ITHQ LTD

Protective DNS and content filtering

DNSFilter provides protective DNS and content filtering services, blocking malicious sites and inappropriate content at the DNS level. It features easy policy creation, roaming client support, and flexible deployment options, suitable for diverse environments including remote work settings.

Features

• DNS Filtering: Blocks threats like ransomware and phishing effectively.
• Content Filtering: Filters inappropriate or unsafe web content.
• Roaming Clients: Extends protection to devices outside the network.
• Malicious Domain Protection: Stops new threats using machine learning
• Flexible Deployment: Easy setup with agentless or agent-based options.
• Real-Time Reporting: Offers insights into network activity and threats.
• Anycast Network: Ensures fast, reliable DNS resolution globally.
• Web Categorisation: Classifies billions of webpages automatically.
• AppAware: Blocks risky applications with a single click.
• Universal Lists: Simplify domain blocking or allowance across networks.

Benefits

• Increases Productivity: Blocks distracting sites, focusing employee online activities.
• Enhances Security: Prevents access to malicious and risky websites.
• Simplifies Management: Deploy and manage security policies easily from anywhere.
• Supports Compliance: Helps meet regulatory requirements with robust content filtering.
• Improves Network Performance: Reduces latency with global Anycast DNS network.
• Offers Scalability: Scales easily with organisational growth or demand.
• Protects Remote Work: Ensures security for off-network devices anywhere.
• Facilitates Detailed Insights: Delivers real-time user activity and threat reports.
• Reduces IT Workload: Automates many network security tasks efficiently.
• Promotes Safe Browsing: Blocks newly-registered and potentially harmful domains.

£0.72 a user a month

• Education pricing available

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at bidteam@ithq.pro. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

300332834763712

Contact

Dale Nursten
02039977979
bidteam@ithq.pro

Service scope

• Software add-on or extension: No
• Cloud deployment model:
  • Public cloud
  • Hybrid cloud
• Service constraints: DNSFilter operates primarily in the cloud, which allows for flexibility but introduces certain constraints:; ; Internet Dependency: Continuous internet access is required for real-time filtering and protection.; Scheduled Maintenance: While DNSFilter aims for minimal disruption, scheduled maintenance could affect accessibility.; Hardware Limitations: There are no specific hardware constraints due to its cloud nature.; Regional Availability: Service might vary by geographic location due to regulatory and compliance factors.
• System requirements:
  • Supports Windows 10, 11 (x86, x64); requires .NET Framework 4.5+
  • MacOS Client supports Catalina to Sonoma
  • Supports Chromebooks and Chrome browsers
  • Works with all major web browsers.
  • Linux roaming desktop support via DNS Relay
  • DNSFilter Android and iOS apps protect roaming mobile clients network-wide.
  • Optional for enhanced off-network protection.
  • Basic system performance sufficient; no heavy requirements.
  • Supports API integration; API key access needed.

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Dependent on SLA purchased, we have three; 8x5xNDB, 8x5x4 and 24x7x4
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: None or don’t know
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), 7 days a week
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: DNSFilter offers different levels of support tailored to various customer needs:; ; Standard Support:; Included with all plans.; Access to the DNSFilter knowledge base, email, and live chat support.; Standard ticket handling.; Premium Support (additional cost):; Prioritised case handling: Tickets are directed to on-call engineers for faster response.; 24/7 urgent phone support provided.; Costs an additional 20% of the plan cost with a minimum monthly spend of $1,000.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: ITHQ will support the on-boarding of the solution with an agreed Scope of Works document customised to meet the customers' requirements.
• Service documentation: Yes
• Documentation formats: PDF
• End-of-contract data extraction: Data export tools within the platform.
• End-of-contract process: At the end of the contract the customer will be offered the option of extending their subscription or ceasing to use the platform.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
• Application to install: Yes
• Compatible operating systems:
  • Android
  • IOS
  • MacOS
  • Windows
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: DNSFilter has been designed to work on mobile devices.; ; Differences between the mobile and desktop service:; ; Deployment: Mobile deployments use roaming clients, allowing DNS protection both on and off the network. Desktops may use either roaming clients or network-based filters.; Interface: The mobile interface is optimized for smaller screens and touch interactions, while the desktop version might offer more detailed configurations accessible via a standard web interface.; Functionality: While core functions like DNS filtering and threat protection are consistent across platforms, certain advanced management features might be more accessible or configurable on desktop environments due to interface limitations on mobile.
• Service interface: No
• User support accessibility: None or don’t know
• API: Yes
• What users can and can't do using the API: How Users Can Set Up the Service Through the API:; Users can fully configure their DNSFilter service using the API, including creating and applying DNS policies, adding and configuring network sites, and setting up user groups. This allows for automated, script-driven setups that can be highly customized based on the organization's requirements.; ; How Users Can Make Changes Through the API:; Modifications can be made post-setup to adapt to changing security needs. This includes updating existing DNS policies, adjusting block/allow lists, managing user settings, and adding or removing network configurations. The API enables dynamic management, providing flexibility to respond quickly to threats or policy adjustments.; ; Limitations to How Users Can Set Up or Make Changes Through the API:; ; Access Levels: Certain API functions are limited by user subscription tiers, potentially restricting full capabilities to higher-tier users.; Rate Limiting: DNSFilter imposes rate limits on API usage to ensure stability and fairness among users. Exceeding these limits can result in temporary blocks, requiring efficient call management.; Feature Completeness: Not all dashboard functionalities are available via the API, especially those requiring complex interactions or visual feedback, necessitating occasional manual intervention through the DNSFilter user interface.
• API documentation: Yes
• API documentation formats:
  • HTML
  • PDF
• API sandbox or test environment: No
• Customisation available: Yes
• Description of customisation: DNSFilter offers extensive customisation options to ensure that its protective DNS and content filtering services align closely with an organisation's specific security needs and policies.; ; What Can Be Customised:; ; DNS Policies: Users can define what types of sites or content are blocked or allowed, based on categories like security risks, adult content, social media, and more.; Content Filtering Settings: Detailed rules can be set to block or allow specific websites or URLs.; Block/Allow Lists: Universal or specific lists can be configured to consistently manage access across the network.; Roaming Clients: Settings for roaming clients can be customized to apply the same filtering rules to mobile or remote devices as those connected directly to the corporate network.; How Users Can Customise:; ; Customisations are primarily made through the DNSFilter dashboard, where users can interact with a user-friendly interface to configure policies, manage lists, and set up roaming clients.; Advanced configurations can also be handled through the DNSFilter API, which allows for programmatically managing settings and integrating with other systems.; Who Can Customize:; ; IT administrators roles are granted the necessary permissions to access the management dashboard or API to make changes that align with the organisation’s security protocols and compliance requirements.

Scaling

• Independence of resources: DNSFilter ensures consistent user experience through scalable cloud infrastructure and advanced traffic management techniques. Key strategies include:; ; Scalable Infrastructure: Automatically adjusts resources to handle demand surges without service degradation.; Anycast Network: Distributes DNS queries across multiple servers globally, reducing load on individual servers.; Resource Isolation: Uses virtualisation to prevent one user's activity from impacting another's.; Traffic Prioritisation: Manages and prioritises traffic to maintain stability under heavy loads.; Continuous Monitoring and Auto-Scaling: Monitors performance and scales resources as needed.

Analytics

• Service usage metrics: Yes
• Metrics types: Threat Reports: Information on detected and blocked threats, allowing users to assess the security effectiveness and identify trends.; Traffic Analysis: Data on DNS traffic patterns, including the most frequently queried domains and blocked attempts, to help understand user behaviour and risks.; Policy Compliance: Metrics on how well users and devices comply with established DNS policies, highlighting potential areas for policy adjustment.; Detailed logs of DNS queries, including time stamps, query types, and outcomes, which are crucial for audit trails and historical analysis.; Real-time views of system health and performance, providing alerts on any operational issues that may affect service delivery.
• Reporting types:
  • API access
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

• Supplier type: Reseller providing extra features and support
• Organisation whose services are being resold: DNSFilter

Staff security

• Staff security clearance: Conforms to BS7858:2019
• Government security clearance: Up to Security Clearance (SC)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations:
  • United Kingdom
  • European Economic Area (EEA)
  • Other locations
• User control over data storage and processing locations: No
• Datacentre security standards: Supplier-defined controls
• Penetration testing frequency: Less than once a year
• Penetration testing approach: Another external penetration testing organisation
• Protecting data at rest:
  • Physical access control, complying with another standard
  • Encryption of all physical media
• Data sanitisation process: Yes
• Data sanitisation type: Deleted data can’t be directly accessed
• Equipment disposal approach: In-house destruction process

Data importing and exporting

• Data export approach: Dashboard Exports: Users can directly export data from the DNSFilter dashboard. This includes reports on threats, queries, and policy enforcement, which can be downloaded in common formats like CSV for easy analysis and record-keeping.; API for Custom Exports: For more customised data export needs, DNSFilter provides an API that allows users to programmatically retrieve data. This can be particularly useful for integrating DNSFilter data with other business intelligence tools or custom dashboards.; Scheduled Exports: Users can set up scheduled exports that automatically send reports to designated email addresses or save them to a connected cloud storage solution at regular intervals.
• Data export formats: CSV
• Data import formats: CSV

Data-in-transit protection

• Data protection between buyer and supplier networks: TLS (version 1.2 or above)
• Data protection within supplier network: TLS (version 1.2 or above)

Availability and resilience

• Guaranteed availability: N/A
• Approach to resilience: DNSFilter is designed for resilience by using a robust cloud infrastructure that adheres to the government's cloud security principles, particularly focusing on asset protection and resilience. The service utilises multiple data centres strategically located worldwide to ensure redundancy. This geographic distribution helps mitigate risks associated with physical location, such as natural disasters or localised disruptions. Additionally, DNSFilter employs advanced load-balancing techniques to manage traffic and prevent any single point of failure, ensuring continuous service availability. For detailed information about our data centre setups and resilience strategies, this information is available on request.
• Outage reporting: DNSFilter reports service outages through various methods to ensure transparency and rapid communication with its users:; ; Public Dashboard: DNSFilter maintains a public status dashboard that displays real-time information about the operational status of its services. This dashboard is updated with current issues and expected resolution times.; API: DNSFilter offers an API that can be used by customers to programmatically check the service status, allowing for integration into their own monitoring systems.; Email Alerts: DNSFilter provides email notifications to alert users about significant service interruptions or maintenance updates, ensuring that all stakeholders are informed promptly.

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Username or password
• Access restrictions in management interfaces and support channels: Only authorised users or groups are able to access the management and support portals.
• Access restriction testing frequency: At least once a year
• Management access authentication:
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Username or password

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: User-defined
• Access to supplier activity audit information: Users have access to real-time audit information
• How long supplier audit data is stored for: User-defined
• How long system logs are stored for: User-defined

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: QMS International Ltd
• ISO/IEC 27001 accreditation date: 15/03/2022
• What the ISO/IEC 27001 doesn’t cover: N/A
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: Yes
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: ISO/IEC 27001
• Information security policies and processes: ITHQ are ISO27001 accredited and able to supply our Information Security Policies subject to a non-disclosure agreement being put in place with the receiving party.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: Will be provided by ITHQ upon request.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: Will be provided by ITHQ upon request.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: Will be provided by ITHQ upon request.
• Incident management type: Supplier-defined controls
• Incident management approach: Will be provided by ITHQ upon request.

Secure development

• Approach to secure software development best practice: Supplier-defined process

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  • Tackling economic inequality
  • Equal opportunity

  Tackling economic inequality

  ITHQ runs a corporate social responsibility programme, Life In IT, in South East England. This initiative focuses on reconditioning tech devices, which are donated by businesses as they upgrade their infrastructure. By redistributing these devices to local non-profit organisations and schools, we prevent valuable technology from being wasted and facilitate access to digital education resources for underserved communities. This program not only extends the lifecycle of technology but also significantly reduces economic barriers to accessing necessary educational tools.

  Equal opportunity

  To specifically address equal opportunity, our Life In IT programme prioritises collaboration with schools that support students from diverse backgrounds, including low-income families, minorities, and those with disabilities. We provide customised technology solutions that cater to a wide range of learning needs and styles, thereby ensuring all students have the opportunity to succeed. By doing so, ITHQ is committed to creating a more inclusive educational environment where every student, regardless of their socioeconomic status or background, can benefit from equal access to high-quality digital education.

Pricing

• Price: £0.72 a user a month
• Discount for educational organisations: Yes
• Free trial available: No

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at bidteam@ithq.pro. Tell them what format you need. It will help if you say what assistive technology you use.