S3 Ltd

Egress Prevent - Integrated Email Cloud Security - Outbound

Egress Prevent protects against data breaches by reducing human activated risk.
Intelligent DLP technologies combine with custom policies and machine learning to:
detect accidental and malicious data loss
alert users to potential data breaches
stop them before they happen with real-time prompts.

Misdirected Emails, Mis-attached file detection & Content Analysis.

Features

• Automatically detects misaddressed emails and incorrectly attached files
• DLP policies block malicious exfiltration of sensitive information
• Contextual content analysis; email parts/attachments to detect anomalous content
• Social graph/machine learning discover relationship strengths detect anomalous recipients
• Senders are immediately prompted when anomalous behaviours are detected
• Integrates with Azure Information Protection to enforce DLP policies
• Analytics dashboards/granular reporting user interaction with Egress advice prompts
• Real-time risk assessment as emails are being composed
• Policy-based detection; large numbers of recipients results in prompts
• Full mobile device support

Benefits

• Protects against data breaches by reducing human activated risk
• Lowers administration overhead with intelligent self-learning outbound detection
• Reduces user friction; engaging and warning only when risk evident
• Easy to deploy and maintain cloud service
• Provides visibility and quantifies risk based on user behaviours
• Identifies users likely to benefit from additional security awareness training
• Identifies non-compliant usage by potentially compromised accounts/malicious employees
• Maintains user productivity with full mobile device support
• Seamless DLP integration with Egress Protect encrypts/protects email transit
• Seamless integration with KnowBe4 security awareness training & simulated phishing

£25 a user a year

• Education pricing available
• Free trial available

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at tony.mason@s3-uk.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

103843141451079

Contact

Tony Mason
01628 362784
tony.mason@s3-uk.com

Service scope

• Software add-on or extension: Yes, but can also be used as a standalone service
• What software services is the service an extension to: Prevent provides an add-in for Microsoft Outlook (thick client and OWA). Egress Gateway integrates with Microsoft Exchange via SDX Transport Agent or via SMTP connectors.
• Cloud deployment model: Public cloud
• Service constraints: N/a
• System requirements:
  • Egress Client: MS Windows 8, 10
  • Egress for MS Outlook: MS Outlook 2013, 2016, 2019, O365

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: SLAs are defined in the Terms and Conditions. A question is treated as a Service Request, Severity Level 4.
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: None or don’t know
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: Web chat
• Web chat support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support accessibility standard: None or don’t know
• How the web chat support is accessible: To chat directly with Egress' Support Team, select the 'Help' icon that 'pops up' in the bottom right-hand corner of any of our web pages, here https://www.egress.com/
• Web chat accessibility testing: No testing has been conducted with assistive technology users.
• Onsite support: Yes, at extra cost
• Support levels: Basic Support (online and remote support only); Premium Support (telephone support between 09:00- 18:00 in weekdays); 24x7 support (Phone support only); ; Support is included in the service subscription and not charged as a separate item.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: Customers purchasing Prevent can benefit from:; ; - A dedicated Professional Services engineer who will perform the installation and initial configuration until the customer is happy with the service; ; - Technical documentation and user guides which can be used for training purposes.; ; - Communications packs to share with internal users
• Service documentation: Yes
• Documentation formats: PDF
• End-of-contract data extraction: N/a - The add-in will no longer provide Prevent advice for users.; The customer should un-install the Outlook add-in
• End-of-contract process: The add-in will no longer provide Prevent advice for users.; The customer should un-install the Outlook add-in

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
• Application to install: Yes
• Compatible operating systems:
  • Android
  • IOS
  • MacOS
  • Windows
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: There are no direct plug-ins for mobile, unlike Prevent for desktop.; Mobile requires a Prevent Gateway
• Service interface: No
• User support accessibility: None or don’t know
• API: No
• Customisation available: Yes
• Description of customisation: There are a number of configuration options available to system administrators which allow them to customise which Prevent functionality is enabled. This includes the ability to protect against mistakes, accidental send, accidental or malicious release of content and suggested behaviour. In addition, system administrators can customise functions such as system sensitivity, machine learning/AI settings and custom user messaging.

Scaling

• Independence of resources: Service credits are required to be paid to Egress customers in the event that Service Level Performance Measure falls below the Availability Target of 99.90% in a Service Period. Full details on how service credits are calculated and applied if the SLAs is not met are in the subscription agreement on Service Availability SLAs. The Service credit is % of subscription fee, refunded to customer. One of the key benefits of using public cloud is that features such as availability zones, high-availability and geographical sharing are all utilised to create robust and resilient product architectures. More details available on request.

Analytics

• Service usage metrics: Yes
• Metrics types: Reports on usage for both organisation and user based transactions
• Reporting types: Real-time dashboards

Resellers

• Supplier type: Reseller providing extra features and support
• Organisation whose services are being resold: Egress Prevent

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: Up to Developed Vetting (DV)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations:
  • United Kingdom
  • European Economic Area (EEA)
  • Other locations
• User control over data storage and processing locations: Yes
• Datacentre security standards: Managed by a third party
• Penetration testing frequency: At least once a year
• Penetration testing approach: ‘IT Health Check’ performed by a CHECK service provider
• Protecting data at rest: Encryption of all physical media
• Data sanitisation process: Yes
• Data sanitisation type: Deleted data can’t be directly accessed
• Equipment disposal approach: A third-party destruction service

Data importing and exporting

• Data export approach: N/A
• Data export formats: Other
• Other data export formats: Dashboard
• Data import formats: Other

Data-in-transit protection

• Data protection between buyer and supplier networks: TLS (version 1.2 or above)
• Data protection within supplier network: TLS (version 1.2 or above)

Availability and resilience

• Guaranteed availability: Service credits are required to be paid to Egress customers in the event that the Service Level Performance Measure falls below the Availability Target of 99.90% in a Service Period. Full details on how service credits are calculated and applied if the SLAs is not met are in the subscription agreement on Service Availability SLAs. The Service credit is a % of the subscription fee, refunded to the customer.
• Approach to resilience: One of the key benefits of using public cloud is that features such as availability zones, high-availability and geographical sharing which are all utilised to create robust and resilient product architectures. More details available on request.
• Outage reporting: A public dashboard which is available from our corporate website. Email alerts are available on request.

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • Username or password
  • Other
• Other user authentication: Users are normally authenticated with username/password, with options for IP restrictions, account expirations etc. Passwords are not stored. Instead password hashes computed with a configurable number of rounds of PBKDF2 /SHA256 are stored in the database. SQL-level permissions further restricts access to these hashes to the application (it is not possible to export existing hashes from the database using application credentials, only verify whether the hash in the database matches the provided value).; ; Also, in addition or instead of username/password, single sign on with external identity providers using WS-FED, SAML and Open ID Connect (Office 365, Google auth and others).
• Access restrictions in management interfaces and support channels: Access to management interfaces and support channels are restricted by both procedural and technical enforced security including infrastructure restrictions and privileged access management software
• Access restriction testing frequency: At least once a year
• Management access authentication:
  • 2-factor authentication
  • Dedicated link (for example VPN)
  • Username or password

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: At least 12 months
• Access to supplier activity audit information: Users contact the support team to get audit information
• How long supplier audit data is stored for: User-defined
• How long system logs are stored for: Between 1 month and 6 months

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: BSI/Schellman
• ISO/IEC 27001 accreditation date: February 29, 2024 (valid until October 31, 2025)
• What the ISO/IEC 27001 doesn’t cover: All Egress-owned offices are currently in scope.
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: Yes
• Who accredited the PCI DSS certification: Trustwave
• PCI DSS accreditation date: 10/10/2019
• What the PCI DSS doesn’t cover: Only online billing (via Paypal) through the Egress website is covered.
• Cyber essentials: Yes
• Cyber essentials plus: Yes
• Other security certifications: Yes
• Any other security certifications:
  • NCSC Commercial Product Assurance (CPA)
  • Common Criteria
  • FIPS 140-2
  • SOC 2 Type 2

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: ISO/IEC 27001
• Information security policies and processes: Egress are ISO27001 certified, with a mature ISMS comprised of relevant, adhered-to policies & procedures (P&P) by all staff. Egress’ ISMS Management Team meet regularly to ensure all P&P remain relevant & are feasible for all departments. All P&P are maintained on an internal Egress Secure Workspace, accessible by all staff (& audited as to who has accessed, downloaded etc. which policies). Egress also run a Security Awareness Programme that includes monthly testing of all staff’s company P&P knowledge

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: The Egress service model is aligned to ITIL v4. It has defined processes and procedures for Change and Configuration Management. The Service Management team are responsible for the coordinating and scheduling of changes. Configuration Management is managed by automation tools that track the states of desired configurations and report on deviations, in addition to audit logs.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: Egress conduct annual penetration tests with external providers, plus whenever there is a major change to the architecture/application or a significant information security incident. Security threats are assessed via alerts from security bulletins from a wide range of vendors as well as independent information security providers. System and software patches are usually applied within two days of being available. Depending on the severity, patches may be applied quicker. The Egress Change Control Process includes steps to ensure that security impact of changes is considered. The roll-back procedure ensures that service is not adversely impacted by a change.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: Egress leverages security assessment tools natively provided by the cloud provider to monitor threats to resources hosted in public cloud environments.
• Incident management type: Supplier-defined controls
• Incident management approach: A Security incident is reported to Customer Services channels (via telephone, email, logging a ticket or online chat). A Security Incident is then passed to the Operational Security team to assess the impact and of the incident and engineer resource is engaged to investigate if a breach has occurred and take appropriate action

Secure development

• Approach to secure software development best practice: Conforms to a recognised standard, but self-assessed

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Equal opportunity

  Fighting climate change

  “Do what you can, with what you have, where you are". An ethos that underpins Egress’ approach to ESG. Whilst we are proud with the steps that we have already taken, we recognise that to lead on sustainability and fighting climate change, we need to regularly review and evaluate what we do to ensure that we are doing all we can for a company of our size. Our environmental programme is designed to enable us to have impact both globally and in the local communities where we live and work. We look to impact globally through our contributions to Ecologi through whom we have planted nearly 100,000 trees and offset 6,000 tonnes of CO2, supporting projects around the world which reduce the creation and impact of carbon: https://ecologi.com/egresssoftwaretechnologiesgroup. We partner locally with wildlife organisations around our offices in the UK, Canada and the United States: https://www.egress.com/environment-social-governance/environment. We have publicly committed to reducing our carbon footprint through our signing of the Tech Zero pledge. This now drives further initiatives that we have planned over the coming 12 months to monitor our Scope 1, 2 and 3 emissions: https://techzero.technation.io/. We are signatories to The Climate Coalition and Microsoft's Partner Pledge. We aim to make sustainability a part of our engagements moving forward, and already use terms from The Chancery Lane Project in our standard terms of business: https://chancerylaneproject.org/. Our Group General Counsel was one of the first 40 in-house lawyers to engage with Lawyers for Net Zero and remains engaged with them: https://www.lawyersfornetzero.com/. We have established a Supplier Code of Conduct which sets out our expectations in respect of a variety of issues, including those relating to ethical business conduct, human rights, environmental sustainability, and inclusion: https://www.egress.com/legal/supplier-conduct.

  Equal opportunity

  At Egress, we are committed to diversity, equality and inclusion. We are proud of the progress we have made in improving inclusion in our workplace in recent years, whilst recognising there are still areas where more needs to be done. We are fervent in our adherence to fair and transparent processes in recruitment, progression and promotion, supported by the ongoing delivery of company-wide awareness programmes on Diversity and Inclusion.; Female representation: In common with many technically biased organisations, we recognise that women are underrepresented in our workforce, but we have taken great strides to address this imbalance. Female representation in our workplace has grown from 20% three years ago to over 30% today, and we aim to continue increasing this figure year on year.; BAME representation: We seek a workforce that represents the communities it is drawn from, and we constantly seek a diverse population of candidates to fill our open positions at all levels, and across all disciplines. The representation of Black, Asian and Minority Ethnic employees in our workforce has been consistently above the national average for many years.; Egress Diversity & Belonging Forum: Our Diversity and Belonging Forum is for everyone – just like our workplace. The more voices we have represented and amplified in Egress, the more we will all thrive, contribute and succeed. No matter who we are, we all have a role to play in creating equity. Our forum is here to educate our workplace community, foster an inclusive culture and to empower people by respecting and celebrating what makes them different.; ; We have a strict Anti-Slavery and Human Trafficking policy which is communicated to all staff and our supply chain.; ; Further information on the work we are doing around Diversity, gender & equality can be viewed here: https://www.egress.com/environment-social-governance/diversity

Pricing

• Price: £25 a user a year
• Discount for educational organisations: Yes
• Free trial available: Yes
• Description of free trial: For more information contact Security Software Solutions Ltd sales@s3-uk.com
• Link to free trial: Sales@s3-uk.com

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at tony.mason@s3-uk.com. Tell them what format you need. It will help if you say what assistive technology you use.