C2 CYBER LTD

Security Incident Detection & Response

This is a cyber security service to help an organisation detect and respond to attacks.

Our cloud platform collects relevant system data, has a set of threat use cases that analyse it, and then provides timely and understandable reports that describe the incident and provide guidance for the response.

Features

  • Log collection and management
  • Log correlation and analysis
  • 24x7 cyber security incident detection
  • Security incident triage and investigation automation
  • Security incident dashboard and reporting
  • Security incident response guidance and support

Benefits

  • Reduce time to detect cyber security incidents
  • Achieve compliance with NIS Directive Objective C
  • Achieve compliance with EU GDPR
  • Remediate incidents before they impact the business
  • Increase cyber security situational awareness
  • Increase cyber threat awareness
  • Measure effectiveness of cyber security controls

Pricing

£40 to £400 per unit per month

  • Education pricing available
  • Free trial available

Service documents

G-Cloud 10

560512903316201

C2 CYBER LTD

Government Sales

020 7965 7596

info@c2cyber.com

Service scope

Service scope
Software add-on or extension No
Cloud deployment model Public cloud
Service constraints The service supports a standard set of logs and threat use cases. These are reviewed on a regular basis. Custom logs and threat use cases can be purchased.
System requirements
  • Service is optimised for Microsoft Office365 (but this isn't obligatory)
  • Log collection must have access to the internet

User support

User support
Email or online ticketing support Email or online ticketing
Support response times We aim to respond to questions within 1 working day
User can manage status and priority of support tickets No
Phone support No
Web chat support No
Onsite support Yes, at extra cost
Support levels For service issues we provide 1st, 2nd and 3rd line support.

Security incident reports provide guidance on the recommended response. Additional support to security incidents is provided by our Cloud Support services.
Support available to third parties Yes

Onboarding and offboarding

Onboarding and offboarding
Getting started We provide documentation to enable a client to onboard log sources into the service
We also provide documentation to help a client understand how to use the service
Service documentation Yes
Documentation formats
  • HTML
  • PDF
End-of-contract data extraction Clients will be issued a complete set of their retained logs as held on the production system at the end of contract conditional on the client providing a suitable storage device.
End-of-contract process At the end of the contract we will disconnect our service from the client site. The client is responsible for removing any log collection software from their systems, and returning any log collection devices that have been provided.

Using the service

Using the service
Web browser interface Yes
Supported browsers
  • Internet Explorer 11
  • Microsoft Edge
  • Chrome
Application to install Yes
Compatible operating systems
  • Linux or Unix
  • Windows
Designed for use on mobile devices Yes
Differences between the mobile and desktop service Differences are presentational only, with active incidents and dashboards accessible from both.
Desktop service also provides access to historical incidents.
Desktop service also provides access to client logs for additional fees.
Accessibility standards None or don’t know
Description of accessibility Our service is accessible through a browser and the UI will have been tested to meet general accessibility good practice.
Accessibility testing The interface will be tested using a compliance assurance service.
API No
Customisation available Yes
Description of customisation Clients can request additional specialist or custom log sources
Clients can request additional specialist or customer threat analytics
Clients can request additional log retention period (beyond the 30 day standard)

Scaling

Scaling
Independence of resources We have adequate spare capacity to minimise the risk that one user will place a disproportionate demand that impacts on other users.

Analytics

Analytics
Service usage metrics Yes
Metrics types Data ingest volumes
Security incident detection rates
Security incident response times
Log source device statuses
Reporting types
  • Real-time dashboards
  • Regular reports

Resellers

Resellers
Supplier type Not a reseller

Staff security

Staff security
Staff security clearance Other security clearance
Government security clearance Up to Developed Vetting (DV)

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations United Kingdom
User control over data storage and processing locations No
Datacentre security standards Supplier-defined controls
Penetration testing frequency At least once a year
Penetration testing approach ‘IT Health Check’ performed by a CHECK service provider
Protecting data at rest
  • Physical access control, complying with CSA CCM v3.0
  • Scale, obfuscating techniques, or data storage sharding
Data sanitisation process Yes
Data sanitisation type Deleted data can’t be directly accessed
Equipment disposal approach A third-party destruction service

Data importing and exporting

Data importing and exporting
Data export approach Data is collected by our service either direct from 3rd party cloud services (e.g. Microsoft Office365) or via an agent or device installed on a client's environment.
When a security incident is detected the service will produce a report that will include relevant incident and contextual data.
For an additional fee the client may be able to query and extract elements of their data.
At the end of contract clients can request a complete export of all of their data held on production systems conditional on them providing a suitable storage device.
Data export formats
  • CSV
  • Other
Other data export formats
  • JSON
  • XML
Data import formats
  • CSV
  • Other
Other data import formats
  • JSON
  • SYSLOG

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
Data protection within supplier network TLS (version 1.2 or above)

Availability and resilience

Availability and resilience
Guaranteed availability The service availability target is 99% excluding planned downtime
Clients can claim a refund based on a pro rated service charge for each complete day that the service was unavailable in excess of the target.
Approach to resilience The architecture of our platform delivers resilience through high levels of redundancy across the both the data ingest and analytics clusters. Further information may be made available on request.
Outage reporting Outages and planned maintenance are reported on the dashboard. Major outages that may render the dashboard inaccessible will be reported by email.

Identity and authentication

Identity and authentication
User authentication needed Yes
User authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
Access restrictions in management interfaces and support channels The architecture is multi-tenanted by design, with strict data labelling to ensure one tenant cannot access another tenants data. Multiple user roles are provided to separate those users with management or administrative responsibilities from those who are
Access restriction testing frequency At least once a year
Management access authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)

Audit information for users

Audit information for users
Access to user activity audit information Users have access to real-time audit information
How long user audit data is stored for Between 6 months and 12 months
Access to supplier activity audit information No audit information available
How long system logs are stored for Between 1 month and 6 months

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification No
ISO 28000:2007 certification No
CSA STAR certification No
PCI certification No
Other security certifications Yes
Any other security certifications Cyber Essentials

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance certified Yes
Security governance standards Other
Other security governance standards Cyber Essentials
Information security policies and processes We are certified Cyber Essentials and adopt cyber security accepted good practice.

Operational security

Operational security
Configuration and change management standard Supplier-defined controls
Configuration and change management approach We have a robust configuration and change management approach. Any material changes to the system are deployed in our Development environment and tested before being deployed to the Production environment.
Vulnerability management type Supplier-defined controls
Vulnerability management approach Our platform is heavily segmented with multiple layers of defence between zones to reduce the risk that a vulnerability can be exploited. The presentation layer and portal is only accessible to authenticated users, and is vulnerability scanned on a monthly basis. Vulnerabilities that are identified are triaged, and the target is that critical vulnerabilities within the presentational layer will be addressed within one week of a fix being available.
Protective monitoring type Supplier-defined controls
Protective monitoring approach We use the detection service to monitor the service itself for compromise, using multiple custom log sources and threat analytics. Critical incidents generate a call out event so that they are addressed at any time of the day. If a critical incident cannot be remediated quickly we may close down all or part of the service to mitigate the impact until it is addressed.
Incident management type Supplier-defined controls
Incident management approach We have high levels of automation and orchestration within the platform to ensure common events are addressed quickly and consistently. Users can generate an incident through the portal. The incident reports we provide to clients for security incidents that the platform has detected will provide incident data, contextual data, attack type descriptions, and guidance on appropriate response actions.

Secure development

Secure development
Approach to secure software development best practice Conforms to a recognised standard, but self-assessed

Public sector networks

Public sector networks
Connection to public sector networks No

Pricing

Pricing
Price £40 to £400 per unit per month
Discount for educational organisations Yes
Free trial available Yes
Description of free trial Onboarding of Office-365 service data and one month of monitoring services.

Documents

Documents
Pricing document View uploaded document
Terms and conditions document View uploaded document
Return to top ↑