Logically Secure Ltd

CyberCPR - Cyber Incident Management Platform

This is a GDPR compliant Cyber Incident Management Platform that will allow Incident Responders to meet their needs of secure communication, evidence storage, memory/log analysis, and task coordination when working in compromised networks on incident response investigations.

Features

  • Analysis of uploaded Windows memory images and log files.
  • Multi-client container access for operational and training facilities.
  • Executive statistics module, provides customised reports for managers.
  • Evidence/information securely uploaded, encrypted and immutably stored.
  • Separated from corporate network with out-of-band, secure communication.
  • Enforces need-to-know permission protocols for responders.
  • Evidence upload and support for analyst investigation.
  • Supports virtual collaboration between geographically disparate specialists.
  • Incorporates responder tasking and workflow control functions.
  • Can support containerised cyber and non-cyber investigations

Benefits

  • Faster analysis and auto-recording of evidence in app.
  • Improves incident response times by speeding coordination and communication.
  • Support different operational units though case containerisation
  • Recorded incident pathway - supports incident replay & learning.
  • Executive statistics saves time and improves visibility to support governance.
  • Mitigates duplication of effort and unnecessary briefings by centralising information.
  • Permissioning structure supports confidentiality and non-disclosure to unauthorised third parties.
  • Can be implemented and effective in very short time-frame.
  • Workflow supports compliance with corporate policy controls and processes.
  • Intrinsic messaging unaffected by possible email security breach.

Pricing

£850 to £2500 per user per year

Service documents

G-Cloud 11

356713670514644

Logically Secure Ltd

Peter Lombardelli

+44(0)1242 220040

gcloud@logicallysecure.com

Service scope

Service scope
Software add-on or extension Yes, but can also be used as a standalone service
What software services is the service an extension to Interacts with web based Cyber search applications and knowledgebases, and emails services by enabling alerts to responders.
Cloud deployment model Private cloud
Service constraints Supports Chrome and Firefox browsers only. Internet Explorer and Safari are known to have issues with in browser notifications.
System requirements Google Chrome Browser

User support

User support
Email or online ticketing support Email or online ticketing
Support response times Standard Service Includes: Weekday Support (UK Office hours 09.00-17.30hrs)
Priority 1 (Service and data processing seriously impaired) 4 hour response
Priority 2 (Service impaired but processing possible) 8 Hour response

Out of hours support is available but subject to additional charge.
User can manage status and priority of support tickets Yes
Online ticketing support accessibility None or don’t know
Phone support Yes
Phone support availability 24 hours, 7 days a week
Web chat support No
Onsite support Yes, at extra cost
Support levels The standard installation support levels are as follows and are inclusive in the license costs;
Onboarding support, Accounting support, Help desk and Technical support, Remote Training of Licensees, Service and Technical Account Management, Cloud Support Engineer.

Non standard (bespoke) installations or implementations may be subject to additional support costs charged at £80 per hour (remote support).
On site attendance for training is provided by arrangement and at additional cost of £1250.00 per day.
Support available to third parties Yes

Onboarding and offboarding

Onboarding and offboarding
Getting started Service Manager is assigned to customer.
Initial webex and phone help-desk support provided where appropriate (no extra charge).
Dedicated, online training is provided - 2x 1 hour sessions is sufficient and provided free of charge (included in system cost).
Customer is sent system administration credentials – which are subsequently reset by the administrator.
Customer sets internal permissions and passwords for users.
Support website credentials are issued.
Full user documentation is available from the support website portal.
Customer QA check is undertaken one month after implementation.
Service documentation Yes
Documentation formats PDF
End-of-contract data extraction A read only copy of the software is made available for web or local installation.
Individual incident components can be downloaded - these include evidence, and notes.
A report generator can produce selected information in comma delimited, excel or pdf format.
Other data extraction services are chargeable.
End-of-contract process Software read only version for onsite installation - free of charge
Report generator download - free of charge
Advice and guidance - free of charge
Post end of contract - ongoing web hosting fees are chargeable

Using the service

Using the service
Web browser interface Yes
Supported browsers
  • Firefox
  • Chrome
Application to install No
Designed for use on mobile devices Yes
Differences between the mobile and desktop service None - Access from mobile devices is via a browser
Service interface No
API No
Customisation available Yes
Description of customisation Users can customize:
Access to separate Client areas by different investigators/departments
Permissioned access to incident information
Read/write/edit permissioning access to detailed components
Incident, asset, and entity types
Process stage descriptions
Workflow components
Management report content

Scaling

Scaling
Independence of resources 1.Following a needs analysis we specify the resource requirements necessary for the anticipated capacity required. The software is not CPU intensive and suitable initial specification will mitigate performance issues.
2.Regular monitoring via a dashboard, visible to the administration level user will report; CPU Usage, Disk Storage Usage and Memory Usage This will alert to possible service degredation and allow us to take remedial action.
3.Following analysis of the network traffic and review of storage and cpu resources, we can upgrade central resources, including the allocation of dedicated CPU resources, as required to ensure consistency of service.

Analytics

Analytics
Service usage metrics Yes
Metrics types Infrastructure

• Memory usage %
• CPU usage %
• Disk usage %
Reporting types Real-time dashboards

Resellers

Resellers
Supplier type Not a reseller

Staff security

Staff security
Staff security clearance Conforms to BS7858:2012
Government security clearance Up to Developed Vetting (DV)

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations United Kingdom
User control over data storage and processing locations Yes
Datacentre security standards Supplier-defined controls
Penetration testing frequency At least once a year
Penetration testing approach Another external penetration testing organisation
Protecting data at rest
  • Physical access control, complying with another standard
  • Scale, obfuscating techniques, or data storage sharding
Data sanitisation process Yes
Data sanitisation type Deleted data can’t be directly accessed
Equipment disposal approach Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data importing and exporting
Data export approach Via file download of specific items e.g copies of specific evidence and notes etc.
Via report generator in excel, pdf, or CSV format.e.g. general incident details.
Data export formats
  • CSV
  • Other
Other data export formats
  • Excel
  • Pdf
Data import formats
  • CSV
  • ODF
  • Other
Other data import formats
  • Doc, docx
  • Ppt, pptx
  • Xls, xlsx
  • Pdf
  • Txt
  • Tiff
  • Png
  • Jpg
  • Zip

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks TLS (version 1.2 or above)
Data protection within supplier network TLS (version 1.2 or above)

Availability and resilience

Availability and resilience
Guaranteed availability 98% uptime is guaranteed.
Approach to resilience The cloud service is hosted in a Virtual Machine that is on RAID5 HDDs. The service is monitored for health, performance and capacity. On a monthly basis the installations are checked manually for growth requirements.
We take daily incremental backups of client encrypted data and regular weekly backups of data so in the event of something going wrong we can roll back to. Finally, if required we have both developers and forensics staff that can recover data and reconstruct databases for clients.
If installed in our datacenter there is dual internal networking routes and the datacenter has dual Internet connections to different ISPs.
Outage reporting Email alerts.

Identity and authentication

Identity and authentication
User authentication needed Yes
User authentication
  • 2-factor authentication
  • Username or password
Access restrictions in management interfaces and support channels The administration interface is on a non standard TCP port that is not provided to users.
Access restriction testing frequency At least once a year
Management access authentication
  • 2-factor authentication
  • Username or password

Audit information for users

Audit information for users
Access to user activity audit information Users have access to real-time audit information
How long user audit data is stored for At least 12 months
Access to supplier activity audit information Users have access to real-time audit information
How long supplier audit data is stored for User-defined
How long system logs are stored for At least 12 months

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification No
ISO 28000:2007 certification No
CSA STAR certification No
PCI certification No
Other security certifications No

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance certified Yes
Security governance standards Other
Other security governance standards We apply security standard in accordance with our ISO 9001 accreditation and align HMG IA policy and also with the practice standards set by the SANS Institute.
Information security policies and processes We have our own information security policies that have been aligned with HMG IA policy. We are ISO9001 certified and this results in ongoing reviews of both policies and procedures. We have commenced the Cyber Essentials which will demonstrate the suitability of the procedures.
The security controls are monitored by our List-X security controller and they conduct spot checks of our processes and practices on a regular basis (as audited by the ISO9001 process). Any observations are raised at the regular meetings and urgent issues are raised with the Technical Security Director immediately and a plan of action devised and suitable steps taken.

Operational security

Operational security
Configuration and change management standard Supplier-defined controls
Configuration and change management approach Software is subject to version control processes which is peer reviewed and subject to unit testing, staging platform testing, and user acceptance testing before being deployed to customers.
Vulnerability management type Supplier-defined controls
Vulnerability management approach We promote the software at UK events and encourage users to test it, offering a bounty.
We run internal penetration testing activities on software before deploying it to production. When issues are raised by any tester, user or customer, we get details, replicate the issue and release a fix. Routine fixes have been released within 5 days and urgent fixes in under 48 hours. We pride ourselves in deploying fixes quickly to all problems including interface glitches for non-supported browsers.
We have both Threat Intel feeds and are members of CISP.
Protective monitoring type Supplier-defined controls
Protective monitoring approach The system generates logs for all user activity from logging on and every activity (this can be set for every page load).
The system automatically generates log events for any malformed or unexpected data uploaded to any field or form.

We monitor the alerts from the traffic going to the system and if any flags against known, standard or advanced webserver/database attacks we will initiate an investigation. The speed of the investigation is relative to the nature and frequency of the alert and the current threat level.
Incident management type Supplier-defined controls
Incident management approach We have a series of responses that are invoked when certain events are triggered.
Users report incidents to the helpdesk by phone, email or via another CPR Instance were we can discuss the problem they are witnessing.
We provide feedback and reports on the investigation via our own CyberCPR instance which (like the product) is realtime and secure.

Secure development

Secure development
Approach to secure software development best practice Conforms to a recognised standard, but self-assessed

Public sector networks

Public sector networks
Connection to public sector networks No

Pricing

Pricing
Price £850 to £2500 per user per year
Discount for educational organisations Yes
Free trial available Yes
Description of free trial A free trial of up to 30 days is offered.
This includes setup, initial training and licensing and operating costs for up to 10 users.
Link to free trial https://www.cybercpr.com/getting-cpr/get-cpr-community/

Service documents

pdf document: Pricing document pdf document: Terms and conditions
Service documents
Return to top ↑