The 4Secure SOC Tier 3 service gives you affordable manned SOC coverage 9-5 everyday, with automated alert outside of those hours. This service stills combines powerful security information and event management (SIEM), as well as full log management capabilities but for those organisations looking to work to tight budgets.
- Protective Monitoring and Incident Reporting
- 24/7 UK Based Managed Security Operations Centre (SOC)
- Manned response 9am-5pm 7 days a week
- Real-time Monitoring and Dashboards
- Expert Security Analysts
- Intrusion Detection and Prevention
- SIEM Log Collection and Correlation
- Incident Response
- Cyber Intelligence to combat Advanced Threats
- Cost Effective Scaling of Service
- Real-time Alerts and Behaviour Monitoring
- Expert Security Analyst Response
- Flexible Implementation and Scaling
- Compliance Reporting (GPG 13, Cyber Essentials, ISO27001)
- Easy to Understand Visual Dashboards and Reports
- Intelligence Feeds on the latest Threats
- Affordable Monthly Fee
£10 to £35 per device per month
- Education pricing available
- Free trial available
0800 043 0101
|Software add-on or extension||No|
|Cloud deployment model||Hybrid cloud|
|Service constraints||Any planned maintenance schedules will be scoped to meet the customer needs to minimise disruption of service.|
|Email or online ticketing support||Email or online ticketing|
|Support response times||
Our Protective Monitoring and Incident Response Service has the following ticketing support:
Critical Security compromise.
Response within 30 minutes.
High Risk compromise.
Response within 1.
Moderate compromise or disruption.
Response within 4 hour.
Low compromise or disruption.
Response within 24 hours.
|User can manage status and priority of support tickets||No|
|Phone support availability||24 hours, 7 days a week|
|Web chat support||No|
|Onsite support||Yes, at extra cost|
Standard support is Mon- Fri 0900 – 1730, phone within four hours.
Additional support can be provided for an extra cost, this is variable but designed to meet the customer needs all the way up to instant support 24/7.
|Support available to third parties||Yes|
Onboarding and offboarding
|Getting started||4Secure have extensive experience creating and delivering effective and successful Protective Monitoring and Incident Response Services. Our on-boarding Consultants will confidently engage and collaborate with key stakeholders across the organisation, drawing on years of experience working with, and supporting, everyone from field engineers up to board level security representative in order to successfully understand your security requirements. Our Implementation and Deliver engineers then work with you staff to effortlessly integrate our solution in to your network and where necessary train your staff in use of the tools. These services enable organisations to assess the benefits of more agile processes and adopt Cloud-based solutions effectively and efficiently.|
|End-of-contract data extraction||Users will automatically be offered an achieve of their logs at the end or pre-agreed SLA points in their contract. This will be provided in an open format at least CSV or whatever has been previously agreed with the customer.|
|End-of-contract process||Archive data from logs will be available in CSV format, if pre-agreed or requested other formats can be provided for an additional cost. These option are always discussed with customers at the on-board stage to ensure continuity of service and portability.|
Using the service
|Web browser interface||Yes|
|Application to install||Yes|
|Compatible operating systems||
|Designed for use on mobile devices||No|
|Accessibility standards||WCAG 2.0 A|
|Accessibility testing||This interface has been tested with the standard web browser and main OSes accessibility features.|
|Description of customisation||
Customer portals can be customised with your own branding, layouts and report dashboards.
These customisations can be requested at the beginning or during service delivery.
|Independence of resources||Performance of all instances are monitored around the clock, any resource request which impacts the services will be managed within the hosting environment and within the SLA with the customer- this includes storage, memory, CPU usage and data bandwidth.|
|Service usage metrics||Yes|
|Metrics types||Metrics are available through both customer portal access and via regular reports from 4Secure on overall service performance and quality.|
|Supplier type||Not a reseller|
|Staff security clearance||Other security clearance|
|Government security clearance||Up to Developed Vetting (DV)|
|Knowledge of data storage and processing locations||Yes|
|Data storage and processing locations||
|User control over data storage and processing locations||Yes|
|Datacentre security standards||Complies with a recognised standard (for example CSA CCM version 3.0)|
|Penetration testing frequency||At least every 6 months|
|Penetration testing approach||‘IT Health Check’ performed by a CHECK service provider|
|Protecting data at rest||
|Data sanitisation process||Yes|
|Data sanitisation type||Explicit overwriting of storage before reallocation|
|Equipment disposal approach||Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001|
Data importing and exporting
|Data export approach||
Reports accessed via the customer portal
|Data export formats||
|Data import formats||CSV|
|Data protection between buyer and supplier networks||
|Data protection within supplier network||
Availability and resilience
Terms and Conditions and SLA terms are presented at the quotation phase with the client.
Services meet a 99.98% uptime requirement unless otherwise agreed with the customer.
Failure of 4Secure to deliver the service sold to its customer will result in the issue of service credits.
|Approach to resilience||Resilience is built in to our service to provide the required SLAs, this information is provided and confirmed with all customers on application.|
|Outage reporting||We will report all outages via our website, email alerts and where required telephone.|
Identity and authentication
|User authentication needed||Yes|
|Access restrictions in management interfaces and support channels||Management interfaces are controlled with additional privilege access management and authorised end points or IPs.|
|Access restriction testing frequency||At least every 6 months|
|Management access authentication||
Audit information for users
|Access to user activity audit information||Users have access to real-time audit information|
|How long user audit data is stored for||Between 6 months and 12 months|
|Access to supplier activity audit information||Users receive audit information on a regular basis|
|How long supplier audit data is stored for||At least 12 months|
|How long system logs are stored for||At least 12 months|
Standards and certifications
|ISO/IEC 27001 certification||No|
|ISO 28000:2007 certification||No|
|CSA STAR certification||No|
|Other security certifications||Yes|
|Any other security certifications||
|Named board-level person responsible for service security||Yes|
|Security governance certified||Yes|
|Security governance standards||
|Other security governance standards||IASME Gold Standard|
|Information security policies and processes||We have numerous security policies that make up our full range of Security Compliances. These are detailed in our overall ISMS under the ISO 27001 standard.|
|Configuration and change management standard||Supplier-defined controls|
|Configuration and change management approach||Configuration and Change Management is handled via our ISO27001 ISMS processes. All changes are managed and assessed for security impact.|
|Vulnerability management type||Supplier-defined controls|
|Vulnerability management approach||Our service is fully patched, monitored and maintained for vulnerabilities. Further details can be found on application.|
|Protective monitoring type||Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402|
|Protective monitoring approach||Available on application.|
|Incident management type||Supplier-defined controls|
|Incident management approach||Our incident management processes follow both industry and NCSC best practice guidance. Further details on application.|
|Approach to secure software development best practice||Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)|
Public sector networks
|Connection to public sector networks||No|
|Price||£10 to £35 per device per month|
|Discount for educational organisations||Yes|
|Free trial available||Yes|
|Description of free trial||A free trial period of 30 days and on a limited number of devices can be requested.|
|Pricing document||View uploaded document|
|Skills Framework for the Information Age rate card||View uploaded document|
|Service definition document||View uploaded document|
|Terms and conditions document||View uploaded document|