PRIMENET LIMITED

beSECURE Cloud Vulnerability Assessment and Management Solution

beSECURE is a flexible, accurate, cloud based Vulnerability Assessment and Management solution that delivers solid security improvements. It offers realtime threat assessment in any variant form of cloud deployment. Designed to get you the most accurate and fastest possible improvement in network security.

Features

  • Continually scan for network and application vulnerabilities
  • Daily updates and specialised testing methodologies.
  • Designed to catch 99.99% of detectable vulnerabilities
  • Data driven, flexible reporting options to empower remediation teams
  • *Bug bounty program* for any discovered proven false positives!
  • Complete organisational control
  • Designed with simplicity and flexibility in mind
  • Primenet engineers configure and monitor the service 24x7
  • Security behavioral analysis tool

Benefits

  • From boot up to scanning takes less than 5 minutes
  • Flexible deployment models: cloud based, Hybrid Cloud options
  • Accurate scanning with near zero false positives save you time
  • Automatic daily vulnerability database updates
  • Pay only for active IP’s
  • No hidden “modules”
  • With full capabilities authenticated scans patch detection and more
  • Realtime Penetration testing with out the need for Security consultants
  • Take back control of your Cloud Security.
  • Fixed monthly billing

Pricing

£7.50 to £9.99 a device

  • Education pricing available

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at tony@primenetuk.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 12

Service ID

4 1 1 2 5 4 4 8 3 2 8 2 2 7 6

Contact

PRIMENET LIMITED Tony Smith
Telephone: 07951 290632
Email: tony@primenetuk.com

Service scope

Software add-on or extension
No
Cloud deployment model
  • Public cloud
  • Private cloud
  • Community cloud
  • Hybrid cloud
Service constraints
BeSECURE requires an Open IP address to function.
System requirements
  • Static IP address
  • Dynamic IP address
  • Any virtualisation platform i.e. VMware

User support

Email or online ticketing support
Email or online ticketing
Support response times
Typically within the hour depending on the type of severity
User can manage status and priority of support tickets
Yes
Online ticketing support accessibility
None or don’t know
Phone support
Yes
Phone support availability
24 hours, 7 days a week
Web chat support
Web chat
Web chat support availability
24 hours, 7 days a week
Web chat support accessibility standard
None or don’t know
How the web chat support is accessible
You access our propitiatory support portal with pre approved credentials and engage with one of our engineers online.
Web chat accessibility testing
None as yet
Onsite support
Yes, at extra cost
Support levels
Please refer to the Service Level Agreement Document at the bottom of this listing. You will also be given a technical account manager as point of contact on 9x5 basis for any general inquiries.
Support available to third parties
Yes

Onboarding and offboarding

Getting started
We will provide various sources of on-boarding assistance including, remote tutoring, professional service installation and location specific training all supported by excellent online and printed documentation and resources.
Service documentation
Yes
Documentation formats
  • HTML
  • PDF
End-of-contract data extraction
We do not hold customer data.
End-of-contract process
The application is simply uninstalled and/or deleted from the cloud environment or on premise.

Using the service

Web browser interface
Yes
Supported browsers
  • Microsoft Edge
  • Firefox
  • Chrome
Application to install
No
Designed for use on mobile devices
No
Service interface
Yes
Description of service interface
From a browser The IS Graphical User Interface include features such as results summary where the user can see its result ranked from 0 to 100 and overview his security posture and highlighted vulnerabilities. The system include a baseline compare report where the user can review his current standing compared to any timestamp in his historical scans. It also includes asset tracking and user administration. You can also customise dashboards.
Accessibility standards
None or don’t know
Description of accessibility
Users have complete control over the whole application. The only limitation is you cannot generate a licence. One can create scans users customised dashboards generate reports that are filtered or by template
furthermore, one can apply assets tracking by automation
Accessibility testing
We do not work with assistive technology.
API
Yes
What users can and can't do using the API
Users can perform any action on the API as if they were using the GUI. Our tool perform vulnerability assessment and management and as such the API gives the user the ability to connect with other applications such as SIEM systems logging tools and it also gives the users the ability to perform scans create users generate report export scanning results create assets automation search for vulnerability details based on CVE or CVSS score. All capabilities given on our UI are accessible through the API
API documentation
Yes
API documentation formats
HTML
API sandbox or test environment
Yes
Customisation available
Yes
Description of customisation
Add your own logo
Integrate to 40 other services out of the box
create filtered report
create role based users

Scaling

Independence of resources
If BeSECURE is inoperable the applications are not. Each BeSECURE instance is separate from any other and deployed to client specific VMs.

Analytics

Service usage metrics
No

Resellers

Supplier type
Reseller providing extra support
Organisation whose services are being resold
Beyond Security

Staff security

Staff security clearance
Other security clearance
Government security clearance
Up to Baseline Personnel Security Standard (BPSS)

Asset protection

Knowledge of data storage and processing locations
Yes
Data storage and processing locations
  • United Kingdom
  • European Economic Area (EEA)
User control over data storage and processing locations
No
Datacentre security standards
Supplier-defined controls
Penetration testing frequency
At least every 6 months
Penetration testing approach
In-house
Protecting data at rest
  • Physical access control, complying with another standard
  • Encryption of all physical media
Data sanitisation process
Yes
Data sanitisation type
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
Equipment disposal approach
Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data export approach
N/A we don't store any data.
Data export formats
Other
Data import formats
Other

Data-in-transit protection

Data protection between buyer and supplier networks
IPsec or TLS VPN gateway
Data protection within supplier network
IPsec or TLS VPN gateway

Availability and resilience

Guaranteed availability
N/A
Approach to resilience
Available on request
Outage reporting
No Outage reporting is applicable in the service

Identity and authentication

User authentication needed
Yes
User authentication
  • 2-factor authentication
  • Username or password
Access restrictions in management interfaces and support channels
BeSECURE has full audit-ability and end-to-end encryption.
Access restriction testing frequency
At least every 6 months
Management access authentication
  • 2-factor authentication
  • Username or password

Audit information for users

Access to user activity audit information
You control when users can access audit information
How long user audit data is stored for
User-defined
Access to supplier activity audit information
You control when users can access audit information
How long supplier audit data is stored for
User-defined
How long system logs are stored for
User-defined

Standards and certifications

ISO/IEC 27001 certification
Yes
Who accredited the ISO/IEC 27001
ACS Registrars Limited
ISO/IEC 27001 accreditation date
9th November 2019
What the ISO/IEC 27001 doesn’t cover
Full accreditation.
ISO 28000:2007 certification
No
CSA STAR certification
No
PCI certification
No
Other security certifications
Yes
Any other security certifications
Cyber Security Essentials Plus

Security governance

Named board-level person responsible for service security
Yes
Security governance certified
Yes
Security governance standards
  • ISO/IEC 27001
  • Other
Other security governance standards
Cyber Security Essentials Plus
Information security policies and processes
TBA

Operational security

Configuration and change management standard
Supplier-defined controls
Configuration and change management approach
Our service consist two main components: LSS and IS used for the customer to login extract reports and create scans. IS is constantly tracked and follow compliance which are obligated by AWS such as SOX, GDPR and compliance check for Approved PCI Scanning Vendors which we obtain by having the license to scan websites for credit card payments. We also get assessed semi yearly for security flaws in order to have ourselves authorized to provide our Quarterly PCI scans service. Deployed LSS are connected using 3DES and TLS 1.2 to the IS we get notified if the scanner is down
Vulnerability management type
Supplier-defined controls
Vulnerability management approach
Our systems are constantly monitored by our security team. As a company which develops vulnerability assessment tool we are well aware of VA sphere and we perform internal pen-tests and daily scans on our tool all threats are flagged in a unified dashboard
all endpoints have AV installed on them. Access to our systems is role based tools are monitored and scanned regularly
we operate a log for user action and perform real-time DLP and Anti malware and ransomware scans
Protective monitoring type
Undisclosed
Protective monitoring approach
We respond within hours to potential threats. We look for vulnerabilities on our network we are using our own tools for fuzzing and discovering of zerodays vulnerabilities that were not published in CVEs are systems constantly monitor for anomalies in terms of access to files dns requests or unusual outbound network we are protecting our application from source code through 7 layers of OSI model and later the data by using organisational barriers such as NG FW EDR DLP and constant scanning with Vulnerability assessment tools
Incident management type
Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
Incident management approach
As a security company. We would rather not disclose our internal approach as we hold rather a lot of sensitive and critical client data.

Secure development

Approach to secure software development best practice
Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

Connection to public sector networks
No

Pricing

Price
£7.50 to £9.99 a device
Discount for educational organisations
Yes
Free trial available
No

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at tony@primenetuk.com. Tell them what format you need. It will help if you say what assistive technology you use.