EITEC LTD

Cloud Vulnerability Management and Scanning

EITEC provides a Vulnerability Management solution powered by F-Secure.

F-Secure Vulnerability Management - Radar

Features

  • Cloud or On Premise based Vulnerability Management scanning tool
  • Comprehensive visibility with deep internal network asset scanning
  • Comprehensive visibility with deep website scanning
  • Comprehensive visibility with deep web application scanning
  • Comprehensive visibility on shadow IT
  • PCI DSS compliance
  • API integration
  • Easy-to-use automated reporting
  • Comprehensive data on vulnerabilities
  • Identify missing security patches and outdated software

Benefits

  • Reduce the risk of attack by improving the security posture
  • 30+ Years of understanding malware attacks
  • Fast scanning of environment to understand environment risks
  • Expose black holes within the environment
  • Prevent attacks through software misconfigurations in services & operating systems
  • Pre build easy to use reports such as PCI DSS
  • Prevent attacks network devices & missing security patches
  • Discovers brand violations and attempted scams on your business
  • Compliant with EU regulations and continuous compliance scanning reducing risk

Pricing

£8 to £209 a licence

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at gcloud@eitec.uk. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 12

Service ID

7 6 4 2 7 4 1 6 3 6 2 2 9 7 0

Contact

EITEC LTD Michelle Smith
Telephone: 020 8798 0151
Email: gcloud@eitec.uk

Service scope

Software add-on or extension
No
Cloud deployment model
Public cloud
Service constraints
None
System requirements
  • Management Portal requires internet connectivity
  • Microsoft Authentication application for 2FA

User support

Email or online ticketing support
Email or online ticketing
Support response times
Support is available during normal business hours.
User can manage status and priority of support tickets
No
Phone support
Yes
Phone support availability
9 to 5 (UK time), Monday to Friday
Web chat support
No
Onsite support
Yes, at extra cost
Support levels
Standard support is available during normal business hours . EITEC Ltd can provide enhanced support as part of our G Cloud 12 Cloud support service. EITEC Ltd also provides a dedicated account manager and F-Secure certified support engineers.
Support available to third parties
Yes

Onboarding and offboarding

Getting started
EITEC Ltd is a F-Secure Partner with a proven track record of deploying F-Secure into Central & Local Government, Education, 3rd Sector and Private sector.
Service documentation
Yes
Documentation formats
  • HTML
  • PDF
End-of-contract data extraction
F-Secure is a security element and will only hold device data. This can be extracted from the system and then deleted at the end of the contract.
End-of-contract process
End-of-contract process:
1) Deliberate end of the contract. F-Secure Vulnerability Management solution is a subscription service which can only be legally used when in contract. If the customer no longer requires the use of F-Secure Vulnerability Management solution then they must uninstall all Radar scan nodes. At this point, no further scanning or reporting is offered by F-Secure, no new data will be entered into F-Secure Vulnerability Management console and the data will be cleared down after 30 days.

2) Accidental end of the contract. In the event of a renewal being missed but the service still being desired, the customer should enter an immediate discussion with their F-Secure Account Manager to discuss options around continued use of the service. F-Secure will not immediately close the portal as this would prevent legitimate mistakes from being corrected. The automated scanning will continue to run for a short grace period, again to enable accidental lapse in contract to be rectified.

Using the service

Web browser interface
Yes
Supported browsers
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
  • Opera
Application to install
Yes
Compatible operating systems
  • Linux or Unix
  • Windows
Designed for use on mobile devices
No
Service interface
No
API
Yes
What users can and can't do using the API
F-Secure provides SIEM/API integration capability to take all security related data from the Radar console.
API documentation
Yes
API documentation formats
  • Open API (also known as Swagger)
  • HTML
  • PDF
API sandbox or test environment
No
Customisation available
No

Scaling

Independence of resources
F-Secure Vulnerability Management cloud solution is hosted within AWS and utilities Elastic Scaling features to automatically adjust capability as scope demands. This is all done transparently to the user so no customer process is required.

Analytics

Service usage metrics
Yes
Metrics types
Vulnerability information per asset
Vulnerability severity score per asset
Reporting types
  • API access
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

Supplier type
Reseller providing extra support
Organisation whose services are being resold
F-Secure

Staff security

Staff security clearance
Conforms to BS7858:2012
Government security clearance
Up to Developed Vetting (DV)

Asset protection

Knowledge of data storage and processing locations
Yes
Data storage and processing locations
United Kingdom
User control over data storage and processing locations
No
Datacentre security standards
Managed by a third party
Penetration testing frequency
At least once a year
Penetration testing approach
In-house
Protecting data at rest
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Physical access control, complying with another standard
  • Encryption of all physical media
  • Scale, obfuscating techniques, or data storage sharding
Data sanitisation process
No
Equipment disposal approach
A third-party destruction service

Data importing and exporting

Data export approach
Word and excel report data can be exported from the Radar. The API integration allows data from the Radar platform to be exported to a SIEM solution via a schedule.
Data export formats
  • CSV
  • Other
Other data export formats
  • Excel
  • HTML
  • Word
  • CSV
Data import formats
CSV

Data-in-transit protection

Data protection between buyer and supplier networks
  • TLS (version 1.2 or above)
  • Legacy SSL and TLS (under version 1.2)
  • Other
Other protection between networks
Communication from the client to the Cloud is performed over HTTPS to secure the data and to enable the client to trust the server
Data protection within supplier network
  • TLS (version 1.2 or above)
  • Legacy SSL and TLS (under version 1.2)
  • Other
Other protection within supplier network
All stored data is encrypted and all applications are secured and running on secured operating systems.

Availability and resilience

Guaranteed availability
Every piece of data is stored in database clusters that is, at a minimum, triplicated. Event-driven clustered replication, with a replication factor of at least three, ensures two database instances in our cluster can fail and data will still remain available. Being event-driven, any database change is immediately pushed to all instances in the cluster, rather than changes being replicated on a schedule, making sure that even when an instance fails, the full dataset is available on failover instances.
Approach to resilience
Each instance of a database is supported with its own storage volume which is snapshotted hourly. These instances are transient, with only the storage volumes persisting. This enables us to destroy database instances without fear of data loss thanks to the cluster replication factors. Vulnerabilities in database applications, operating systems can be rapidly addressed without data loss.
Outage reporting
Real-time status information is available at blog.F-Secure.com, registration can be done on this page to receive email alerts sent to the F-Secure administrator.

Identity and authentication

User authentication needed
Yes
User authentication
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Username or password
  • Other
Other user authentication
Microsoft Authentication App
Access restrictions in management interfaces and support channels
A number of pre-defined administrative roles can be assigned to users and groups to restrict access to data as well as restricting them from making changes to settings and configurations.

Access to the platform can be controlled by whitelisting and blacklisting of external IPs.
Access restriction testing frequency
At least once a year
Management access authentication
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Username or password
  • Other
Description of management access authentication
Microsoft Authentication App

Audit information for users

Access to user activity audit information
Users contact the support team to get audit information
How long user audit data is stored for
At least 12 months
Access to supplier activity audit information
Users contact the support team to get audit information
How long supplier audit data is stored for
At least 12 months
How long system logs are stored for
At least 12 months

Standards and certifications

ISO/IEC 27001 certification
Yes
Who accredited the ISO/IEC 27001
BSI
ISO/IEC 27001 accreditation date
19/10/2016
What the ISO/IEC 27001 doesn’t cover
N/A
ISO 28000:2007 certification
No
CSA STAR certification
No
PCI certification
No
Other security certifications
Yes
Any other security certifications
  • Cyber Essential Plus (EITEC Ltd)
  • NIST Cyber Security Framework (F-Secure)
  • NYDFS Cybersecurity Regulation (F-Secure)
  • The EU Directive on Security of Network and Information Systems
  • Cyber Essentials (F-Secure)

Security governance

Named board-level person responsible for service security
Yes
Security governance certified
Yes
Security governance standards
  • ISO/IEC 27001
  • Other
Other security governance standards
F-Secure regularly undergoes SOC Type 1 auditing and can provide access to the report under NDA. SOC Type 2 auditing is currently in progress.

F-Secure has obtained Cyber Security Essentials certification.

EITEC Ltd has obtained Cyber Security Essentials Plus certification.
Information security policies and processes
F-Secure’ global security team monitor all logging data from F-Secure platforms and its related services 24/7/365. F-Secure have an internal forensic capability in the event of a data breach for rapid incident response.

F-Secure regularly undergoes SOC Type 1 auditing and can provide access to the report under NDA. SOC Type 2 auditing is currently in progress.

Operational security

Configuration and change management standard
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Configuration and change management approach
Notifications, alerts and Change Management will be provided directly from F-Secure through their cloud system.
Vulnerability management type
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Vulnerability management approach
The F-Secure senior management team has overall responsibility for this policy, and for reviewing the effectiveness of actions taken in response to concerns raised under this policy. Various officers of F-Secure have day-to-day operational responsibility for this policy, and must ensure that all managers and other staff who may deal with concerns or investigations under this policy receive regular and appropriate training.
Protective monitoring type
Supplier-defined controls
Protective monitoring approach
F-Secure utilises, within their system a product called - Process Monitor. This is a free tool from Windows Sys internals, which is part of the Microsoft TechNet website. The tool monitors and displays in real-time all file system activity on a Microsoft Windows operating system. Process Monitor is useful for troubleshooting issues when we need to identify the files or registry keys an application is accessing.
Incident management type
Supplier-defined controls
Incident management approach
Incident management approach. Automated Incident Response
Security information is shared and acted on automatically across the platform. F-Secure Vulnerability Management solution is a multi tenanted solution and therefore all customer areas are segregated to the standard for cloud environments, acting on 99.9% availability.

Secure development

Approach to secure software development best practice
Conforms to a recognised standard, but self-assessed

Public sector networks

Connection to public sector networks
No

Pricing

Price
£8 to £209 a licence
Discount for educational organisations
Yes
Free trial available
Yes
Description of free trial
The link to the trial below allows potential buyers to try the full version of the service for 30 days.
Link to free trial
https://www.f-secure.com/gb-en/business/solutions/vulnerability-management/radar

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at gcloud@eitec.uk. Tell them what format you need. It will help if you say what assistive technology you use.