CyberCPR - Cyber Incident Management Platform
This is a GDPR compliant Cyber Incident Management Platform that will allow Incident Responders to meet their needs of secure communication, evidence storage, memory/log analysis, and task coordination when working in compromised networks on incident response investigations.
- Analysis of uploaded Windows memory images and log files.
- Multi-client container access for operational and training facilities.
- Executive statistics module, provides customised reports for managers.
- Evidence/information securely uploaded, encrypted and immutably stored.
- Separated from corporate network with out-of-band, secure communication.
- Enforces need-to-know permission protocols for responders.
- Evidence upload and support for analyst investigation.
- Supports virtual collaboration between geographically disparate specialists.
- Incorporates responder tasking and workflow control functions.
- Can support containerised cyber and non-cyber investigations
- Faster analysis and auto-recording of evidence in app.
- Improves incident response times by speeding coordination and communication.
- Support different operational units though case containerisation
- Recorded incident pathway - supports incident replay & learning.
- Executive statistics saves time and improves visibility to support governance.
- Mitigates duplication of effort and unnecessary briefings by centralising information.
- Permissioning structure supports confidentiality and non-disclosure to unauthorised third parties.
- Can be implemented and effective in very short time-frame.
- Workflow supports compliance with corporate policy controls and processes.
- Intrinsic messaging unaffected by possible email security breach.
£850 to £2500 per user per year
- Education pricing available
Logically Secure Ltd
|Software add-on or extension||Yes, but can also be used as a standalone service|
|What software services is the service an extension to||Interacts with web based Cyber search applications and knowledgebases, and emails services by enabling alerts to responders.|
|Cloud deployment model||Private cloud|
|Service constraints||Supports Chrome and Firefox browsers only. Internet Explorer and Safari are known to have issues with in browser notifications.|
|System requirements||Google Chrome Browser|
|Email or online ticketing support||Email or online ticketing|
|Support response times||
Standard Service Includes: Weekday Support (UK Office hours 09.00-17.30hrs)
Priority 1 (Service and data processing seriously impaired) 4 hour response
Priority 2 (Service impaired but processing possible) 8 Hour response
Out of hours support is available but subject to additional charge.
|User can manage status and priority of support tickets||Yes|
|Online ticketing support accessibility||None or don’t know|
|Phone support availability||24 hours, 7 days a week|
|Web chat support||No|
|Onsite support||Yes, at extra cost|
The standard installation support levels are as follows and are inclusive in the license costs;
Onboarding support, Accounting support, Help desk and Technical support, Remote Training of Licensees, Service and Technical Account Management, Cloud Support Engineer.
Non standard (bespoke) installations or implementations may be subject to additional support costs charged at £80 per hour (remote support).
On site attendance for training is provided by arrangement and at additional cost of £1250.00 per day.
|Support available to third parties||Yes|
Onboarding and offboarding
Service Manager is assigned to customer.
Initial webex and phone help-desk support provided where appropriate (no extra charge).
Dedicated, online training is provided - 2x 1 hour sessions is sufficient and provided free of charge (included in system cost).
Customer is sent system administration credentials – which are subsequently reset by the administrator.
Customer sets internal permissions and passwords for users.
Support website credentials are issued.
Full user documentation is available from the support website portal.
Customer QA check is undertaken one month after implementation.
|End-of-contract data extraction||
A read only copy of the software is made available for web or local installation.
Individual incident components can be downloaded - these include evidence, and notes.
A report generator can produce selected information in comma delimited, excel or pdf format.
Other data extraction services are chargeable.
Software read only version for onsite installation - free of charge
Report generator download - free of charge
Advice and guidance - free of charge
Post end of contract - ongoing web hosting fees are chargeable
Using the service
|Web browser interface||Yes|
|Application to install||No|
|Designed for use on mobile devices||Yes|
|Differences between the mobile and desktop service||None - Access from mobile devices is via a browser|
|Description of customisation||
Users can customize:
Access to separate Client areas by different investigators/departments
Permissioned access to incident information
Read/write/edit permissioning access to detailed components
Incident, asset, and entity types
Process stage descriptions
Management report content
|Independence of resources||
1.Following a needs analysis we specify the resource requirements necessary for the anticipated capacity required. The software is not CPU intensive and suitable initial specification will mitigate performance issues.
2.Regular monitoring via a dashboard, visible to the administration level user will report; CPU Usage, Disk Storage Usage and Memory Usage This will alert to possible service degredation and allow us to take remedial action.
3.Following analysis of the network traffic and review of storage and cpu resources, we can upgrade central resources, including the allocation of dedicated CPU resources, as required to ensure consistency of service.
|Service usage metrics||Yes|
• Memory usage %
• CPU usage %
• Disk usage %
|Reporting types||Real-time dashboards|
|Supplier type||Not a reseller|
|Staff security clearance||Conforms to BS7858:2012|
|Government security clearance||Up to Developed Vetting (DV)|
|Knowledge of data storage and processing locations||Yes|
|Data storage and processing locations||United Kingdom|
|User control over data storage and processing locations||Yes|
|Datacentre security standards||Supplier-defined controls|
|Penetration testing frequency||At least once a year|
|Penetration testing approach||Another external penetration testing organisation|
|Protecting data at rest||
|Data sanitisation process||Yes|
|Data sanitisation type||Deleted data can’t be directly accessed|
|Equipment disposal approach||Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001|
Data importing and exporting
|Data export approach||
Via file download of specific items e.g copies of specific evidence and notes etc.
Via report generator in excel, pdf, or CSV format.e.g. general incident details.
|Data export formats||
|Other data export formats||
|Data import formats||
|Other data import formats||
|Data protection between buyer and supplier networks||TLS (version 1.2 or above)|
|Data protection within supplier network||TLS (version 1.2 or above)|
Availability and resilience
|Guaranteed availability||98% uptime is guaranteed.|
|Approach to resilience||
The cloud service is hosted in a Virtual Machine that is on RAID5 HDDs. The service is monitored for health, performance and capacity. On a monthly basis the installations are checked manually for growth requirements.
We take daily incremental backups of client encrypted data and regular weekly backups of data so in the event of something going wrong we can roll back to. Finally, if required we have both developers and forensics staff that can recover data and reconstruct databases for clients.
If installed in our datacenter there is dual internal networking routes and the datacenter has dual Internet connections to different ISPs.
|Outage reporting||Email alerts.|
Identity and authentication
|User authentication needed||Yes|
|Access restrictions in management interfaces and support channels||The administration interface is on a non standard TCP port that is not provided to users.|
|Access restriction testing frequency||At least once a year|
|Management access authentication||
Audit information for users
|Access to user activity audit information||Users have access to real-time audit information|
|How long user audit data is stored for||At least 12 months|
|Access to supplier activity audit information||Users have access to real-time audit information|
|How long supplier audit data is stored for||User-defined|
|How long system logs are stored for||At least 12 months|
Standards and certifications
|ISO/IEC 27001 certification||No|
|ISO 28000:2007 certification||No|
|CSA STAR certification||No|
|Other security certifications||No|
|Named board-level person responsible for service security||Yes|
|Security governance certified||Yes|
|Security governance standards||Other|
|Other security governance standards||We apply security standard in accordance with our ISO 9001 accreditation and align HMG IA policy and also with the practice standards set by the SANS Institute.|
|Information security policies and processes||
We have our own information security policies that have been aligned with HMG IA policy. We are ISO9001 certified and this results in ongoing reviews of both policies and procedures. We have commenced the Cyber Essentials which will demonstrate the suitability of the procedures.
The security controls are monitored by our List-X security controller and they conduct spot checks of our processes and practices on a regular basis (as audited by the ISO9001 process). Any observations are raised at the regular meetings and urgent issues are raised with the Technical Security Director immediately and a plan of action devised and suitable steps taken.
|Configuration and change management standard||Supplier-defined controls|
|Configuration and change management approach||Software is subject to version control processes which is peer reviewed and subject to unit testing, staging platform testing, and user acceptance testing before being deployed to customers.|
|Vulnerability management type||Supplier-defined controls|
|Vulnerability management approach||
We promote the software at UK events and encourage users to test it, offering a bounty.
We run internal penetration testing activities on software before deploying it to production. When issues are raised by any tester, user or customer, we get details, replicate the issue and release a fix. Routine fixes have been released within 5 days and urgent fixes in under 48 hours. We pride ourselves in deploying fixes quickly to all problems including interface glitches for non-supported browsers.
We have both Threat Intel feeds and are members of CISP.
|Protective monitoring type||Supplier-defined controls|
|Protective monitoring approach||
The system generates logs for all user activity from logging on and every activity (this can be set for every page load).
The system automatically generates log events for any malformed or unexpected data uploaded to any field or form.
We monitor the alerts from the traffic going to the system and if any flags against known, standard or advanced webserver/database attacks we will initiate an investigation. The speed of the investigation is relative to the nature and frequency of the alert and the current threat level.
|Incident management type||Supplier-defined controls|
|Incident management approach||
We have a series of responses that are invoked when certain events are triggered.
Users report incidents to the helpdesk by phone, email or via another CPR Instance were we can discuss the problem they are witnessing.
We provide feedback and reports on the investigation via our own CyberCPR instance which (like the product) is realtime and secure.
|Approach to secure software development best practice||Conforms to a recognised standard, but self-assessed|
Public sector networks
|Connection to public sector networks||No|
|Price||£850 to £2500 per user per year|
|Discount for educational organisations||Yes|
|Free trial available||Yes|
|Description of free trial||
A free trial of up to 30 days is offered.
This includes setup, initial training and licensing and operating costs for up to 10 users.
|Link to free trial||https://www.cybercpr.com/getting-cpr/get-cpr-community/|