Axcelot Ltd.

Secure Splunk Hosting

A secure, hosted and managed Splunk service, for organising structured and unstructured machine generated data. It allows users to gain insights from their data. With PSN connectivity and accreditation for OFFICIAL and OFFICIAL SENSITIVE data.

Features

  • 24x7 monitoring
  • OFFICIAL SENSITIVE accreditation
  • Leverages Cloud technologies to allow scaling without interrupting services
  • Guidance and best practice consulting
  • PSN connectivity
  • Managed Splunk infrastructure
  • Remote access to own data
  • Built in Amazon AWS London region
  • Resilient infrastructure
  • Encrypted at rest

Benefits

  • Industry-leading data analytics platform – Splunk
  • No capital costs on hardware
  • Reduced need for specialist staff
  • GDPR risks mitigation
  • Reduced cost to in-house solution
  • Flexibility and easy system scaling

Pricing

£3000 per gigabyte per day

  • Education pricing available

Service documents

G-Cloud 11

736863321571134

Axcelot Ltd.

Stephan Freeman

07305 912291

gcloud@axcelot.com

Service scope

Service scope
Software add-on or extension No
Cloud deployment model
  • Public cloud
  • Private cloud
Service constraints The service requires a VPN to provide access and some local implementation to forward data to the service.
System requirements
  • Firewalls to ensure secure connection to services
  • Local installation of Splunk forwarders
  • Adequate bandwidth available for data transfer

User support

User support
Email or online ticketing support Email or online ticketing
Support response times Within 24 hours
User can manage status and priority of support tickets Yes
Online ticketing support accessibility None or don’t know
Phone support Yes
Phone support availability 24 hours, 7 days a week
Web chat support No
Onsite support Yes, at extra cost
Support levels There are several levels of support: Bronze: Monday-Friday, 9-5 (UK time) Silver: 7 days a week, 9-5 (UK time) Gold: 7 days a week, 24 hours a day We provide a technical account manager for every account. The environment itself is monitored 24x7
Support available to third parties Yes

Onboarding and offboarding

Onboarding and offboarding
Getting started There are several stages to the on boarding process. Technical: the systems that generate data must be configured to send their data to a central collection point on the customer's site, and then forwarded over a VPN to the service. Service: relevant SLAs must be agreed, as well as the RPOs and RTOs for the data. People: we can arrange Splunk training for staff in accordance with the customer's need. In addition, on site training around access to the service, over and above Splunk-specific training, can be given.
Service documentation Yes
Documentation formats PDF
End-of-contract data extraction We can work with clients to determine the best option. Either as a compressed file in a secure location within the service, or on physical, encrypted media. The data will be in either: csv, json, raw, tsv or xml format, depending on client requirements.
End-of-contract process Any hardware implemented on client sites must be returned within 30 days of contract end. Any data held within the client environment will be scrubbed and wiped as part of the environment decommissioning process. However, as the entire infrastructure is virtual, there will not be any hardware disposal implications.

Using the service

Using the service
Web browser interface Yes
Supported browsers
  • Internet Explorer 10
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
  • Opera
Application to install Yes
Compatible operating systems
  • Linux or Unix
  • MacOS
  • Windows
  • Other
Designed for use on mobile devices No
Accessibility standards None or don’t know
Description of accessibility Splunk's web interface supports at least WCAG 2.0:
https://www.splunk.com/blog/2018/10/22/splunk-enterprise-7-2-announces-several-accessibility-improvements.html
Accessibility testing Splunk's web interface supports at least WCAG 2.0:
https://www.splunk.com/blog/2018/10/22/splunk-enterprise-7-2-announces-several-accessibility-improvements.html
API No
Customisation available Yes
Description of customisation The inputs into Splunk, with support form Axcelot staff
The apps installed on the Splunk Search Heads (deployed by Axcelot staff)
Look and feel of the Splunk interface, including personal preferences

Scaling

Scaling
Independence of resources The infrastructure is based on Amazon AWS and is monitored for usage. Where loads exceed thresholds, individual clusters can be resized, meaning that we can respond to increased load through increases in compute resource.

Analytics

Analytics
Service usage metrics Yes
Metrics types Uptime, data ingestion rates, storage use
Reporting types
  • Regular reports
  • Reports on request

Resellers

Resellers
Supplier type Not a reseller

Staff security

Staff security
Staff security clearance Conforms to BS7858:2012
Government security clearance Up to Security Clearance (SC)

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations United Kingdom
User control over data storage and processing locations Yes
Datacentre security standards Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency At least every 6 months
Penetration testing approach ‘IT Health Check’ performed by a CHECK service provider
Protecting data at rest
  • Physical access control, complying with CSA CCM v3.0
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Physical access control, complying with another standard
  • Encryption of all physical media
Data sanitisation process Yes
Data sanitisation type
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
Equipment disposal approach Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data importing and exporting
Data export approach With support from Axcelot staff, data can be exported in any format supported by Splunk, including csv, xml and json
Data export formats
  • CSV
  • Other
Other data export formats
  • Json
  • Xml
Data import formats
  • CSV
  • Other
Other data import formats Syslog

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
Data protection within supplier network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

Availability and resilience
Guaranteed availability We expect 99.99% availability of services. Compensation for any outage exceeding these limits will be defined as part of contract negotiations.
Approach to resilience We use Amazon AWS London region and deploy resilient architecture in to multiple availability zones. More information on AWS resilience can be found here: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-regions-availability-zones.html
Outage reporting We report outages by email. For significant outages we will contact the client by phone.

Identity and authentication

Identity and authentication
User authentication needed Yes
User authentication
  • 2-factor authentication
  • Limited access network (for example PSN)
  • Dedicated link (for example VPN)
  • Username or password
Access restrictions in management interfaces and support channels All access to the service by the client is over a dedicated VPN from their own infrastructure; access is not possible between clients via this route due to internal routing controls. Access is possible by Axcelot staff, but is limited to using bastion hosts as proxies that are not directly accessible. Axcelot has undergone an IT Health Check for our own management infrastructure.
Access restriction testing frequency At least every 6 months
Management access authentication
  • 2-factor authentication
  • Dedicated link (for example VPN)
  • Username or password

Audit information for users

Audit information for users
Access to user activity audit information Users have access to real-time audit information
How long user audit data is stored for User-defined
Access to supplier activity audit information Users have access to real-time audit information
How long supplier audit data is stored for User-defined
How long system logs are stored for User-defined

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification Yes
Who accredited the ISO/IEC 27001 Pen Test Partners
ISO/IEC 27001 accreditation date 31/07/2019
What the ISO/IEC 27001 doesn’t cover Our ISO27001 certificate covers all aspects of the service
ISO 28000:2007 certification No
CSA STAR certification No
PCI certification No
Other security certifications Yes
Any other security certifications Cyber Essentials Plus

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance certified Yes
Security governance standards
  • ISO/IEC 27001
  • Other
Other security governance standards Cyber Essentials Plus
Information security policies and processes Our CEO is also the Chief Information Security Officer (CISO). Weekly risk management meetings provide a forum for discussing any issues any team member has. We have an ISMS based on ISO27001, managed by an Information Security Manager and corporate policies covering all elements in ISO27002:2013. We undergo external audits on a 6 monthly basis to ensure compliance.

Operational security

Operational security
Configuration and change management standard Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Configuration and change management approach We use a Configuration Management Database (CMDB), integrated with our Change Management and Service Desk systems to track the asset lifecycle. All changes are reviewed at a weekly Change Management meeting, where risks are assess and previous changes reviewed. Emergency changes may be implemented only with the approval of a member of the board.
Vulnerability management type Supplier-defined controls
Vulnerability management approach We use Tenable Nessus to scan our infrastructure on a weekly basis for vulnerabilities. Patches are deployed within seven days of release, unless a risk assessment highlights a need to postpone changes. We maintain contacts with special interest groups and subscribe to multiple threat lists, including those for all of the operating systems, applications and appliances we use.
Protective monitoring type Supplier-defined controls
Protective monitoring approach Axcelot runs a 24x7 Cyber Security Operations Centre (SOC), which monitors all aspects of the service, as well as systems from other clients, using Splunk Enterprise Security. Incident response is undertaken by the SOC using playbooks for particular scenarios. If we were to suffer a client-impacting breach we would immediately inform the client, with details of what happened and an assessment of the client data compromised. We would then work in partnership with the client to mitigate the effects of the breach.
Incident management type Supplier-defined controls
Incident management approach There are a number of pre-defined processes that cover the majority of common breaches. These may be invoked either through our own monitoring of the service, or as a result of a client contacting the Axcelot Service Desk. Incident reports would be available upon request.

Secure development

Secure development
Approach to secure software development best practice Conforms to a recognised standard, but self-assessed

Public sector networks

Public sector networks
Connection to public sector networks Yes
Connected networks Public Services Network (PSN)

Pricing

Pricing
Price £3000 per gigabyte per day
Discount for educational organisations Yes
Free trial available No

Service documents

pdf document: Pricing document pdf document: Terms and conditions
Service documents
Return to top ↑