Skurio Limited

Skurio Digital Risk Protection

The Skurio Digital Risk Protection platform promotes a data-centric approach to cybersecurity. BreachAlert monitors the surface, deep and Dark Web for lost or stolen data 24x7 giving instant alerts. Cyber Threat Intelligence extends data sources to social channels and specialist forums to discover threats that are specific to your organisation.

Features

  • Digital risk protection platform with data breach detection
  • Automated open, deep and Dark Web monitoring with instant alerts
  • Search for credentials, infrastructure details, keywords and more
  • Historical free-text search of extensive Dark Web database
  • Monitor for cyber-threats specific to your organisation
  • Create and monitor synthetic identities to watermark your data
  • Direct in-app analyst advice and takedown requests available
  • Additional threat intelligence analyst services available
  • Export incident details to external systems through downloads or API
  • Highly secure, easy to use and quick to set up

Benefits

  • Act faster with real-time data breach and cyber threat detection
  • Start fast with Cloud hosted SaaS; no specialist skills required
  • Safe searching eliminates risks from staff directly accessing Dark Web
  • Continuous monitoring for GDPR compliance and reputation management
  • Understand digital risk better and efficiently handle incidents
  • Protect data across your supply chain with digital watermarking
  • Improves security operations efficiency with tailored threat intelligence
  • Automate data breach response with APIs and application connectors
  • Boosts efficiency and effectiveness of your security team
  • Makes Dark Web research quick, easy and safe

Pricing

£2,000 to £8,000 a licence a month

  • Education pricing available
  • Free trial available

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at sales@skurio.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 12

Service ID

2 5 0 6 4 7 3 7 3 5 2 0 3 5 7

Contact

Skurio Limited Jeremy Hendy
Telephone: +44 28 9082 6226
Email: sales@skurio.com

Service scope

Software add-on or extension
No
Cloud deployment model
Public cloud
Service constraints
Bi-weekly planned maintenance arrangements with minimal disruption to service
System requirements
  • Supported Internet Browser - Chrome, Firefox, Edge, Safari
  • Or not officially supported browser - IE11
  • Internet access

User support

Email or online ticketing support
Email or online ticketing
Support response times
Responses are within 1 business day
User can manage status and priority of support tickets
No
Phone support
Yes
Phone support availability
9 to 5 (UK time), Monday to Friday
Web chat support
No
Onsite support
Yes, at extra cost
Support levels
Skurio can provide extra support through a tailored service package. Cost is depending on customers requirements.
Support available to third parties
Yes

Onboarding and offboarding

Getting started
Users can have onsite training or online training and refer to the online user documentation.
Service documentation
Yes
Documentation formats
  • HTML
  • PDF
End-of-contract data extraction
Alert results can be downloaded as CSV files or transferred via API.
End-of-contract process
All user data and search results are deleted 30 days after termination of the contract.

Using the service

Web browser interface
Yes
Supported browsers
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
  • Opera
Application to install
No
Designed for use on mobile devices
Yes
Differences between the mobile and desktop service
The Skurio Digital Risk Protection platform is responsive, and allows all operations to be carried out using mobile or tablet devices.
Service interface
No
API
Yes
What users can and can't do using the API
Skurio offers a comprehensive set of REST APIs to provide information to authorised applications. This includes accessing an index of data breaches and types, historical breach footprint results and notifications of new breaches. Skurio has a self-service API portal which includes full API documentation. API accessed is secured via two independent API keys.
API documentation
Yes
API documentation formats
  • Open API (also known as Swagger)
  • HTML
API sandbox or test environment
Yes
Customisation available
No

Scaling

Independence of resources
Key elements of our service are implemented using serverless, autoscaling cloud technology which adapts to the required load. Skurio continuously monitors the performance of software products and allocates additional processing power when required.

Analytics

Service usage metrics
Yes
Metrics types
Users can see their usage within Skurio platform. A comprehensive dashboard provides key metrics for monitoring services. In addition, ad-hoc information can be requested via the account manager. Customers subscribing to Analyst Services receive defined, regular reports.
Reporting types
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

Supplier type
Not a reseller

Staff security

Staff security clearance
Staff screening not performed
Government security clearance
Up to Security Clearance (SC)

Asset protection

Knowledge of data storage and processing locations
Yes
Data storage and processing locations
  • United Kingdom
  • European Economic Area (EEA)
User control over data storage and processing locations
No
Datacentre security standards
Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency
At least every 6 months
Penetration testing approach
Another external penetration testing organisation
Protecting data at rest
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Encryption of all physical media
  • Other
Other data at rest protection approach
Stored customer search terms are encrypted within our database (in addition to encryption of the physical media).
Data sanitisation process
No
Equipment disposal approach
A third-party destruction service

Data importing and exporting

Data export approach
Users can export via CSV within the user interface.
Customers subscribing to the Enterprise package can access results via secure API transfer.
Data export formats
  • CSV
  • Other
Other data export formats
API
Data import formats
CSV

Data-in-transit protection

Data protection between buyer and supplier networks
TLS (version 1.2 or above)
Data protection within supplier network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

Guaranteed availability
Please refer to the terms and conditions.
Approach to resilience
Available on request
Outage reporting
Email Alerting via Statuspage

Identity and authentication

User authentication needed
Yes
User authentication
  • 2-factor authentication
  • Username or password
Access restrictions in management interfaces and support channels
User permission is required to access account details.
Access restriction testing frequency
At least every 6 months
Management access authentication
  • 2-factor authentication
  • Username or password

Audit information for users

Access to user activity audit information
Users contact the support team to get audit information
How long user audit data is stored for
Between 6 months and 12 months
Access to supplier activity audit information
Users contact the support team to get audit information
How long supplier audit data is stored for
Between 6 months and 12 months
How long system logs are stored for
At least 12 months

Standards and certifications

ISO/IEC 27001 certification
Yes
Who accredited the ISO/IEC 27001
SGS United Kingdom
ISO/IEC 27001 accreditation date
15/09/2017. Major compliance audit completed July 2020, awaiting certificate
What the ISO/IEC 27001 doesn’t cover
Details of what is not covered by ISO27001 is available on request.
ISO 28000:2007 certification
No
CSA STAR certification
No
PCI certification
No
Other security certifications
Yes
Any other security certifications
Cyber Essentials Certification

Security governance

Named board-level person responsible for service security
Yes
Security governance certified
Yes
Security governance standards
ISO/IEC 27001
Information security policies and processes
ISO27001 accredited. More details available on request.

Operational security

Configuration and change management standard
Supplier-defined controls
Configuration and change management approach
All source code and documentation are version controlled. Changes are tracked using an online issue tracking system.
Vulnerability management type
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Vulnerability management approach
Comprehensive penetration testing is performed by an external company. When an urgent issue arises a hot fix patch is deployed. Scheduled maintenance is carried out bi-weekly.
Protective monitoring type
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Protective monitoring approach
The Skurio platform is continuously protected by a Web Application Firewall.
Comprehensive penetration testing is performed by an external company. When an urgent issue arises a hotfix patch is deployed in a timely manner. Scheduled maintenance is carried out bi-weekly.
An On-call team provides out of hours monitoring for any security incidents.
Incident management type
Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
Incident management approach
There are incident management procedures in Skurio's ISO27001 ISMS framework.

Secure development

Approach to secure software development best practice
Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

Connection to public sector networks
No

Pricing

Price
£2,000 to £8,000 a licence a month
Discount for educational organisations
Yes
Free trial available
Yes
Description of free trial
A 1-week trial account is available on request.

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at sales@skurio.com. Tell them what format you need. It will help if you say what assistive technology you use.