FuseMail

Endpoint Detection and Response Solutions

VIPRE Endpoint Detection & Response provides comprehensive anti-malware and anti-exploit protection for Windows and Mac endpoints.

Features

• Blocks bulk malware and ransomware
• Detect and block zero-day malware and ransomware
• Automatically restores data affected by zero-day ransomware
• Blocks access to malicious websites
• Blocks network attacks including DNS protection
• Investigation of potential threats with full endpoint telemetry
• Examines potential malicious files and links in a sandbox
• Isolates devices on the network if they are at risk
• Remote shell access to protected endpoints
• Reports on and patches vulnerabilities on endpoints

Benefits

• Excellent endpoint protection with top-ranked malware detection and prevention
• Best technical support in the industry to ensure operational success
• Full remediation assistance in the case of an attack
• Reduces security responder overhead via extremely accurate detection
• Reduces product admin overhead with intuitive UX and considerate defaults
• Low-impact endpoint agent to reduce hardware requirements and costs
• Supports full investigation of detected attacks and IoCs
• Cloud-based, mobile-accessible admin interface
• Server-based deployment option supports air-gapped networks
• Fully protects both Windows and Mac endpoints

£250 a transaction a year

• Education pricing available
• Free trial available

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at andrea.babbs@vipre.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

536556487152873

Contact

Andrea Babbs
0800 093 2580
andrea.babbs@vipre.com

Service scope

• Software add-on or extension: No
• Cloud deployment model:
  • Public cloud
  • Private cloud
• Service constraints: Our services are designed to be as accessible as possible, with 24-hour email support available every day of the year to ensure that help is always at hand. Similarly, our phone support dial pad offers a ‘follow the sun’ approach, meaning that customers can get assistant over the phone at any time of the day.
• System requirements:
  • Admin console requires reasonably modern browser (Chrome, Safari, Firefox, Safari)
  • Agent requires vendor-supported Windows or Mac OS

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Our technical support team is dedicated to exceeding our SLA guarantees by providing exceptionally quick responses to all inquiries. While our SLA commits to responding within 8 hours for high-severity incidents and 24 hours for medium and low-severity issues, our average response time is under 2 hours across all severity levels. This rapid response rate reflects our commitment to delivering superior service and support, ensuring that our customers and partners receive timely and effective solutions to their inquiries.
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: WCAG 2.1 AA or EN 301 549
• Phone support: Yes
• Phone support availability: 24 hours, 7 days a week
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: Our technical support team is dedicated to exceeding our SLA guarantees by providing exceptionally quick responses to all enquiries. While our SLA commits to responding within 8 hours for high-severity incidents and 24 hours for medium and low-severity issues, our average response time is under 2 hours across all severity levels. This rapid response rate reflects our commitment to delivering superior service and support, ensuring that our customers and partners receive timely and effective solutions to their inquiries. Currently, all severity of tickets are answered under the 2 hour timeframe.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: A customer receives a welcome email to create their account (username/password for initial administrator) and can subsequently create additional admin and analyst accounts. Agent deployment is a single, simple MSI for Windows and package for Mac OS. Nearly all customers are up and running without further assistance, and many of our customers don't have dedicated IT staff.; ; We do however provide comprehensive online documentation (https://success.vipre.com) and any customer can contact Support with questions. Our Support team scores in the 90s for Customer Satisfaction and is happy to walk customers through any configuration questions they might have. We literally have never had the need to create formal training courses because our solutions are so intuitive and easy to use.
• Service documentation: Yes
• Documentation formats:
  • HTML
  • PDF
  • Other
• Other documentation formats: Documentation is online: https://success.vipre.com/en_US/endpoint-detection-response
• End-of-contract data extraction: No extraction of email data, however clients can put the data if needed themselves and can also export allow and deny lists.
• End-of-contract process: Buyers are given plenty of warning about the pending end of a contract, plus there is a lengthy grace period after expiration during which the product will continue to operate, thus providing for late renewal or transition to an alternate product. ; ; Once the buyer decides to terminate, the site can be easily deleted and agents will self-uninstall. On Windows, default antivirus protection will automatically be restored.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
• Application to install: Yes
• Compatible operating systems:
  • Android
  • MacOS
  • Windows
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: Installable agent provides local protection of endpoint. For mobile devices, features are limited to security profiles and MDM features and do not support full scanning.
• Service interface: No
• User support accessibility: WCAG 2.1 AA or EN 301 549
• API: Yes
• What users can and can't do using the API: The API allows authenticated clients to fetch and manage information about the site, protected devices, incidents, and threats. For example, a client can query the API for the latest Incident; fetch the details of all related Incident telemetry; isolate the affected device; then comment on and close the Incident.
• API documentation: Yes
• API documentation formats: Open API (also known as Swagger)
• API sandbox or test environment: Yes
• Customisation available: Yes
• Description of customisation: Buyers can customise device groups and the endpoint protection policies that apply to them. They can also customise notifications and alerts sent by the product to different groups of recipients. Malware exclusions and deny-listing are also supported.

Scaling

• Independence of resources: The product is deployed in the Cloud with automated auto-scaling capabilities, which guarantees users aren't affected by the demand other users are placing on your service. Agents generally place a light load on the backend and there really isn't anything a user can do to impose much additional load.

Analytics

• Service usage metrics: Yes
• Metrics types: The number of agents deployed and active.; The number of Incidents and Threats observed.
• Reporting types:
  • API access
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Conforms to BS7858:2019
• Government security clearance: None

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations:
  • European Economic Area (EEA)
  • Other locations
• User control over data storage and processing locations: Yes
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least once a year
• Penetration testing approach: Another external penetration testing organisation
• Protecting data at rest:
  • Physical access control, complying with CSA CCM v3.0
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Physical access control, complying with another standard
• Data sanitisation process: Yes
• Data sanitisation type:
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

• Data export approach: There is no data that users can export. If they did want to export data, it's a manual process by the client, which is something we do not provide a service for. Users can export and import data from domain 'Allow' or 'Deny' lists. Users can also upload lists of users to begin with.
• Data export formats: CSV
• Data import formats: CSV

Data-in-transit protection

• Data protection between buyer and supplier networks: TLS (version 1.2 or above)
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Other
• Other protection within supplier network: Data Encryption, data within our infrastructure is encrypted, in line with industry standards.

Availability and resilience

• Guaranteed availability: We provide remote assistance included in our license fee assisting in deployment and policy configuration of the solution. Our technical support team is dedicated to exceeding our SLA guarantees by providing exceptionally quick responses to all inquiries. While our SLA commits to responding within 8 hours for high-severity incidents and 24 hours for medium and low-severity issues, our average response time is under 2 hours across all severity levels. This rapid response rate reflects our commitment to delivering superior service and support, ensuring that our customers and partners receive timely and effective solutions to their inquiries. Currently, all severity of tickets are answered under the 2 hour timeframe.
• Approach to resilience: We use a cloud infrastructure with resiliency built in to make sure that we reduce any risk of downtime with replication both within the datacentre and in another location.
• Outage reporting: VIPRE reports service outages to https://status.vipre.com which also supports SMS, email, RSS, Slack, and other subscriptions for notifications.

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Dedicated link (for example VPN)
  • Username or password
• Access restrictions in management interfaces and support channels: Policy based system that restricts access, which limits users to what they can and can't do. We only give access to privileged users. Everything that users do is completely audited, and reviewed annually.
• Access restriction testing frequency: At least once a year
• Management access authentication:
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Username or password
  • Other
• Description of management access authentication: We support username/password with TOTP as a 2nd factor.; We also support SAML, and API key access.

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: At least 12 months
• Access to supplier activity audit information: Users have access to real-time audit information
• How long supplier audit data is stored for: At least 12 months
• How long system logs are stored for: At least 12 months

Standards and certifications

• ISO/IEC 27001 certification: No
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: No
• Other security certifications: Yes
• Any other security certifications: SOC-2 Type 2

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards:
  • CSA CCM version 3.0
  • Other
• Other security governance standards: Our security governance processes aligns closely with the guidelines outlined by the National Institute of Standards and Technology (NIST) Cyber Security Framework. By adhering to NIST standards, we ensure that our security practices are comprehensive, well-defined, and continuously updated to mitigate emerging threats and vulnerabilities.
• Information security policies and processes: Our Corporate Security Policy details the security requirements that allow our company to provide high-level and secure service to our customers, including company-wide standards for password composition, rotation, management, and storage. Workspace and database encryption(all databases must be encrypted at rest and all data encrypted in transit) is required, along with multi-factor authentication for all systems that support it. Access control to our systems is closely vetted and reviewed as well. Our systems must be properly hardened and vetted before connecting to our network to ensure the protection and privacy of data.

Operational security

• Configuration and change management standard: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Configuration and change management approach: Change Management is the process for consistently documenting, recording, reviewing, testing and approving changes to IS. This policy provides a required framework for executing this process to minimise the risk of business interruption, inaccurate reporting and lost data and/or assets resulting from undesired or defective changes made to ZD IS. The policy also requires that changes are communicated effectively to Stakeholders, are accepted and followed by Stakeholders and are documented in a manner to provide adequate audit trail for compliance with external regulations.
• Vulnerability management type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Vulnerability management approach: Our information security personnel depend on various sources regarding security vulnerability announcements such as CVE’s, US-Cyber Security notifications (US-Cert), National vulnerability database, and vendor specific related security bulletins.; When information about a new vulnerability is discovered, it is analysed, and a recommendation is made based on the following factors:; • Risk exposure; • The Impact; • Cost to deploy; • Availability of patches and\or workarounds
• Protective monitoring type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Protective monitoring approach: “Defence in depth” strategy is followed (not limited to): network layer defences such as network firewalls, Web Application Firewalls, Intrusion Detection Systems (“IDS”), Intrusion Prevention Systems (“IPS”), Endpoint-level protection, multifactor authentication, strong passwords, security groups, permissions, and access control lists.; Websites and firewalls configured to protect against Denial of Service, Distributed Denial of Service (DDoS) attacks and protection from Bot-based unauthorised access attempts.; NIPS (Network Intrusion Prevention Systems) & HIPS (Host-based Intrusion Prevention Systems), or NIDS (Network Intrusion Detection Systems) & HIDS (Host-based Intrusion Detection Systems) monitor activity on a real-time basis. NIPS/NIDS & HIPS/HIDS activity logs actioned as appropriate.
• Incident management type: Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
• Incident management approach: Detection of Information Security Incidents occurs in multiple ways and reported by both internal and external sources. ; Information Security Department Lead is notified, and Intake information is used to perform an initial analysis: ; (1) determine whether the occurrence is an actual “Incident” as defined in our documentation; (2) preliminarily classify the prioritisation level of the Information Security Incident based upon the guidelines. ; A report containing the following areas is produced following an event:; -Analysing the root cause of the Information Security Incident to identify what, how and why it happened.; -Confirming remedial measures were taken.; -“lessons learned” from all parties.

Secure development

• Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Covid-19 recovery
  • Tackling economic inequality
  • Equal opportunity
  • Wellbeing

  Fighting climate change

  Vipre are committed to operating sustainably and limiting any damaging effects our operations may have on climate change and biodiversity, even as our direct operations generate relatively insubstantial greenhouse gas emissions. As such, we have received validation of our science-based greenhouse gas emissions reduction targets from the Science Based Targets initiative (SBTi), a partnership between the CDP, the United Nations Global Compact, World Resources Institute, and the Worldwide Fund for Nature. ; ; Vipre values remote work and flexibility, with many positions offering the potential for entirely remote or hybrid schedules. We are committed to reducing the energy used in our operations relative to the size of our company. This includes actions to reduce office space, locate offices in energy-efficient buildings where possible, and use alternative or renewable energy technologies and sources where practical. ; ; Our Environmental Policy extends to our supply chain, with the aim to include them in our environmental management goals and initiatives. We aim to work with vendors who share our beliefs and adhere to best practices. When feasible, vendors are required to comply with our Environmental Policy or adopt similar policies. ; ; To achieve Net Zero targets by 2050, we plan to perform an annual GHG inventory process, assured by an independent third-party, to measure our GHG emissions. We aim to provide transparency on our climate change efforts by responding annually to CDP. We also plan to continue efforts to reduce emissions generated in our operations, integrate environmental risk evaluation criteria into the due diligence process for mergers and acquisitions, work closely with largest suppliers and vendors, encourage employees to engage in sustainability efforts, and educate employees on being more sustainable in their everyday lives.

  Covid-19 recovery

  During the global pandemic, we made no COVID-19 related redundancies and ensured that employees remained gainfully employed, thereby supporting people and communities to manage and recover from the impacts of COVID-19. ; ; To provide both physical and mental support, we offer a number of wellness initiatives to employees affected by COVID-19. These supports are provided through private healthcare provision. ; ; To support the COVID-19 recovery effort, Vipre has implemented improvements in workplace conditions. This includes enabling all employees to move to remote or hybrid working depending on personal requirements. Additionally, our offices maintain full employee trackers for use within office locations, allowing for effective communication if anyone displays symptoms.

  Tackling economic inequality

  Vipre’s Code of Business Conduct and Ethics expresses our commitment to stand against discrimination in all its forms, including on the basis of race and sexual orientation. We remain steadfast in our commitment to supporting racial equity by promoting our DEI values through our platforms, and utilising our financial and technological resources in our local communities. ; ; Vipre are committed to having a positive impact on the communities where we live and work. Through our global charitable giving platform, employees can organise their own events and sign up for others — virtual or in-person — to volunteer on their own or with their colleagues. This global platform helps amplify events and streamline sign-ups for volunteering initiatives. Many initiatives have been present within our business units for years. The platform also raises awareness of opportunities for employees to donate their time and talents to organisations that help our local communities. ; ; Vipre volunteer with organisations making a difference via our ZD Cares program, which consists of: ; ; Volunteer Time Off, a policy that gives full-time employees 16 hours and part-time employees eight hours of annual paid time off to volunteer with organisations of their choice. ; ; Charitable giving, including an employee matching gift program and the Dollars for Doers program rebranded as “Donations by Doing,” gives employees donation dollars for every hour they volunteer their time. ; ; Employee Assistance Fund provides relief to employees experiencing unexpected financial hardship resulting from the impact of federally qualified, natural and other disasters as well as other personal hardships.

  Equal opportunity

  Vipre is committed to providing a supportive and inclusive environment that helps employees achieve their career goals. Our human capital management policies and initiatives demonstrate our commitment to equal opportunity, fair labour practices, competitive compensation and benefits, fostering diversity and inclusion in the workplace, and supporting employees’ personal development through training and education. ; ; Our Code of Business Conduct and Ethics highlights our commitment to providing equal employment opportunities to all qualified persons. Our policies include recruiting, hiring, transferring, promoting, and compensating employees based on qualifications, ability, and merit, without regard to any protected characteristics. ; ; Further to this, Vipre has a zero-tolerance approach to modern slavery and is committed to acting ethically and with integrity in all business dealings and relationships. We are committed to implementing and enforcing effective systems and controls to protect against modern slavery in our own business or supply chain. ; ; We are also committed to ensuring transparency in our own business and in our approach to tackling modern slavery throughout our supply chains, consistent with our disclosure obligations under the Modern Slavery Act 2015.

  Wellbeing

  Within our Health and Wellbeing Initiatives, Vipre offers comprehensive health insurance coverage with multiple medical plans. In 2023, we paid 82% of health insurance costs in some regions and our programs include matching contributions in Health Savings Accounts. Our programs also feature low co-payments or deductibles on both primary and mental health care, 100% free telemedicine services including mental health for employees who participate in select medical plans, and concierge support for questions regarding employee benefits. ; ; Vipre provides financial support to charitable organisations and non-profits focused on important issues impacting our communities, including education, food insecurity, health and wellbeing, and the environment. We also develop innovative programs using our digital media and internet platforms to provide individuals and organisations with valuable resources and tools to help improve the lives of vulnerable people. ; ; Our company and its employees recognise the importance of volunteering time to support local organisations that are making a difference in your communities. We have a Volunteer Time Off policy with full-time employees given 16 hours of paid time off annually and part-time employees given eight hours to volunteer with organisations of their choice.

Pricing

• Price: £250 a transaction a year
• Discount for educational organisations: Yes
• Free trial available: Yes
• Description of free trial: 30-day no-risk trial.

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at andrea.babbs@vipre.com. Tell them what format you need. It will help if you say what assistive technology you use.