication, lateral movement, data at risk, neglected assets, network misconfigurations, and vulnerabilities. All of the items listed above are alerted to the BeyondTrust InfoSec team, analyzed, and acted on based on validity and criticality.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: We liaise with the vendor, any potential threats detected either by us or the vendor patches are deployed to remedy the issue. The deployment of patches are determined by the customers internal processes. BeyondTrust offers an array of vulnerability detection software as part of the license
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: BeyondTrust uses a vulnerability management solution in our cloud environment(s). The solution scans at least every 24 hours and submits its findings back to the main console as well as to our SIEM. This includes IAM misconfigurations, authentication, lateral movement, data at risk, neglected assets, network misconfigurations, and vulnerabilities. All of the items listed above are alerted to the BeyondTrust InfoSec team, analyzed, and acted on based on validity and criticality.
• Incident management type: Supplier-defined controls
• Incident management approach: "BeyondTrust has a formal Cybersecurity Incident Response Plan (CIRP) that is reviewed/tested annually, or as required, and approved by the GRC Committee. This plan addresses all facets of incident response within the organization for all critical business systems and processes.; ; BeyondTrust has a formal policy/process in place for notifying our customers if a breach was ever to occur. This notification is part of the organization’s existing Cybersecurity Incident Response Plan (CIRP); correspondence would be sent out from our organization to our customers via telephone and email without undue delay, but no later than 48 hours, from the point of determination."

Secure development

• Approach to secure software development best practice: Supplier-defined process

Public sector networks

• Connection to public sector networks: No

Social Value

• Fighting climate change:

  Fighting climate change

  Our environmental footprint is significantly smaller than similar sized organizations. We are entirely paperless, utilising a public cloud environment for our IT infrastructure which minimises our environmental impact. We do not use data centers, keeping our carbon footprint small. We also recycle our hardware and encourage the use of reusable containers in the office.
• Covid-19 recovery:

  Covid-19 recovery

  We responded quickly to the Covid-19 pandemic, enabling our employees to work from home and continue to do so as they wish, allowing for flexibility. We hold regular company meetings and virtual social events which allow for everyone to communicate and socialise wihtout risk. Now staff are permitted to return to offices, there are suggestion boxes for employees to anonymously let us know anything that would help them carry out their duties safely and comfortably. The offices also have Covid-19 rapid flow tests, hand sanitisers and temperature monitors.
• Tackling economic inequality:

  Tackling economic inequality

  We are committed to diversity, inclusion and equality at CyberIAM. Our employees hail from all around the globe and are all paid higher than the national average. We offer a women’s support network group for the women in our company of all ages, ethnicities and backgrounds.
• Equal opportunity:

  Equal opportunity

  Our equal opportunities policy is in place to enforce our firm belief in equality for all. Everybody at the company has the same opportunity for training, recruitment and selection. Our jobs are advertised to a diverse audience and our employees come from around the world including UK, South Africa, Spain, Philippines, Australia. We specify our initiatives to include gender representation and typically undersupported, disadvantaged groups, most recently, we celebrated Eid in April and May 2022.
• Wellbeing:

  Wellbeing

  Our offices are stocked with fruit snacks and drinks to support the health of our employees. We also have a social committee who organise and run events for the company, ensuring everybody gets to have fun and socialise if they wish to. We have an open door policy where people are encouraged to share and resolve any worries they have; we work with our employees to ensure they are happy and comfortable, e.g. flexible working hours to accommodate childcare needs. We work hard for our inclusive and supportive culture where everyone and their views, beliefs and goals are respected.

Pricing

• Price: £45 to £200 a unit an hour
• Discount for educational organisations: No
• Free trial available: No

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

• Modern Slavery statement

  ODT

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at sales@cyberiam.com. Tell them what format you need. It will help if you say what assistive technology you use.