4Secure

4Secure SOC Tier 3

The 4Secure SOC Tier 3 service gives you affordable manned SOC coverage 9-5 everyday, with automated alert outside of those hours. This service stills combines powerful security information and event management (SIEM), as well as full log management capabilities but for those organisations looking to work to tight budgets.

Features

  • Protective Monitoring and Incident Reporting
  • 24/7 UK Based Managed Security Operations Centre (SOC)
  • Manned response 9am-5pm 7 days a week
  • Real-time Monitoring and Dashboards
  • Expert Security Analysts
  • Intrusion Detection and Prevention
  • SIEM Log Collection and Correlation
  • Incident Response
  • Cyber Intelligence to combat Advanced Threats

Benefits

  • Cost Effective Scaling of Service
  • Real-time Alerts and Behaviour Monitoring
  • Expert Security Analyst Response
  • Flexible Implementation and Scaling
  • Compliance Reporting (GPG 13, Cyber Essentials, ISO27001)
  • Easy to Understand Visual Dashboards and Reports
  • Intelligence Feeds on the latest Threats
  • Affordable Monthly Fee

Pricing

£10 to £35 per device per month

  • Education pricing available
  • Free trial available

Service documents

G-Cloud 10

382072586446933

4Secure

enquiries

0800 043 0101

enquiries@4-secure.com

Service scope

Service scope
Software add-on or extension No
Cloud deployment model Hybrid cloud
Service constraints Any planned maintenance schedules will be scoped to meet the customer needs to minimise disruption of service.
System requirements
  • ESXi/ other Hypervisor
  • AWS EC2
  • Asure
  • Linux
  • 4-core CPU
  • 12GB RAM
  • 50GB System Space

User support

User support
Email or online ticketing support Email or online ticketing
Support response times Our Protective Monitoring and Incident Response Service has the following ticketing support:

S1
Critical Security compromise.
Response within 30 minutes.

S2
High Risk compromise.
Response within 1.

S3
Moderate compromise or disruption.
Response within 4 hour.

S4
Low compromise or disruption.
Response within 24 hours.
User can manage status and priority of support tickets No
Phone support Yes
Phone support availability 24 hours, 7 days a week
Web chat support No
Onsite support Yes, at extra cost
Support levels Standard support is Mon- Fri 0900 – 1730, phone within four hours.

Additional support can be provided for an extra cost, this is variable but designed to meet the customer needs all the way up to instant support 24/7.
Support available to third parties Yes

Onboarding and offboarding

Onboarding and offboarding
Getting started 4Secure have extensive experience creating and delivering effective and successful Protective Monitoring and Incident Response Services. Our on-boarding Consultants will confidently engage and collaborate with key stakeholders across the organisation, drawing on years of experience working with, and supporting, everyone from field engineers up to board level security representative in order to successfully understand your security requirements. Our Implementation and Deliver engineers then work with you staff to effortlessly integrate our solution in to your network and where necessary train your staff in use of the tools. These services enable organisations to assess the benefits of more agile processes and adopt Cloud-based solutions effectively and efficiently.
Service documentation Yes
Documentation formats
  • HTML
  • ODF
End-of-contract data extraction Users will automatically be offered an achieve of their logs at the end or pre-agreed SLA points in their contract. This will be provided in an open format at least CSV or whatever has been previously agreed with the customer.
End-of-contract process Archive data from logs will be available in CSV format, if pre-agreed or requested other formats can be provided for an additional cost. These option are always discussed with customers at the on-board stage to ensure continuity of service and portability.

Using the service

Using the service
Web browser interface Yes
Supported browsers
  • Internet Explorer 10
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
  • Opera
Application to install Yes
Compatible operating systems
  • Linux or Unix
  • MacOS
  • Windows
  • Other
Designed for use on mobile devices No
Accessibility standards WCAG 2.0 A
Accessibility testing This interface has been tested with the standard web browser and main OSes accessibility features.
API No
Customisation available Yes
Description of customisation Customer portals can be customised with your own branding, layouts and report dashboards.

These customisations can be requested at the beginning or during service delivery.

Scaling

Scaling
Independence of resources Performance of all instances are monitored around the clock, any resource request which impacts the services will be managed within the hosting environment and within the SLA with the customer- this includes storage, memory, CPU usage and data bandwidth.

Analytics

Analytics
Service usage metrics Yes
Metrics types Metrics are available through both customer portal access and via regular reports from 4Secure on overall service performance and quality.
Reporting types
  • Regular reports
  • Reports on request

Resellers

Resellers
Supplier type Not a reseller

Staff security

Staff security
Staff security clearance Other security clearance
Government security clearance Up to Developed Vetting (DV)

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations
  • United Kingdom
  • European Economic Area (EEA)
User control over data storage and processing locations Yes
Datacentre security standards Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency At least every 6 months
Penetration testing approach ‘IT Health Check’ performed by a CHECK service provider
Protecting data at rest
  • Physical access control, complying with CSA CCM v3.0
  • Physical access control, complying with another standard
Data sanitisation process Yes
Data sanitisation type Explicit overwriting of storage before reallocation
Equipment disposal approach Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data importing and exporting
Data export approach Reports accessed via the customer portal
CSV
Data export formats
  • CSV
  • ODF
Data import formats CSV

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks
  • Private network or public sector network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
Data protection within supplier network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

Availability and resilience
Guaranteed availability Terms and Conditions and SLA terms are presented at the quotation phase with the client.

Services meet a 99.98% uptime requirement unless otherwise agreed with the customer.

Failure of 4Secure to deliver the service sold to its customer will result in the issue of service credits.
Approach to resilience Resilience is built in to our service to provide the required SLAs, this information is provided and confirmed with all customers on application.
Outage reporting We will report all outages via our website, email alerts and where required telephone.

Identity and authentication

Identity and authentication
User authentication needed Yes
User authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Dedicated link (for example VPN)
  • Username or password
Access restrictions in management interfaces and support channels Management interfaces are controlled with additional privilege access management and authorised end points or IPs.
Access restriction testing frequency At least every 6 months
Management access authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Dedicated link (for example VPN)
  • Username or password

Audit information for users

Audit information for users
Access to user activity audit information Users have access to real-time audit information
How long user audit data is stored for Between 6 months and 12 months
Access to supplier activity audit information Users receive audit information on a regular basis
How long supplier audit data is stored for At least 12 months
How long system logs are stored for At least 12 months

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification No
ISO 28000:2007 certification No
CSA STAR certification No
PCI certification No
Other security certifications Yes
Any other security certifications
  • Cyber Essential Plus
  • IASME Gold (for Corporate Environment)

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance certified Yes
Security governance standards
  • CSA CCM version 3.0
  • ISO/IEC 27001
  • Other
Other security governance standards IASME Gold Standard
Information security policies and processes We have numerous security policies that make up our full range of Security Compliances. These are detailed in our overall ISMS under the ISO 27001 standard.

Operational security

Operational security
Configuration and change management standard Supplier-defined controls
Configuration and change management approach Configuration and Change Management is handled via our ISO27001 ISMS processes. All changes are managed and assessed for security impact.
Vulnerability management type Supplier-defined controls
Vulnerability management approach Our service is fully patched, monitored and maintained for vulnerabilities. Further details can be found on application.
Protective monitoring type Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Protective monitoring approach Available on application.
Incident management type Supplier-defined controls
Incident management approach Our incident management processes follow both industry and NCSC best practice guidance. Further details on application.

Secure development

Secure development
Approach to secure software development best practice Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

Public sector networks
Connection to public sector networks No

Pricing

Pricing
Price £10 to £35 per device per month
Discount for educational organisations Yes
Free trial available Yes
Description of free trial A free trial period of 30 days and on a limited number of devices can be requested.

Documents

Documents
Pricing document View uploaded document
Skills Framework for the Information Age rate card View uploaded document
Service definition document View uploaded document
Terms and conditions document View uploaded document
Return to top ↑