Barrier Networks

Barrier Networks Phishing and Email Security Platform (IRONSCALES)

Our self-learning, AI-driven email security platform continuously
detects and remediates advanced threats like BEC, credential harvesting,
account takeover and more in your company’s mailboxes.

Features

• Benchmarking of individual user’s phishing recognition skills with testing
• Tailored phishing awareness training
• Customisable email templates for simulated phishing email campaigns
• Phishing email report button, for quick identification of phishing emails
• Easy deployment
• Automatically triage and respond to employee reported emails
• Auto-remediate already-delivered emails from inboxes
• Test your email perimeter defenses using real-world phishing threats
• Image Based Threat Recognition (eg QR Codes)

Benefits

• Help employees think like security analysts and identify attacks
• Increase Security Posture
• Decrease the likelihood of compromise via email (Phishing)
• Faster remediation of compromised email attacks
• Improve security awareness
• Single view of analytics and reporting
• Operational efficiency improvements for Phishing remediation

£2.72 a user a month

• Education pricing available
• Free trial available

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at info@barriernetworks.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

324785685126871

Contact

Iain Slater
0141 356 0101
info@barriernetworks.com

Service scope

• Software add-on or extension: Yes, but can also be used as a standalone service
• What software services is the service an extension to: Microsoft M365, GSuite
• Cloud deployment model: Public cloud
• Service constraints: None
• System requirements: None

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Response Time: The guaranteed response time following any critical/outage incident shall; be 24 hours or less. The guaranteed response for any other incidents shall be within one (1); business day or less, normal business hours (2:00 a.m. – 5:00 p.m., Monday – Friday; and; 2:00 a.m. – 11:00 a.m., Sunday all US Eastern Time) on a best effort basis. The response time; begins when the request is logged with IRONSCALES’ problem ticketing system and is; stopped when a response has been initiated from Ironscales.
• User can manage status and priority of support tickets: No
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: For full details of our support SLA, please contact us.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: On boarding is provided online by the customer success team.; This includes access to all documentation, configuration and testing and familiarisation training.; This is supported by the helpdesk for any additional deployment questions post the initial installation.
• Service documentation: Yes
• Documentation formats:
  • HTML
  • PDF
• End-of-contract data extraction: Contact Barrier/Ironscales to request the data
• End-of-contract process: At the end of the contract the customer can request the reporting data from the solution, the tenant is then closed and deleted.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
• Application to install: No
• Designed for use on mobile devices: No
• Service interface: No
• User support accessibility: None or don’t know
• API: Yes
• What users can and can't do using the API: This is an open API to integrate with all major security platforms.
• API documentation: Yes
• API documentation formats:
  • Open API (also known as Swagger)
  • PDF
• API sandbox or test environment: No
• Customisation available: Yes
• Description of customisation: The services is fully customisable based on the the use case.

Scaling

• Independence of resources: Ironscales levearges AWS for the hosting environments for customers

Analytics

• Service usage metrics: Yes
• Metrics types: Metrics/reports are available to the client from within the service.; There a a wide range of reports available, many of which are customisable.
• Reporting types:
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

• Supplier type: Reseller providing extra support
• Organisation whose services are being resold: Ironscales

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: Up to Developed Vetting (DV)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations:
  • United Kingdom
  • European Economic Area (EEA)
• User control over data storage and processing locations: No
• Datacentre security standards: Managed by a third party
• Penetration testing frequency: At least once a year
• Penetration testing approach: Another external penetration testing organisation
• Protecting data at rest:
  • Encryption of all physical media
  • Scale, obfuscating techniques, or data storage sharding
• Data sanitisation process: Yes
• Data sanitisation type: Deleted data can’t be directly accessed
• Equipment disposal approach: A third-party destruction service

Data importing and exporting

• Data export approach: Reports from their dashboard / request to IronScales
• Data export formats:
  • CSV
  • Other
• Other data export formats: PDF
• Data import formats: CSV

Data-in-transit protection

• Data protection between buyer and supplier networks: TLS (version 1.2 or above)
• Data protection within supplier network: TLS (version 1.2 or above)

Availability and resilience

• Guaranteed availability: Based on the AWS guranteed availbility
• Approach to resilience: Using AWS, the service is duplicated across multiple sites for resilience.
• Outage reporting: Email alerts

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Username or password
• Access restrictions in management interfaces and support channels: Administrator accounts are allocated to key personnel only.
• Access restriction testing frequency: At least once a year
• Management access authentication:
  • 2-factor authentication
  • Username or password

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: Between 1 month and 6 months
• Access to supplier activity audit information: Users have access to real-time audit information
• How long supplier audit data is stored for: Between 1 month and 6 months
• How long system logs are stored for: At least 12 months

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: 360 Certification Ltd
• ISO/IEC 27001 accreditation date: 28th June 2019
• What the ISO/IEC 27001 doesn’t cover: N/A
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: Yes
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: ISO/IEC 27001
• Information security policies and processes: ISO27001

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: All change management requests are evaluated internally and if approved, signed off and approval is granted.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: We utilise a series of technologies and services to monitor our network for vulnerabilities.; Patches are reviewed, tested and deployed weekly in arrears.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: We utilise a series of technologies and services to monitor our network for potential compromise.; Should a compromise be identified remediation actions will be implemented as soon as is reasonably practical; In any event, this will never be later than 72 hours of the potential compromise.; Penetration testing is also carried out every 6 months.
• Incident management type: Supplier-defined controls
• Incident management approach: The status, location and configuration of service components (both hardware and software) are tracked throughout their lifetime.; Incidents may be reported directly to the helpdesk.; Incident reports will be provided to affected users by email.; All of the above is in line with our ISO27001:2013 certification.

Secure development

• Approach to secure software development best practice: Conforms to a recognised standard, but self-assessed

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  • Equal opportunity
  • Wellbeing

  Equal opportunity

  • To create an environment in which individual differences and the contributions of all our staff are recognised and valued.; • Every employee is entitled to a working environment that promotes dignity and respect to all. No form of intimidation, bullying or harassment will be tolerated.; • Training, development and progression opportunities are available to all staff.; • To promote equality in the workplace which we believe is good management practice and makes sound business sense.; • We will review all our employment practices and procedures to ensure fairness.; • Breaches of our Equality Policy will be regarded as misconduct and could lead to disciplinary proceedings.; • This policy is fully supported by Senior Management.; • The policy will be monitored and reviewed regularly.

  Wellbeing

  • We promote an open, supportive company culture where employees look out for one another and feel comfortable discussing any difficulties. Mental health is valued equally to physical health.; • Employees have access to confidential counselling, therapy, and other mental health resources through our employee assistance program.; • We encourage taking time off when needed for mental health days in addition to sick days. Employees are trusted to manage their time off responsibly.; • Training is provided to managers on recognizing signs of burnout, ; work overload, and other mental health concerns. Managers work to ; proactively address issues and reduce employee stress.; • Employee workloads and schedules are designed to be reasonable ; and sustainable. ; • Wellness initiatives like meditation breaks, stress management ; workshops, mindfulness programs, and social events are offered ; throughout the year.

Pricing

• Price: £2.72 a user a month
• Discount for educational organisations: Yes
• Free trial available: Yes
• Description of free trial: Connect with an IRONSCALES Email Security Specialist for an overview of how our self-learning email security platform can automatically detect, prevent, and predict the most advanced email threats.
• Link to free trial: https://ironscales.com/get-a-demo/

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at info@barriernetworks.com. Tell them what format you need. It will help if you say what assistive technology you use.