Barrier Networks

Barrier Networks F5 Distributed Cloud (WAF & DDOS)

F5 Distributed Cloud Services are SaaS-based security, networking, and application management services that enable customers to deploy, secure, and operate their applications in a cloud-native environment wherever needed–data center, multi-cloud, or the network or enterprise edge.

Features

• DDOS Protection
• Hybrid Signalling
• Real-Time Cloud Scrubbing
• Fully Managed Service
• Multiple Deployment Modes
• Visibility and Reporting of DDOS Attack
• Subscription Model
• Web Application Firewall

Benefits

• Improve resilience to DDOS attack
• Protect against DDOS Attack Vectors
• Transparency and Attack Mitigation
• Multi-Terabit Capacity
• Integration with on-premise DDOS solutions

£999,999 a licence a year

• Education pricing available
• Free trial available

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at info@barriernetworks.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

124196980846937

Contact

Iain Slater
0141 356 0101
info@barriernetworks.com

Service scope

• Software add-on or extension: No
• Cloud deployment model: Public cloud
• Service constraints: Fully SaaS model so no service constraints.
• System requirements: N/a

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Depends on the severity of the request. From 30 mins for Severity 1 to 24hrs - Severity 4.
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: None or don’t know
• Phone support: Yes
• Phone support availability: 24 hours, 7 days a week
• Web chat support: Yes, at an extra cost
• Web chat support availability: 24 hours, 7 days a week
• Web chat support accessibility standard: None or don’t know
• How the web chat support is accessible: N/a
• Web chat accessibility testing: N/a
• Onsite support: Yes, at extra cost
• Support levels: SEVERITY 1 (URGENT) SITE DOWN - Initial Response: 30 min (phone only): Software/hardware conditions on F5 instance are preventing the execution of high level commerce or critical business activities, including remote access to critical applications. The instance ; will not power up or is not passing traffic to the detriment of business-critical applications. ; Security Issue: Critical business impact due to an attack or vulnerability.; ; SEVERITY 2 (HIGH) SITE AT RISK; Initial Response: 2 hrs; Software/hardware on F5 instance is significantly impairing business activities, including remote access to critical applications. The instance status is putting your network or commerce at risk.; Security Issue: Severe business impact due to an attack, vulnerability, compliance, or data at risk.; ; SEVERITY 3 (MEDIUM) PERFORMANCE DEGRADED; Initial Response: 4 hrs; Software/hardware on F5 instance is degraded and this could further impact your traffic or business-critical applications. ; Security Issue: Potential or partial business impact related to mitigation, audit results or vulnerability.; ; SEVERITY 4 (LOW) GENERAL ASSISTANCE; Initial Response: 24 hrs; General questions and troubleshooting of non-critical F5 software/hardware instances. Requests for product functionality or solutions which are not currently part of solution.; Security Issue: General security related questions and/or concerns which are not related to an immediate need.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: Pre-sales consultancy; Online training; User documentation
• Service documentation: Yes
• Documentation formats:
  • HTML
  • PDF
• End-of-contract data extraction: No user data is retained as part of the service.
• End-of-contract process: Renewal notice issued 90 days prior to contract end date.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: The service has been optimised for mobile devices.
• Service interface: No
• User support accessibility: None or don’t know
• API: Yes
• What users can and can't do using the API: Configuration and Analysis
• API documentation: Yes
• API documentation formats:
  • Open API (also known as Swagger)
  • HTML
  • PDF
• API sandbox or test environment: Yes
• Customisation available: Yes
• Description of customisation: User Interface customisation; Role Based Access Control

Scaling

• Independence of resources: Unlike other DDoS cloud-scrubbing services that process traffic symmetrically, degrading the user experience with slow page load times or broken links, Silverline DDoS Protection has several asymmetric traffic return mechanisms. These include Layer 2 VPN (L2VPN) technology, allowing high-traffic sites to take advantage of protection without affecting the user experience. Only a fraction of the bandwidth is required to process inbound traffic, ensuring normal delivery of traffic back to your users with the lowest rate of false positives and with maximum performance.

Analytics

• Service usage metrics: Yes
• Metrics types: Attack volume, Clean bandwidth
• Reporting types:
  • API access
  • Real-time dashboards
  • Reports on request

Resellers

• Supplier type: Reseller providing extra support
• Organisation whose services are being resold: F5

Staff security

• Staff security clearance: Conforms to BS7858:2019
• Government security clearance: Up to Developed Vetting (DV)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations:
  • United Kingdom
  • European Economic Area (EEA)
  • Other locations
• User control over data storage and processing locations: Yes
• Datacentre security standards: Managed by a third party
• Penetration testing frequency: At least once a year
• Penetration testing approach: Another external penetration testing organisation
• Protecting data at rest: Encryption of all physical media
• Data sanitisation process: Yes
• Data sanitisation type:
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
• Equipment disposal approach: A third-party destruction service

Data importing and exporting

• Data export approach: Available to download from the Silverline Portal; API
• Data export formats:
  • CSV
  • Other
• Other data export formats: Syslog
• Data import formats: CSV

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

• Guaranteed availability: The DDoS Service has a 99.99% Uptime.; The Time to Notify is 15 minutes and the Time to Mitigate is 15 minutes.; Based on the duration of Service Outage, Customer is entitled to Service Credits.; > 60 consecutive seconds | 2 Days; > 60 consecutive minutes | 5 Days; > 24 consecutive hours | 10 Days
• Approach to resilience: Each of F5’s 5 scrubbing centers is equipped with 800 Gbps Internet bandwidth from Tier 1 carriers.; • Arelion; • Lumen; • NTT; As we operate a global IP Anycast network we can block/soak up to 13 Tbps across our scrubbing centers. In addition to this we have a contract with our providers to be able to push ACL’s into their carrier routers to block identified attackers upstream. This gives us the possibility to mitigate attack bandwidth of up to 2 Tbps with no impact on other customers being protected by our scrubbing center.
• Outage reporting: We have multiple forms of reporting. Any planned maintenance is proactively communicated to customers. Unplanned notifications are displayed in the portal and communication to customers through their chosen medium, usually email. We also produce post-incident reports so that customers fully understand the issue and outline remediation to prevent an occurrence again.; These communications are available by a portal and email.

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Limited access network (for example PSN)
  • Dedicated link (for example VPN)
  • Username or password
• Access restrictions in management interfaces and support channels: Role based access control.
• Access restriction testing frequency: At least every 6 months
• Management access authentication:
  • Identity federation with existing provider (for example Google Apps)
  • Username or password

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: User-defined
• Access to supplier activity audit information: Users have access to real-time audit information
• How long supplier audit data is stored for: User-defined
• How long system logs are stored for: User-defined

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: .....
• ISO/IEC 27001 accreditation date: .....
• What the ISO/IEC 27001 doesn’t cover: N/a
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: Yes
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: Other
• Other security governance standards: Cyber Essentials Plus
• Information security policies and processes: All staff comply with Barrier Networks own Information Security Policy

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: Barrier Networks’s configuration & change management is aligned to the ITIL processes to implement all approved changes as requested.; ; Through the use of a Change Advisory Board (CAB) Barrier Networks ensure all stakeholders are engaged and agreed, including the Technical Security Group on customer side and Barrier Networks side. All changes are logged.
• Vulnerability management type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Vulnerability management approach: Barrier Networks, as a cyber security company, have a strict Vulnerability Management Process based on the following 6 point framework:; ; Continuous Vigilance with regular internal and external scanning and alerting.; Threat assessment and threat definition including business impact assessment.; Policy design and implementation.; Asset impact and inventory identification of hosts, applications and devices.; Ongoing threat intelligence from global, UK government and private feeds including our scanning tools.; Understanding and assessment of known vulnerabilities and remediation including patches immediately on NCSC guidance.
• Protective monitoring type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Protective monitoring approach: Barrier Networks use a number of tools for protective monitoring, primarily our own Security Information & Event Management Solution (SIEM) which is operating in the Barrier Networks SOC. We have a detailed incident response process which operated 24 x 7, 365 days per year.; Barrier Networks have a team of SOC analysts monitoring incidents and typically respond within 15 minutes
• Incident management type: Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
• Incident management approach: The standard Barrier Network service and methodology to this process is detailed below.; - Prioritise, assign and resolve the incident.; - Own the resolution of the incident; - Ensure incident records are updated; - Ensure closure of incidents accurately and effectively.; - Ensure Route Cause Analysis (RCA) is completed for all High/P1 and Medium/P2s in accordance with service levels

Secure development

• Approach to secure software development best practice: Supplier-defined process

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  • Equal opportunity
  • Wellbeing

  Equal opportunity

  • To create an environment in which individual differences and the contributions of all our staff are recognised and valued.; • Every employee is entitled to a working environment that promotes dignity and respect to all. No form of intimidation, bullying or harassment will be tolerated.; • Training, development and progression opportunities are available to all staff.; • To promote equality in the workplace which we believe is good management practice and makes sound business sense.; • We will review all our employment practices and procedures to ensure fairness.; • Breaches of our Equality Policy will be regarded as misconduct and could lead to disciplinary proceedings.; • This policy is fully supported by Senior Management.; • The policy will be monitored and reviewed regularly.

  Wellbeing

  • We promote an open, supportive company culture where employees look out for one another and feel comfortable discussing any difficulties. Mental health is valued equally to physical health.; • Employees have access to confidential counselling, therapy, and other mental health resources through our employee assistance program.; • We encourage taking time off when needed for mental health days in addition to sick days. Employees are trusted to manage their time off responsibly.; • Training is provided to managers on recognizing signs of burnout, ; work overload, and other mental health concerns. Managers work to ; proactively address issues and reduce employee stress.; • Employee workloads and schedules are designed to be reasonable ; and sustainable. ; • Wellness initiatives like meditation breaks, stress management ; workshops, mindfulness programs, and social events are offered ; throughout the year.

Pricing

• Price: £999,999 a licence a year
• Discount for educational organisations: Yes
• Free trial available: Yes
• Description of free trial: Full featured, time limited trial license
• Link to free trial: https://www.f5.com/trials

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at info@barriernetworks.com. Tell them what format you need. It will help if you say what assistive technology you use.