Netacea Ltd

Netacea Bot Management Platform

Netacea is a cyber security company that protects some of the world’s most recognisable brands from the threat of malicious bots. Using behavioural analysis with machine learning, our innovative approach to bot management and account takeover mitigation protects websites, mobile apps and APIs from automated attacks.

Features

  • Simple to manage through a secure web portal.
  • Behavioural anomaly detection ensure rapid detection and mitigation.
  • Advanced analysis: With algorithms tuned using supervised machine learning
  • Choose your risk level: by blocking, analyzing or authorizing traffic.
  • Intelligent integrations through CDN, API or reverse proxy.

Benefits

  • Adaptive machine learning: Netacea constantly learns about your traffic
  • Protect against reputational damage: Through advanced and sophistication detection

Pricing

£0 to £0.01 per transaction per month

  • Education pricing available
  • Free trial available

Service documents

Framework

G-Cloud 11

Service ID

4 5 0 5 8 8 5 0 3 4 7 3 3 9 8

Contact

Netacea Ltd

Joe Murray

03309950040

joe.murray@netacea.com

Service scope

Software add-on or extension
No
Cloud deployment model
Public cloud
Service constraints
Not applicable.
System requirements
Not applicable.

User support

Email or online ticketing support
Email or online ticketing
Support response times
Questions are classified as L3 tickets and are responded to within 3 working days
User can manage status and priority of support tickets
Yes
Online ticketing support accessibility
None or don’t know
Phone support
Yes
Phone support availability
24 hours, 7 days a week
Web chat support
Yes, at an extra cost
Web chat support availability
9 to 5 (UK time), Monday to Friday
Web chat support accessibility standard
None or don’t know
How the web chat support is accessible
We use Slack for real time support cases
Web chat accessibility testing
N/A
Onsite support
Yes, at extra cost
Support levels
Response Times

L1 30 minutes during Business Hours, and 1 hour outside Business Hours
L2 2 hours, within Extended Business Hours only Priority
L3 3 Business Days, during Business Hours only

Resolution Times

L1 1 Business Day
L2 2 Business Days Priority
L3 N/A

Netacea provide a customer success manager / account management function.
Support available to third parties
Yes

Onboarding and offboarding

Getting started
Netacea provide a training package including;

PDF training materials
Offsite / onsite training seminars
Ongoing training for new features
Service documentation
Yes
Documentation formats
  • PDF
  • Other
Other documentation formats
Support Portal Wiki
End-of-contract data extraction
Data is available for customers ending contract via FTP, however it is unlikely that this is relevant for the majority of customers. Netacea offer a real time service and customers data is removed on termination of contract.
End-of-contract process
Close down of accounts and services, data handoff and data deletion.

Using the service

Web browser interface
Yes
Supported browsers
  • Internet Explorer 10
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
  • Opera
Application to install
No
Designed for use on mobile devices
Yes
Differences between the mobile and desktop service
Web portal has been designed optimally on both desktop and mobile devices.
Service interface
No
API
Yes
What users can and can't do using the API
Service can be configured via API.
API documentation
Yes
API documentation formats
PDF
API sandbox or test environment
Yes
Customisation available
Yes
Description of customisation
Examples of customization would include:

Bespoke paths for detection, solution policies and integration options.

Scaling

Independence of resources
The Bot Management system has a High Availability (HA) scalable architecture. System capacity monitoring is in place to ensure that capacity is provided for all customers.

Separate infrastructure can be made available at cost to customers if requested.

Analytics

Service usage metrics
Yes
Metrics types
The service is provided to give users an understanding of automated traffic on their websites and therefore all metrics given are essentially usage metrics. Example of this would be;

Total log data ingested
Total log data processed
Geo location of origin of web requests
Bot or not data
Reporting types
  • API access
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

Supplier type
Not a reseller

Staff security

Staff security clearance
Other security clearance
Government security clearance
Up to Developed Vetting (DV)

Asset protection

Knowledge of data storage and processing locations
Yes
Data storage and processing locations
  • United Kingdom
  • European Economic Area (EEA)
User control over data storage and processing locations
Yes
Datacentre security standards
Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency
At least every 6 months
Penetration testing approach
Another external penetration testing organisation
Protecting data at rest
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Encryption of all physical media
  • Scale, obfuscating techniques, or data storage sharding
Data sanitisation process
Yes
Data sanitisation type
Deleted data can’t be directly accessed
Equipment disposal approach
Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data export approach
N/A
Data export formats
Other
Other data export formats
N/A
Data import formats
Other
Other data import formats
  • FTPs upload of xml / json data
  • Secure S3 ingest

Data-in-transit protection

Data protection between buyer and supplier networks
TLS (version 1.2 or above)
Data protection within supplier network
TLS (version 1.2 or above)

Availability and resilience

Guaranteed availability
Data ingest pipeline;

Availability SLA - 99.99%

User admin portal

Availability SLA - 99.99%
Approach to resilience
The Bot Management system has a High Availability (HA) architecture, and disaster recovery policies are in place. As an AWS hosted solution, Netacea manage all infrastructure as code.
Outage reporting
Email alerts on outage and on restoration of service. Regular service reviews with customers with SLA / availability reporting included.

Identity and authentication

User authentication needed
Yes
User authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Username or password
Access restrictions in management interfaces and support channels
MFA access for all users - Three levels of access, Admin, User and read only
Data is segmented by customer in our management portal
Support portal gives registered users access to all tickets created for their organisation, although this is configurable to an individual level at cost and on request.
Access restriction testing frequency
At least every 6 months
Management access authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Username or password

Audit information for users

Access to user activity audit information
Users have access to real-time audit information
How long user audit data is stored for
User-defined
Access to supplier activity audit information
Users have access to real-time audit information
How long supplier audit data is stored for
User-defined
How long system logs are stored for
At least 12 months

Standards and certifications

ISO/IEC 27001 certification
No
ISO 28000:2007 certification
No
CSA STAR certification
No
PCI certification
Yes
Who accredited the PCI DSS certification
SAQ-D
PCI DSS accreditation date
Oct 2018
What the PCI DSS doesn’t cover
PCI DSS covers the production environment only.
Other security certifications
No

Security governance

Named board-level person responsible for service security
Yes
Security governance certified
Yes
Security governance standards
Other
Other security governance standards
PCI DSS
ISO27001 - Q4 2019
Information security policies and processes
Netacea is currently working towards ISO27001 compliance. Overarching security policies are in place and reviewed by the ISMS at least once per year. Processes are in place to report policy / security breaches and these are managed within the ISMS.

ISMS is made up of senior operational staff and board members.

Operational security

Configuration and change management standard
Supplier-defined controls
Configuration and change management approach
All changes are subject to a defined changed control process. Netacea manages a CI/CD model for development and all amends are subject to security testing prior to go live as part of the automated route to production environments. ASV scanning is completed quarterly to comply with PCI DSS and full vulnerability scans are completed on new systems or systems that have changed significantly.
Vulnerability management type
Supplier-defined controls
Vulnerability management approach
Automated vulnerability management is in place across test, production and desktop infrastructure. Patching is managed by weekly updates. Critical vulnerabilities are identified automatically and actioned as a priority. Reporting and audit functionality is available across all systems.
Protective monitoring type
Supplier-defined controls
Protective monitoring approach
Full visibility of potential compromises to the platform is available though dashboards and alerted on through our escalation systems. Response to compromise is named in policy and consists of the following stages;

Formation of the security response team
Containment / Coordination activity
Notification to relevant parties
Post incident analysis and root cause analysis / risk treatment planning

Response to the compromise of systems constitutes an L1 priority and is therefore acted on immediately.
Incident management type
Supplier-defined controls
Incident management approach
All system components have associated run books available to engineers in the case of failure. Users can report incidents either through the ticketing system or via a 24*7 telephone line. Incident reports / root cause analysis is provided to customers that have been impacted by service outage or other disruptive incidents.

Secure development

Approach to secure software development best practice
Conforms to a recognised standard, but self-assessed

Public sector networks

Connection to public sector networks
No

Pricing

Price
£0 to £0.01 per transaction per month
Discount for educational organisations
Yes
Free trial available
Yes
Description of free trial
Typically a PoC would run for 30 days, the scope is generally defined by the client - such as what threat scope to look for credential stuffing/ato etc.

Service documents

Return to top ↑