Quorum Cyber Limited

Big Red Button - Click

Traditional anti-malware products need to be installed on every corporate device. Maintaining and updating client based anti-malware software is a difficult task. Click provides a different approach, sitting at your gateway monitoring all outbound DNS requests and preventing users from interacting with malicious sites.


  • Automatic blocking of know bad sites
  • Protect against targeted threats and spear-phishing sites
  • Shared threat intelligence
  • Uses malware against itself
  • Complete network protection


  • Protect against "happy clickers"
  • Protect against spear-phishing attacks
  • Protect against "clickless" threats like "malvertising"
  • Protect against zero-day attacks


£0.50 to £2.19 per user per month

Service documents

G-Cloud 10


Quorum Cyber Limited

Bill Thomson

0131 652 3954


Service scope

Service scope
Software add-on or extension No
Cloud deployment model Public cloud
Service constraints The service requires that all gateways to the public Internet resolve DNS to our service. If mobile devices or laptops are in scope then they must also be configured to resolve to our service.
System requirements Recommend the latest versions of Chrome, Firefox or Edge

User support

User support
Email or online ticketing support Email or online ticketing
Support response times Questions submitted via the user dashboard will be responded to within 1 working day. Support tickets will be assigned a priority (1 - 3) and responded according to our SLA - P1 = 30mins, P2 = 8 hours, P3 = 2 days.
User can manage status and priority of support tickets No
Phone support Yes
Phone support availability 9 to 5 (UK time), Monday to Friday
Web chat support No
Onsite support No
Support levels The service is fully automated and requires very little interaction between us and the customer. In the event that a support ticket is logged, tickets will be assigned a priority (1 - 3) and responded according to our SLA - P1 = 30mins, P2 = 8 hours, P3 = 2 days.
Support available to third parties Yes

Onboarding and offboarding

Onboarding and offboarding
Getting started Each new customer will receive a welcome email with instructions. Set-up takes minutes and only requires their existing Internet gateways and mobile devices to be re-configured to resolve to our service.
Service documentation Yes
Documentation formats
  • HTML
  • PDF
End-of-contract data extraction Not applicable as we do not hold any data. The service blocks any device that tries to access any URL that is a known threat (according to our threat intelligence database).
End-of-contract process At the contract end, the customer can just stop using the service. There is no requirement for data migration.

Using the service

Using the service
Web browser interface Yes
Supported browsers
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
Application to install No
Designed for use on mobile devices Yes
Differences between the mobile and desktop service There are no differences. The device will need to be configured to resolve DNS requests to our service. The dashboard is accessible on mobile devices using a browser.
Accessibility standards WCAG 2.0 AAA
Accessibility testing Tested voiceover technologies and visual aids to ensure the platform can be used by people with impaired vision.
Customisation available No


Independence of resources The service runs in the Microsoft Azure public cloud. We monitor the performance of the resources on a continual basis and utilise dynamic scaling of resources (both scale up and scale out) within the cloud to ensure that performance is never affected as users are added and demand increases.


Service usage metrics Yes
Metrics types Users have access to a dashboard to see their individual metrics and administrators can see metrics for the entire organisation. Metrics include -

- Number of total DNS requests (day / week / month / year / beginning of time)
- summary of most active networks
- summary of alerts
- on the "all alerts" tab:
-- 10 alerts per page with all the alert info, including [malicious domain, victim, date-time, status, etc]
Reporting types Real-time dashboards


Supplier type Not a reseller

Staff security

Staff security
Staff security clearance Conforms to BS7858:2012
Government security clearance Up to Baseline Personnel Security Standard (BPSS)

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations
  • United Kingdom
  • European Economic Area (EEA)
User control over data storage and processing locations No
Datacentre security standards Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency At least every 6 months
Penetration testing approach ‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
Protecting data at rest Physical access control, complying with SSAE-16 / ISAE 3402
Data sanitisation process No
Equipment disposal approach Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data importing and exporting
Data export approach There is no requirement to export data as the service only holds meta data used for threat intelligence.
Data export formats Other
Other data export formats Not applicable.
Data import formats Other
Other data import formats Not applicable

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks TLS (version 1.2 or above)
Data protection within supplier network TLS (version 1.2 or above)

Availability and resilience

Availability and resilience
Guaranteed availability SLA Measurement
The Click service will be considered available if it can resolve DNS requests from the customer network and devices. Availability will be measured by monitoring the critical application services running in the hosting platform from an alternative location.

SLA Period
An SLA Period, for the purpose of measuring the performance of the Service against the SLA, is 1 calendar month, commencing on the first day of each month.

SLA Period
If the service is not available for 10 continuous minutes in any SLA Period, then the SLA will be deemed to have been breached.

SLA Credits
Should the SLA be missed then any affected customers will receive 100% of their standard charge back for the relevant SLA Period in the form of a service credit that can be used against future purchases. Service Credits will be applied automatically to a customer account but the customer is responsible for ensuring that they are applied when the SLA has been breached.

SLA Hours
The operating hours of the service are 24 hours per day, 365 days per year. Maintenance shall be carried out outside of core business hours (GMT) and should not affect the availability of the service.
Approach to resilience The service runs in Microsoft Azure and utilises the in built resilience of the public cloud to protect against physical datacentre failure, In addition to this, each element of the stack has multiple resilient nodes to protect against software/OS failures.
Outage reporting In the event of an outage, this will be reported via email alerts and on the service dashboard (assuming it is not affected).

Identity and authentication

Identity and authentication
User authentication needed Yes
User authentication Username or password
Access restrictions in management interfaces and support channels The dashboard is passive for insight and analytics only. Each user is restricted to see their data only. Nominated admin users are able to see data from all users in their organisation. Doesn't apply to the support channel.
Access restriction testing frequency At least every 6 months
Management access authentication
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)

Audit information for users

Audit information for users
Access to user activity audit information Users contact the support team to get audit information
How long user audit data is stored for At least 12 months
Access to supplier activity audit information Users contact the support team to get audit information
How long supplier audit data is stored for At least 12 months
How long system logs are stored for Between 1 month and 6 months

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification Yes
Who accredited the ISO/IEC 27001 Certified Quality Systems Ltd
ISO/IEC 27001 accreditation date 28/06/2017
What the ISO/IEC 27001 doesn’t cover All elements of the business are covered.
ISO 28000:2007 certification No
CSA STAR certification No
PCI certification No
Other security certifications Yes
Any other security certifications CREST Certified body

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance certified Yes
Security governance standards ISO/IEC 27001
Information security policies and processes Quorum Cyber is ISO 27001:2013 and ISO 9001:2015 compliant. We implement and maintain an Information Security Management System (ISMS) which is kept fully up to date at all times. Policies and procedures are an integral part of the overall information security and cybersecurity governance framework within Quorum. They are the rules we implement for secure usage of all our information systems and assets. The purpose of these policies is to protect Quorum from all types of threats, whether internal or external, deliberate or accidental and to ensure compliance with legal requirements, regulatory mandates and industry best practices. All staff are expected to be familiar with these policies and procedures, understand their roles and responsibilities and act on them at all times. The board of Directors of Quorum Cyber (Board) is the ultimate owner of the ISMS and all policies and procedures for Quorum. The Managing Director has been appointed by the Board as the leading authority of the ISMS. The Board has delegated the creation, implementation, management and approval of the ISMS and all policies and procedures to the Managing Director.

Operational security

Operational security
Configuration and change management standard Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Configuration and change management approach Our solution is being executed on a three-tier system and runs in three different environments: development, testing and production. We use an ITIL compliant change management process, and that we keep track of all changes on our internal ticketing system. Before releasing each of the components we perform a static source code analysis of the code and we also create the required testcases to provide sufficient code coverage containing unusual scenarios. On top of this we conduct regular internal vulnerability analysis scans and yearly penetration tests on the platform.
Vulnerability management type Supplier-defined controls
Vulnerability management approach We run regular (weekly) authenticated vulnerability scans of our infrastructure and applications using Tenable.IO vulnerability scanner, and remediate issues according to our patching schedule or as required (for medium and above criticality vulnerabilities). We analyse internal logs for abnormalities. Anything unusual triggers an alarm and a standard playbook solution.Bugs that we have detected so far have been resolved within hours at most, and none of them at present have been related to security issues. We are constantly analysing internally different tools and we do not reuse year after year the same vendors for our penetration tests.
Protective monitoring type Supplier-defined controls
Protective monitoring approach Quorum Cyber also provides a Security Operations Centre as a managed service. We monitor all logs using a SIEM platform, which is configured to alert to specific Indicators of Compromise (IoCs) that are relevant to the threats we are exposed to. When an IoC is triggered it is logged as a security incident and assigned a relevant priority. We respond according to our SLA - P1 = 30 mins, P2 = 8 hours, P3 = 24 hours.
Incident management type Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
Incident management approach Quorum Cyber operates a pre-defined incident management process. We utilise an ITIL based service management system to assign each incident a priority and classification. Each incident is then handled according to the pre-determined SLA. Built into the system is a level of automation that ensures that SLAs are never missed (auto-escalation to a team leader) and incidents are never left unresolved. We also utilise automation to automate repeat incidents with standard resolutions.

Secure development

Secure development
Approach to secure software development best practice Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

Public sector networks
Connection to public sector networks No


Price £0.50 to £2.19 per user per month
Discount for educational organisations Yes
Free trial available Yes
Description of free trial Full version for a 30 day free of charge trial with no obligation to purchase and no payment details needed.
Link to free trial https://www.bigredbutton.io/signup/

Service documents

pdf document: Pricing document pdf document: Terms and conditions
Service documents
Return to top ↑