Axcelot Ltd.

Hosted Security Operations Centre

A secure, hosted and managed Security Operations Centre based on Splunk, monitored 24x7x365. With PSN connectivity and certification for OFFICIAL and OFFICIAL SENSITIVE data.

Features

  • 24x7 monitoring
  • OFFICIAL SENSITIVE accreditation
  • Leverages Cloud technologies to allow scaling without interrupting services
  • Guidance and best practice consulting
  • PSN connectivity
  • Managed Splunk infrastructure
  • Remote access to own data
  • Built in Amazon AWS London region
  • Resilient infrastructure
  • Encrypted at rest

Benefits

  • Industry-leading data analytics platform – Splunk
  • No capital costs on hardware
  • Reduced need for specialist staff
  • GDPR risks mitigation
  • Reduced cost to in-house solution
  • Flexibility and easy system scaling
  • Identifies breaches allowing clients to respond effectively to cyber incidents

Pricing

£3000 per gigabyte per day

  • Education pricing available

Service documents

Framework

G-Cloud 11

Service ID

6 2 5 1 6 1 5 7 3 2 4 9 6 7 3

Contact

Axcelot Ltd.

Stephan Freeman

07305 912291

gcloud@axcelot.com

Service scope

Software add-on or extension
No
Cloud deployment model
  • Public cloud
  • Private cloud
Service constraints
The service requires a VPN to provide access and some local implementation to forward data to the service.
System requirements
  • Firewalls to ensure secure connection to services
  • Local installation of Splunk forwarders
  • Adequate bandwidth available for data transfer

User support

Email or online ticketing support
Email or online ticketing
Support response times
Within 24 hours
User can manage status and priority of support tickets
Yes
Online ticketing support accessibility
None or don’t know
Phone support
Yes
Phone support availability
24 hours, 7 days a week
Web chat support
No
Onsite support
Yes, at extra cost
Support levels
There are several levels of support: Bronze: Monday-Friday, 9-5 (UK time) Silver: 7 days a week, 9-5 (UK time) Gold: 7 days a week, 24 hours a day We provide a technical account manager for every account. The environment itself is monitored 24x7
Support available to third parties
Yes

Onboarding and offboarding

Getting started
There are several stages to the on boarding process. Technical: the systems that generate data must be configured to send their data to a central collection point on the customer's site, and then forwarded over a VPN to the service. Service: relevant SLAs must be agreed, as well as the RPOs and RTOs for the data. People: we can arrange Splunk training for staff in accordance with the customer's need. In addition, on site training around access to the service, over and above Splunk-specific training, can be given.
Service documentation
Yes
Documentation formats
PDF
End-of-contract data extraction
We can work with clients to determine the best option. Either as a compressed file in a secure location within the service, or on physical, encrypted media. The data will be in either: csv, json, raw, tsv or xml format, depending on client requirements.
End-of-contract process
Any hardware implemented on client sites must be returned within 30 days of contract end. Any data held within the client environment will be scrubbed and wiped as part of the environment decommissioning process. However, as the entire infrastructure is virtual, there will not be any hardware disposal implications.

Using the service

Web browser interface
Yes
Supported browsers
  • Internet Explorer 10
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
  • Opera
Application to install
Yes
Compatible operating systems
  • Linux or Unix
  • MacOS
  • Windows
  • Other
Designed for use on mobile devices
No
Service interface
Yes
Description of service interface
Splunk web interface
Accessibility standards
None or don’t know
Description of accessibility
Splunk's web interface supports at least WCAG 2.0:
https://www.splunk.com/blog/2018/10/22/splunk-enterprise-7-2-announces-several-accessibility-improvements.html
Accessibility testing
Splunk's web interface supports at least WCAG 2.0:
https://www.splunk.com/blog/2018/10/22/splunk-enterprise-7-2-announces-several-accessibility-improvements.html
API
No
Customisation available
Yes
Description of customisation
The inputs into Splunk, with support form Axcelot staff
The apps installed on the Splunk Search Heads (deployed by Axcelot staff)
Look and feel of the Splunk interface, including personal preferences

Scaling

Independence of resources
The infrastructure is based on Amazon AWS and is monitored for usage. Where loads exceed thresholds, individual clusters can be resized, meaning that we can respond to increased load through increases in compute resource.

Analytics

Service usage metrics
Yes
Metrics types
Uptime, data ingestion rates, storage use
Reporting types
  • Regular reports
  • Reports on request

Resellers

Supplier type
Not a reseller

Staff security

Staff security clearance
Conforms to BS7858:2012
Government security clearance
Up to Security Clearance (SC)

Asset protection

Knowledge of data storage and processing locations
Yes
Data storage and processing locations
United Kingdom
User control over data storage and processing locations
Yes
Datacentre security standards
Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency
At least every 6 months
Penetration testing approach
‘IT Health Check’ performed by a CHECK service provider
Protecting data at rest
  • Physical access control, complying with CSA CCM v3.0
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Physical access control, complying with another standard
  • Encryption of all physical media
Data sanitisation process
Yes
Data sanitisation type
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
Equipment disposal approach
Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data export approach
With support from Axcelot staff, data can be exported in any format supported by Splunk, including csv, xml and json
Data export formats
  • CSV
  • Other
Other data export formats
  • Json
  • Xml
Data import formats
  • CSV
  • Other
Other data import formats
Syslog

Data-in-transit protection

Data protection between buyer and supplier networks
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
Data protection within supplier network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

Guaranteed availability
We expect 99.99% availability of services. Compensation for any outage exceeding these limits will be defined as part of contract negotiations.
Approach to resilience
We use Amazon AWS London region and deploy resilient architecture in to multiple availability zones. More information on AWS resilience can be found here: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-regions-availability-zones.html
Outage reporting
We report outages by email. For significant outages we will contact the client by phone.

Identity and authentication

User authentication needed
Yes
User authentication
  • 2-factor authentication
  • Limited access network (for example PSN)
  • Dedicated link (for example VPN)
  • Username or password
Access restrictions in management interfaces and support channels
All access to the service by the client is over a dedicated VPN from their own infrastructure; access is not possible between clients via this route due to internal routing controls. Access is possible by Axcelot staff, but is limited to using bastion hosts as proxies that are not directly accessible. Axcelot has undergone an IT Health Check for our own management infrastructure.
Access restriction testing frequency
At least every 6 months
Management access authentication
  • 2-factor authentication
  • Dedicated link (for example VPN)
  • Username or password

Audit information for users

Access to user activity audit information
Users have access to real-time audit information
How long user audit data is stored for
User-defined
Access to supplier activity audit information
Users have access to real-time audit information
How long supplier audit data is stored for
User-defined
How long system logs are stored for
User-defined

Standards and certifications

ISO/IEC 27001 certification
Yes
Who accredited the ISO/IEC 27001
Pen Test Partners
ISO/IEC 27001 accreditation date
31/07/2019
What the ISO/IEC 27001 doesn’t cover
Our ISO27001 certificate covers all aspects of the service
ISO 28000:2007 certification
No
CSA STAR certification
No
PCI certification
No
Other security certifications
Yes
Any other security certifications
Cyber Essentials Plus

Security governance

Named board-level person responsible for service security
Yes
Security governance certified
Yes
Security governance standards
  • ISO/IEC 27001
  • Other
Other security governance standards
Cyber Essentials Plus
Information security policies and processes
Our CEO is also the Chief Information Security Officer (CISO). Weekly risk management meetings provide a forum for discussing any issues any team member has. We have an ISMS based on ISO27001, managed by an Information Security Manager and corporate policies covering all elements in ISO27002:2013. We undergo external audits on a 6 monthly basis to ensure compliance.

Operational security

Configuration and change management standard
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Configuration and change management approach
We use a Configuration Management Database (CMDB), integrated with our Change Management and Service Desk systems to track the asset lifecycle. All changes are reviewed at a weekly Change Management meeting, where risks are assess and previous changes reviewed. Emergency changes may be implemented only with the approval of a member of the board.
Vulnerability management type
Supplier-defined controls
Vulnerability management approach
We use Tenable Nessus to scan our infrastructure on a weekly basis for vulnerabilities. Patches are deployed within seven days of release, unless a risk assessment highlights a need to postpone changes. We maintain contacts with special interest groups and subscribe to multiple threat lists, including those for all of the operating systems, applications and appliances we use.
Protective monitoring type
Supplier-defined controls
Protective monitoring approach
Axcelot runs a 24x7 Cyber Security Operations Centre (SOC), which monitors all aspects of the service, as well as systems from other clients, using Splunk Enterprise Security. Incident response is undertaken by the SOC using playbooks for particular scenarios. If we were to suffer a client-impacting breach we would immediately inform the client, with details of what happened and an assessment of the client data compromised. We would then work in partnership with the client to mitigate the effects of the breach.
Incident management type
Supplier-defined controls
Incident management approach
There are a number of pre-defined processes that cover the majority of common breaches. These may be invoked either through our own monitoring of the service, or as a result of a client contacting the Axcelot Service Desk. Incident reports would be available upon request.

Secure development

Approach to secure software development best practice
Conforms to a recognised standard, but self-assessed

Public sector networks

Connection to public sector networks
Yes
Connected networks
Public Services Network (PSN)

Pricing

Price
£3000 per gigabyte per day
Discount for educational organisations
Yes
Free trial available
No

Service documents

Return to top ↑