Netcraft

Dark Web Market Searches

Fraudsters commonly make use of Tor hidden services and the marketplaces available on them to sell credentials stolen from customers and employees, leaked internal documents, forged identity documents, or payment card data.

Netcraft explores these marketplaces, providing intelligence on the illicit materials being sold by fraudsters relating to your brand.

Features

• Regular searches for your brands on dark web marketplaces
• Valuable intelligence and early warning of criminal activity
• Screenshots and text extracts from listings including prices and sellers
• Identification of new marketplaces following law seizures and exit scams
• Detect possible data security breaches

Benefits

• View the data being made available on dark web marketplaces

£18,000 an instance

• Free trial available

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Framework

G-Cloud 12

Service ID

245073264027080

Contact

Andy Ide
01225 447500
asi@netcraft.com

Service scope

• Software add-on or extension: No
• Cloud deployment model: Public cloud
• Service constraints: All modern web browsers supported.
• System requirements: Web Browser

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: 24 hours, 7 days a week
• User can manage status and priority of support tickets: No
• Phone support: Yes
• Phone support availability: 24 hours, 7 days a week
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: Support is provided by electronic mail and telephone.
• Support available to third parties: No

Onboarding and offboarding

• Getting started: We provide online documentation, and also can provide a Webex (or similar) demonstration of the portal to answer any questions.
• Service documentation: Yes
• Documentation formats: HTML
• End-of-contract data extraction: Via the API, or we can provide a data extract on request.
• End-of-contract process: N/A

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 10
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
  • Opera
• Application to install: No
• Designed for use on mobile devices: No
• Service interface: Yes
• Description of service interface: Website provides the results from the searches for your brand, together with text extracts and screenshots of the marketplace listings.
• Accessibility standards: None or don’t know
• Description of accessibility: N/A
• Accessibility testing: N/A
• API: Yes
• What users can and can't do using the API: Extract the search results
• API documentation: Yes
• API documentation formats: HTML
• API sandbox or test environment: No
• Customisation available: No

Scaling

• Independence of resources: We scale our applications to account for load placed by all customers.

Analytics

• Service usage metrics: No

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: None

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations:
  • United Kingdom
  • European Economic Area (EEA)
• User control over data storage and processing locations: No
• Datacentre security standards: Supplier-defined controls
• Penetration testing frequency: Less than once a year
• Penetration testing approach: In-house
• Protecting data at rest: Other
• Other data at rest protection approach: We physically secure access to our data centre and backup media.
• Data sanitisation process: Yes
• Data sanitisation type: Explicit overwriting of storage before reallocation
• Equipment disposal approach: In-house destruction process

Data importing and exporting

• Data export approach: Via the API, or we can provide a data extract on request.
• Data export formats:
  • CSV
  • Other
• Other data export formats:
  • JSON via API
  • TSV
• Data import formats: Other
• Other data import formats: N/A

Data-in-transit protection

• Data protection between buyer and supplier networks: TLS (version 1.2 or above)
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

• Guaranteed availability: If the Service is unavailable continuously for 3 (three) days or unavailable for an aggregate of 120 (one hundred and twenty) hours within the Subscription Period the customer may terminate the Service and receive a pro-rata refund for the unused period.
• Approach to resilience: Available on request
• Outage reporting: Email alerts

Identity and authentication

• User authentication needed: Yes
• User authentication: Username or password
• Access restrictions in management interfaces and support channels: User Account Authentication, Multi Factor Authentication, IP ACLs
• Access restriction testing frequency: At least once a year
• Management access authentication:
  • 2-factor authentication
  • Username or password

Audit information for users

• Access to user activity audit information: You control when users can access audit information
• How long user audit data is stored for: At least 12 months
• Access to supplier activity audit information: You control when users can access audit information
• How long supplier audit data is stored for: At least 12 months
• How long system logs are stored for: At least 12 months

Standards and certifications

• ISO/IEC 27001 certification: No
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: No
• Security governance approach: Risk based approach.
• Information security policies and processes: Defined in our internal Policies and Procedures document

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: We have an internal change management process
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: Netcraft is a PCI approved scanning provider, and tests its own infrastructure. Patches are applied as appropriate.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: Netcraft has a Security Incident Detection and Remediation programme.
• Incident management type: Supplier-defined controls
• Incident management approach: We have an internal policy for handing incidents.

Secure development

• Approach to secure software development best practice: Supplier-defined process

Public sector networks

• Connection to public sector networks: No

Pricing

• Price: £18,000 an instance
• Discount for educational organisations: No
• Free trial available: Yes
• Description of free trial: We can offer a trial

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF