NodeZro Namespace Command Centre
NodeZro Command Centre automates the discovery, mapping, monitoring, vulnerability management and supply chain risk analysis for Internet DNS Namespaces. It provides customers with an efficient automated process to understand and secure your external digital footprint while reducing the risk of domain hijacking and phishing attacks. The leading Namespace Security Tool.
Features
- Automated DNS Namespace Discovery and Analysis
- Automated DNS Vulnerability Discovery and Analysis
- Automated Supply Chain Discovery and prioritised Risk Analysis
- DNS Vulnerability Management, Guidance and prioritised Remediation
- Continual monitoring and enhancement of your namespace security and data
- Tracks Namespace Security Risks over time with a simple dashboard.
- Aligned to NCSC and CDDO Domain Security Guidance
- Aligned to NCSC Email Security Guidance
- Cloud-only SaaS, with no installation requirements.
- Detailed Dashboards and Reporting with logical and geographic mapping
Benefits
- Automatically discover, map and understand your organisation's external digital footprint.
- Helps precent identity theft, mitigates domain hijacking and phishing attacks
- Aligns with NCSC/CDDO Guidance, ensures ongoing compliance and audit readiness
- Simple adoption, standalone SaaS platform with no internal system integration
- Analyses your digital Supply Chain identifies and mitigates risks
- Manage DNS lifecycle, from mapping to monitoring to remediation
- Safeguards public services, reinforcing reputation and protecting identity
- Monitors digital presence, uncovers vulnerabilities and secures brand reputation
- Reduces the effort of namespace security management.
Pricing
£25,000 a unit a year
- Free trial available
Service documents
Request an accessible format
Framework
G-Cloud 14
Service ID
9 5 9 1 8 2 5 5 1 8 7 7 0 1 7
Contact
Through Technology Limited
Peter Hanney
Telephone: +44 (0)7913334794
Email: enquiries@throughtechnology.uk
Service scope
- Software add-on or extension
- No
- Cloud deployment model
- Public cloud
- Service constraints
- None
- System requirements
-
- Users need Internet Access and a modern browser.
- No Installation Necessary
- No Integration Required
- Single sign on with Microsoft Entra ID or Google Accounts
User support
- Email or online ticketing support
- Email or online ticketing
- Support response times
- Support can be tailored to customer requirements. By default, it is limited to product issues and errors and operates within standard UK business hours.
- User can manage status and priority of support tickets
- No
- Phone support
- No
- Web chat support
- Yes, at an extra cost
- Web chat support availability
- 9 to 5 (UK time), Monday to Friday
- Web chat support accessibility standard
- None or don’t know
- How the web chat support is accessible
- We use Microsoft Teams or Google Meet chat functionality.
- Web chat accessibility testing
- We use widely adopted products that most organisations will already have for assistive technology users.
- Onsite support
- Yes, at extra cost
- Support levels
-
Through Technology provide a range of onsite support to help customers address their initial findings and instill good lifecycle management policies. Alternatively, namespace security can be provided as an entirely outsourced service. These can be found in our Lot 3, Cloud Support service "Namespace Security with NodeZro"
Because of the SaaS nature of the product, onsite end user support is not typically required. - Support available to third parties
- Yes
Onboarding and offboarding
- Getting started
-
Getting Started with the NodeZro Namespace Command Centre (NCC)
To begin using the NodeZro Namespace Command Centre and ensure your organisation's digital assets are protected from the start, follow these straightforward steps:
Share Primary Domains:
After finalising the commercial agreements, simply share your organisation's primary domains with NodeZro. Primary domains are the main domains under which your business operates, exemplified by google.com for Google, not including subdomains like support-01.google.com.
Share User List:
Provide a list of users who will need access to the system. Include their roles and contact information to facilitate account setup and permissions allocation.
Exchange Details on Subdomains (Optional):
For optimal coverage, it is recommended to share details of any subdomains you might have. While this step is optional, it enables more comprehensive monitoring and management of your digital environment.
Log In and Use the Platform:
Once your domains and users are configured, log in to the NCC platform. The interface is designed to be user-friendly, allowing you and your team to start managing and protecting your domains immediately.
The setup process is designed to be quick and efficient, enabling immediate protection and management of your digital assets. - Service documentation
- Yes
- Documentation formats
-
- HTML
- Other
- Other documentation formats
- Microsoft Document Formats
- End-of-contract data extraction
- Yes, you can extract all principal findings from your namespace at contract end via API or CSV export.
- End-of-contract process
- At the conclusion of your contract, you have the flexibility to extract all key findings from your namespace. This can be done through our API for seamless integration with your systems or by exporting data in a CSV format, ensuring you retain all valuable insights surfaced by the platform.
Using the service
- Web browser interface
- Yes
- Supported browsers
-
- Microsoft Edge
- Chrome
- Safari
- Application to install
- No
- Designed for use on mobile devices
- No
- Service interface
- No
- User support accessibility
- WCAG 2.1 A
- API
- Yes
- What users can and can't do using the API
- Each feature of the API is supported by detailed documentation that guides you through every aspect of integration and usage. Our clear, concise, and comprehensive instructions ensure you can harness the full potential of our API with minimal learning curve.
- API documentation
- Yes
- API documentation formats
- Open API (also known as Swagger)
- API sandbox or test environment
- No
- Customisation available
- Yes
- Description of customisation
-
To adapt the Namespace Command Centre (NCC) to changes in your organisation's digital structure, you can add new primary domains by interacting with Support. Here's how to do it:
Initiate Contact: Reach out to Support via email.
Provide Domain Details: Supply the name of the new domain, the administrative contact, and any specific requirements.
Domain Verification: We will verify domain ownership through DNS configuration or official documentation.
Configuration: The support team will set up the new domain in the NCC tailored to your needs.
Testing: The domain undergoes testing to ensure seamless integration.
Finalisation: Once tested, you’ll receive confirmation that the domain is active and fully operational and data will start appearing in your account.
We offer ongoing support and monitoring post-integration to ensure continued performance and security. This process ensures your domain management remains robust and aligned with your operational needs.
Scaling
- Independence of resources
- NodeZro Namespace Control Centre (NCC) is a specialised tool for security and compliance, accessed by a select group of users within each client organisation. It is built as a scalable service on a hyperscale cloud platform. Resource demand for the system is primarily driven by public internet analysis for discovery rather than user access. The NCC operates its user access and analysis functions on distinct infrastructures. Further details are available upon request.
Analytics
- Service usage metrics
- Yes
- Metrics types
- While the NodeZro Namespace Control Centre (NCC) does not provide service usage metrics, it offers comprehensive metrics regarding the security and status of your namespace. This detailed information is essential for monitoring the health and security of your digital assets, enabling proactive management and protection against potential vulnerabilities and threats. The NCC focuses on delivering critical security insights rather than general service usage statistics.
- Reporting types
- Real-time dashboards
Resellers
- Supplier type
- Reseller providing extra support
- Organisation whose services are being resold
- NodeZro
Staff security
- Staff security clearance
- Conforms to BS7858:2019
- Government security clearance
- Up to Security Clearance (SC)
Asset protection
- Knowledge of data storage and processing locations
- Yes
- Data storage and processing locations
- United Kingdom
- User control over data storage and processing locations
- No
- Datacentre security standards
- Managed by a third party
- Penetration testing frequency
- At least once a year
- Penetration testing approach
- ‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
- Protecting data at rest
-
- Physical access control, complying with SSAE-16 / ISAE 3402
- Encryption of all physical media
- Other
- Other data at rest protection approach
-
All data stored on Google Cloud Platform (GCP's) infrastructure is encrypted under the 256-bit Advanced Encryption Standard (AES-256).
https://cloud.google.com/security/encryption-at-rest
GCP complies with SSAE-16 (SSAE-18) / ISAE 3402 for physical access control. - Data sanitisation process
- Yes
- Data sanitisation type
- Explicit overwriting of storage before reallocation
- Equipment disposal approach
- A third-party destruction service
Data importing and exporting
- Data export approach
- Our data export approach provides flexibility in how you retrieve and handle your data. Users can export data in either CSV or JSON format. This allows for easy integration with various tools and platforms, accommodating different needs for data analysis, reporting, and storage. Whether you need a structured table format like CSV for spreadsheets or a more versatile format like JSON for applications, our system supports seamless data export to fit your requirements.
- Data export formats
-
- CSV
- Other
- Other data export formats
- JSON
- Data import formats
-
- CSV
- Other
- Other data import formats
-
- DNS Zone File
- Submission of domain names to support via email.
Data-in-transit protection
- Data protection between buyer and supplier networks
- TLS (version 1.2 or above)
- Data protection within supplier network
- TLS (version 1.2 or above)
Availability and resilience
- Guaranteed availability
- The Service Availability level for the NCC is 98% during each calendar month ("Availability Target") including all scheduled maintenance. The Availability Target is calculated by dividing the total number of minutes the Offerings are operational and accessible by the total number of minutes in the applicable calendar month, multiplied by 100.
- Approach to resilience
-
Our service's resilience is bolstered by strategically utilizing a range of features and services provided by Google Cloud Platform (GCP). Here’s how we do it:
Multi-Zone Deployment: We have the capability to provide deployment across multiple zones, enhancing service continuity by ensuring operations can persist without significant disruption, even in the event of a regional outage.
Automatic Failover: Our systems utilise multiple web front ends within GCP's infrastructure to ensure redundancy. By leveraging GCP's automatic failover capabilities, we can quickly and seamlessly switch to backup resources, maintaining service continuity.
Persistent Storage: We use GCP’s persistent storage solutions, which replicate data to multiple physical locations within a region, ensuring data durability and high availability.
Load Balancing: GCP's global load balancing capabilities distribute traffic across multiple instances, preventing any single point of failure and maintaining consistent performance during varying load conditions.
Regular Updates and Patches: Through GCP's automated update services, our systems are kept up-to-date with the latest patches and security fixes, thereby mitigating potential vulnerabilities.
Disaster Recovery: We implement GCP’s disaster recovery tools to create and manage recovery plans, ensuring that we can restore services quickly after any incident. - Outage reporting
- In the event of an outage, our protocol is to promptly notify users via email. This ensures that you are informed in real time about any service disruptions. Our email notifications provide essential details regarding the nature and expected duration of the outage, as well as ongoing updates and the announcement of service restoration. We understand the importance of timely and transparent communication and are committed to keeping our users fully informed during any incidents.
Identity and authentication
- User authentication needed
- Yes
- User authentication
-
- 2-factor authentication
- Username or password
- Access restrictions in management interfaces and support channels
- Access to management interfaces and support channels is strictly governed by Single Sign-On (SSO) authentication. This ensures that only authorised personnel can gain entry. Each user's access rights are meticulously defined, limiting management access and support capabilities to those explicitly granted such privileges. This tiered permission strategy reinforces our security posture by minimising the risk of unauthorised access.
- Access restriction testing frequency
- At least every 6 months
- Management access authentication
-
- 2-factor authentication
- Username or password
Audit information for users
- Access to user activity audit information
- Users contact the support team to get audit information
- How long user audit data is stored for
- Between 6 months and 12 months
- Access to supplier activity audit information
- You control when users can access audit information
- How long supplier audit data is stored for
- User-defined
- How long system logs are stored for
- Between 1 month and 6 months
Standards and certifications
- ISO/IEC 27001 certification
- No
- ISO 28000:2007 certification
- No
- CSA STAR certification
- No
- PCI certification
- No
- Cyber essentials
- Yes
- Cyber essentials plus
- No
- Other security certifications
- Yes
- Any other security certifications
-
- Through Technology are a support provider and reseller and hold...
- ISO27001
- Cyber Essentials Plus
Security governance
- Named board-level person responsible for service security
- Yes
- Security governance certified
- No
- Security governance approach
- TBC
- Information security policies and processes
-
Through Technology uses its ISO27001 certified Information Security Management Systems processes and procedures. Our own systems are also certified for Cyber Essentials Plus. Security processes are directly monitored and overseen by one of our managing partners and our internal Information Security Forum, but are the responsibility of all our staff. We will also align our service delivery to any required customer security processes and SAL.
NodeZro places a high priority on security governance, adopting practices consistent with industry-standard frameworks and will have attained Cyber Essentials certification prior to G-Cloud 14 publication. This step demonstrates our dedication to protecting our systems against a broad spectrum of cyber risks.
The responsibility for our security posture is a company-wide mandate, with direct oversight from our board and active engagement from our internal Information Security Forum. We foster a culture where every team member is empowered and obligated to uphold our security standards.
NodeZro is committed to customising our service delivery to adhere to the specific security processes and Service Level Agreements (SLAs) of our clients. We tailor our practices to meet the unique security requirements of each customer, ensuring our services integrate seamlessly with established security protocols.
Operational security
- Configuration and change management standard
- Supplier-defined controls
- Configuration and change management approach
-
Our software and service configuration and change management process process includes three key steps:
Development: Features and Configurations are developed and initially tested in a separate environment, allowing coding without disrupting live services.
Staging: Completed updates undergo extensive tests in a staging environment, mirroring live conditions without affecting users. This stage includes quality checks and final user acceptance testing.
Release: Approved changes are deployed to the production environment during off-peak hours to minimize disruptions. Post-deployment verification ensures successful implementation. The process allows for immediate rollback if issues arise, maintaining service continuity and reliability. - Vulnerability management type
- Supplier-defined controls
- Vulnerability management approach
- NodeZro use Google Cloud Platform Patch Management processes to ensure rapid deployment of patches for known vulnerabilities. In addition, we monitor NCSC Early Warning, NCSC Threat Reports, havIbeenpwned.com and other sources for threat intelligence.
- Protective monitoring type
- Supplier-defined controls
- Protective monitoring approach
-
Our protective monitoring processes are designed to ensure robust security across all our digital touchpoints. We engage an external company that specialises in security assessments to scan our web endpoints. This proactive measure allows us to be notified of any security findings, ensuring timely responses to potential threats.
Additionally, we utilise internal tools provided by GCP to monitor our systems. These tools are adept at detecting known vulnerabilities as they arise, enabling us to address them swiftly. This dual approach, combining external expertise and cutting-edge internal resources, forms the cornerstone of our commitment to maintaining a secure operational environment. - Incident management type
- Supplier-defined controls
- Incident management approach
- Our incident management approach is structured to ensure swift resolution and minimal disruption. Upon detection of an incident, it is promptly logged and categorised based on severity and impact. An initial response team assesses the situation and, if necessary, escalates it to specialised teams. Communication is maintained with all stakeholders throughout the process. Post-resolution, we conduct a review to identify improvements for future incident handling. This systematic approach helps maintain service stability and improves our response strategies over time.
Secure development
- Approach to secure software development best practice
- Supplier-defined process
Public sector networks
- Connection to public sector networks
- Yes
- Connected networks
- Other
- Other public sector networks
- Any service using Internet-facing public DNS
Social Value
- Social Value
-
Social Value
- Fighting climate change
- Covid-19 recovery
- Tackling economic inequality
- Equal opportunity
- Wellbeing
Fighting climate change
Through Technology is a Carbon Negative Business and formally assessed and certified as such with the PAS2060 Carbon Neutral Plus standard. This means that our services are operated to remove more carbon dioxide from the atmosphere than our business has created or will create in future, already significantly exceeding HM Government's Net Zero targets. Our business was designed with a very carbon-efficient business model. Building on this foundation, we have a process of continual improvement. We annually calculate our carbon footprint using the reputable carbonfootprint.com service, identify further reductions in our environmental impact, then offset -double- the residual carbon footprint of our business through the same scheme reputable UK tree-planting scheme used to offset HM Government ministerial travel. Measuring our footprint every year, optimising it and offsetting double, scales with our business and automatically applies to every service we provide (through G-Cloud or elsewhere). Furthermore, because trees last for many years, our positive impact on carbon capture and storage will continue to grow greater and greater across the lifetime of our business. As a business, we are also focussed upon helping our customers achieve your outcomes. We consider environmental impact in the work we undertake as part of our services many of which involve carbon reduction through modernisation of systems and migration to the cloud. Fighting Climate Change is something we are passionate about. We are proud of the contribution we make as UK Small Business. It also shows our commitment to not only meet, but exceed government targets for fighting climate change and goals of Procurement Policy Notes PPN 06/20 (Social Value) and PPN 06/21 (Taking account of Carbon Reduction in major contracts). Further detail, including "Beyond Net Zero - The Through Technology Environmental Impact Plan" available at www.throughtechnology.uk/carbonreductionCovid-19 recovery
Both Through Technology and NodeZro are UK SME Businesses, paying all our taxes in the UK and operating in full compliance with UK Tax regulations. In Through Technology, we have a very strong focus on achieving value for the tax-payers money and on supporting the UK economy. We are signatories to the UK Government Small Business Commissioner’s Prompt Payment Code. Meaning we commit to paying our supply chain within 30 days and have never yet failed to do so, even when we ourselves have faced delays in our payments. Our company principles include sharing knowledge and building capability with our customers’ internal teams. This can be seen in our “Insource Transition Support” service published on G-Cloud. Helping our customers insource and develop their internal teams will drive upskilling and job creation within our public sector customers. We have a defined standard business process to actively seek out opportunities for savings and cost avoidance for our customers in everything we do. This process has resulted in savings and cost avoidance of over £10M in the last 3 years, saving our customers more than we have cost them while we have also delivered all of our contracted scope. We have also created new jobs in our business during and after the Covid 19 pandemic.Tackling economic inequality
Through Technology are committed to fighting economic inequality. As a modern business without strong geographic ties, our hiring policy is to prioritise recruitment from areas of high social deprivation as identified in the Department for Levelling Up, Housing and Communities' English Indices of Deprivation). At present, 40% of our staff are from these areas and as our business grows, so will this percentage, ensuring that most of the tax-payer money spent on our services ends up in the local UK communities that need it the most. We are an equal opportunities employer that recognises and actively seeks out the benefits of diverse and inclusive teams to our business, to our customers and to wider society.Equal opportunity
We are an equal opportunities employer that recognises and actively seeks out the benefits of diverse and inclusive teams to our business, to our customers and to wider society. This is built into our policies, procedures and contracts, and lived day to day. We have worked to remove any bias from our organisational processes, including subconscious bias where it may exist. An example is that the first stage of our recruitment process is anonymised, minimising the impact of any potential bias in CV and Application evaluation. We are signatories to the Armed Forces Covenant and seek proactively to recruit ex-forces personnel, overcoming some of their challenges in returning to civilian life. Our recruitment process for opportunities is intentionally designed to be accessible and open to all. Our teams working through G-Cloud are diverse and include people from different parts of the UK, age groups, ethnic origin, gender, disability and faith.Wellbeing
Through Technology’s defining characteristic is the quality of our people, so we take well-being very seriously and have a number of measures in place to support the well-being of our staff and people they work with. Despite our relative small size, we have a board member responsible for staff wellbeing and a number of policies and processes which we live every week to maintain it. Examples include: Providing private health cover for all employees, offering time out for voluntary work in our local communities (including current staff acting as school governors, sports coaches, volunteering careers guidance in schools, acting as community representatives and teaching practical philosophy/life skills), funding a qualified Mental Health First Aider within the business, fostering a culture that welcomes private or public discussion of mental health and well-being (including open discussion of our CEO’s personal experiences). We also care about the well-being of those we work with in our supply chain, our customers, and their third-party suppliers. If we identify any well-being or stress-related issues with colleagues outside our organisation, then we handle these sensitively through the appropriate process or channel.
Pricing
- Price
- £25,000 a unit a year
- Discount for educational organisations
- No
- Free trial available
- Yes
- Description of free trial
- Time limited access to NodeZro Command Centre is available to certain organisations to allow for proof of concept testing. Also, because Command Centre requires no integration, product demonstrations can be held showing your organisation's live namespace data and security vulnerabilities. Giving immediate benefit.
- Link to free trial
- N/A