Syscomm's Managed Firewall Service
Our Managed Firewall as a Service provides a secure solution to the complex and time-consuming subject of managing customer firewalls. It provides a full range of next-generation firewall features such as application and user visibility, Threat Prevention, URL filtering, DDoS, Sandboxing, 2-FA.
Features
- Configuration, monitoring and management of customer firewalls
- Full change management processes, including Emergency Changes
- Monitored 24 x 7
- Service reporting and periodic Service Reviews
- Firewall(s) may be in Syscomm data centre or customer premises
- Intrusion Prevention/Detection System (IDS/IPS)
- Threat Prevention: Anti-Malware & Command & Control prevention
- URL Filtering
- Remote Access (SSL/TLS) VPN
Benefits
- Allows customer to focus on business-related matters, not technical admin
- Managed by security experts to provide complete peace of mind
- Sev1 Incident management 24 x7 supports round the clock services
- Securely connect small sites and remote users via encrypted VPNs
- Protect against new threats not yet widely recognised
- Partition Networks and Manage traffic policy
- Gain deeper understanding of network security activity
- Prevent compromised hosts from connecting to Command & Control servers
- Tie network activity to specific users and applications
Pricing
£205 to £1,500 a unit a month
- Education pricing available
Service documents
Request an accessible format
Framework
G-Cloud 13
Service ID
5 5 6 6 6 9 6 6 2 8 0 9 4 8 4
Contact
Syscomm Ltd - Strategic Network Solutions
Sales Team
Telephone: 0247 77 12 000
Email: david.heeley@syscomm.co.uk
Service scope
- Service constraints
- No constraints subject to requirements at engagement start.
- System requirements
- Subject to client’s requirements - multiple deployment options available
User support
- Email or online ticketing support
- Email or online ticketing
- Support response times
-
Our Customer Support Centre can be reached via email, phone or through our customer web-based portal which is provided free of charge as part of the solution.
Any request is handled through the Service Desk and we target responding within 30 minutes. - User can manage status and priority of support tickets
- Yes
- Online ticketing support accessibility
- None or don’t know
- Phone support
- Yes
- Phone support availability
- 9 to 5 (UK time), Monday to Friday
- Web chat support
- No
- Onsite support
- Yes, at extra cost
- Support levels
-
Our Service Levels provide a consultative, proactive service approach, where Syscomm is responsible for deep multi-layer monitoring, patching, management and planning for the environment.
We are able to provide a tailored service which ranges from a basic self-support option up to a fully managed service. - Support available to third parties
- Yes
Onboarding and offboarding
- Getting started
- Onboarding of this service will start with a readiness Audit which will review the customer's Firewall architecture, software and policies / services. A report of findings including recommendations and next steps. An Engineer will discuss timescales and approach during initial onboarding meetings.
- Service documentation
- Yes
- Documentation formats
- End-of-contract data extraction
-
If the customer requires data to be returned or presented to another service provider, it is written off at the data centre and couriered to the customer or new service provider site (additional charges apply).
The firewall configuration can also be sent to the customer at the end of the contract - End-of-contract process
- The customer will be approached near the contract end to discuss the renewal of the service
Using the service
- Web browser interface
- Yes
- Using the web interface
-
Users can access a web interface for analytics and reporting features. Syscomm will carry out remote moves adds and changes on agreement with The Client and providing a Change Control Notice has been completed and authorised by both The Client and Syscomm
Changes will be carried out remotely within 4 hours based on an 8x5 standard working week. - Web interface accessibility standard
- None or don’t know
- How the web interface is accessible
- Users can raise service tickets via the Syscomm service portal
- Web interface accessibility testing
- N/a
- API
- No
- Command line interface
- No
Scaling
- Scaling available
- Yes
- Scaling type
-
- Automatic
- Manual
- Independence of resources
- The Firewalls will be allocated their own resources which will be dedicated to the Customer's firewall solution.
- Usage notifications
- Yes
- Usage reporting
-
- Other
Analytics
- Infrastructure or application metrics
- Yes
- Metrics types
-
- CPU
- Disk
- Network
- Number of active instances
- Other
- Other metrics
-
- Up/Down Status
- Event Issues
- Reporting types
-
- Real-time dashboards
- Regular reports
- Reports on request
Resellers
- Supplier type
- Not a reseller
Staff security
- Staff security clearance
- Conforms to BS7858:2019
- Government security clearance
- Up to Security Clearance (SC)
Asset protection
- Knowledge of data storage and processing locations
- Yes
- Data storage and processing locations
- United Kingdom
- User control over data storage and processing locations
- Yes
- Datacentre security standards
- Complies with a recognised standard (for example CSA CCM version 3.0)
- Penetration testing frequency
- At least once a year
- Penetration testing approach
- Another external penetration testing organisation
- Protecting data at rest
-
- Physical access control, complying with CSA CCM v3.0
- Physical access control, complying with SSAE-16 / ISAE 3402
- Encryption of all physical media
- Data sanitisation process
- Yes
- Data sanitisation type
-
- Explicit overwriting of storage before reallocation
- Hardware containing data is completely destroyed
- Equipment disposal approach
- A third-party destruction service
Backup and recovery
- Backup and recovery
- Yes
- What’s backed up
-
- Firewall configuration
- Firewall software
- Network
- Backup controls
- Flexible and configurable backup is available for a specific contract
- Datacentre setup
- Multiple datacentres with disaster recovery
- Scheduling backups
- Supplier controls the whole backup schedule
- Backup recovery
- Users contact the support team
Data-in-transit protection
- Data protection between buyer and supplier networks
-
- Private network or public sector network
- TLS (version 1.2 or above)
- IPsec or TLS VPN gateway
- Data protection within supplier network
-
- TLS (version 1.2 or above)
- IPsec or TLS VPN gateway
- Legacy SSL and TLS (under version 1.2)
Availability and resilience
- Guaranteed availability
-
Single firewall located in a Syscomm data centre Not less than 99.5%
Pair high availability firewalls located in a Syscomm data centre or on a customer site Not less than 100%
Single firewall installed on a customer site Not less than 99%
EXCLUSIONS FROM AVAILABILITY
In calculating availability, the following shall be excluded:
• Unavailability due to tasks required to implement and test change requests
• Unavailability due to malicious activity of any kind e.g. a Denial of Service attack (DOS)
The floor service level applicable to the MFS in respect of availability shall be 85% in any given month. - Approach to resilience
- Ensuring higher availability at every layer through availability zoning and redundant components.
- Outage reporting
- Service reporting is provided through our online support portal. In addition, the customer will have access to a Service Delivery Manager (SDM) will be assigned as a single point of contact and works to become an expert on the customers’ business and network. The SDM will conduct two scheduled service reviews per year and will include: report on End of Life and/or End of Support infrastructure; provide pro-active measures and recommendations to avoid infrastructure downtime and service outages; and report & reflect on the Syscomm Service Performance.
Identity and authentication
- User authentication
-
- 2-factor authentication
- Dedicated link (for example VPN)
- Username or password
- Access restrictions in management interfaces and support channels
- A
- Access restriction testing frequency
- At least once a year
- Management access authentication
-
- 2-factor authentication
- Username or password
- Devices users manage the service through
-
- Dedicated device on a segregated network (providers own provision)
- Any device but through a bastion host (a bastion host is a server that provides access to a private network from an external network such as the internet)
- Directly from any device which may also be used for normal business (for example web browsing or viewing external email)
Audit information for users
- Access to user activity audit information
- Users have access to real-time audit information
- How long user audit data is stored for
- User-defined
- Access to supplier activity audit information
- Users have access to real-time audit information
- How long supplier audit data is stored for
- User-defined
- How long system logs are stored for
- User-defined
Standards and certifications
- ISO/IEC 27001 certification
- No
- ISO 28000:2007 certification
- No
- CSA STAR certification
- No
- PCI certification
- No
- Cyber essentials
- Yes
- Cyber essentials plus
- No
- Other security certifications
- No
Security governance
- Named board-level person responsible for service security
- Yes
- Security governance certified
- No
- Security governance approach
-
Cyber Essentials
Data-Centre is ISO27001 compliant - Information security policies and processes
- Syscomm operate a regular review of our business and systems and exposure. We limit the number of administrators on important systems and have access policies and processing of data policies for all customer data/networks. Separate internal policies are in place for internal corporate IT.
Operational security
- Configuration and change management standard
- Supplier-defined controls
- Configuration and change management approach
-
Upon customer request, Syscomm engineers can carry out changes to the network. The changes range from a simple configuration changes to redesign of the network or rollout of a new software release.
Syscomm will need to assess the amount of time a change will require, prior to any change this is discussed with the customer. Syscomm uses our change management process to execute change - Vulnerability management type
- Supplier-defined controls
- Vulnerability management approach
- A
- Protective monitoring type
- Supplier-defined controls
- Protective monitoring approach
-
Syscomm proactively monitors network nodes using secure management protocols such as SNMPv3 and will alert the end user upon an event being detected.
Security management includes monitoring vendor security vulnerabilities and ensuring management and customer devices are always patch to the latest security updates.
We will implement security updates as part of the change control process where the flaw, security risk and the patch will be reviewed. - Incident management type
- Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
- Incident management approach
- All service impacting events and/or incidents are to be raised with the Customer Support Team and will be handled according ITIL processes. Syscomm uses the incident management process to restore normal service operation as quickly as possible and minimise the adverse service impact on business operations. Incident management includes any event that disrupts, or which could disrupt, a service. This includes events directly communicated by customers or detected by the managed services team through event management tooling.
Secure development
- Approach to secure software development best practice
- Conforms to a recognised standard, but self-assessed
Separation between users
- Virtualisation technology used to keep applications and users sharing the same infrastructure apart
- Yes
- Who implements virtualisation
- Supplier
- Virtualisation technologies used
- VMware
- How shared infrastructure is kept separate
- Separation of organisations is managed by network separation and security policies.
Energy efficiency
- Energy-efficient datacentres
- Yes
- Description of energy efficient datacentres
-
The datacentres that Syscomm use for our hosted services have an established and documented global EOH&S management system compliant with the principles of ISO 14001:2004 and ISO 45001:2016/OHSAS 18001:2007.
Within this framework, they are committed to achieving full compliance, reducing impact on the environment and preventing pollution, promoting a positive EOH&S culture, encouraging continual improvement, and striving to ensure the adoption and implementation of best-in-class EOH&S practices by:
1) Meeting or Exceeding All Applicable Legislation, Regulations and Rules
2) Adopting Significant EOH&S Aspects, Objectives and Targets and making continual and effective improvement of their performance through the identification of significant EOH&S aspects, and the setting and review of EOH&S objectives and targets.
3) Preventing Environmentally Damaging Incidents: They strive to eliminate the potential for the occurrence of polluting events.
4) They adopt EOH&S stewardship as a core value of the company by holding management and employees accountable.
5) EOH&S awareness is developed through communication, training, motivation, cooperation, and participation of every datacentre employee.
6) Create a knowledgeable awareness of EOH&S issues and alternatives with their clients and other stakeholders where possible and place more emphasis on a strong EOH&S culture to strengthen this commitment.
7) Continual Improvement and Commitment
Social Value
- Equal opportunity
-
Equal opportunity
Syscomm Ltd is committed to the principal of equal recruitment, training and treatment of all employees irrespective of age, race, ethnic origin, nationality, sex or sexual orientation, religious convictions or disability.
It is the company’s policy to give full and fair consideration to applicants for employment from disabled persons and to provide appropriate training, development and promotion prospects and equivalent to those available to other employees.
The company will continue to commit to its obligations under relevant legislation and where appropriate, anticipate future legal requirements. This will be informed by:
• The Equality Act (2010) and associated secondary legislation.
• Criminal Justice and Immigration Act (2008).
• The Racial and Religious Hatred Act (2006).
• The Civil Partnership Act (2004).
• The Gender Recognition Act (2004).
• Criminal Justice Act (2003).
• The Human Rights Act (1998).
• The Protection from Harassment Act (1997).
• Special Education Needs and Disability Act (2001)
Syscomm Ltd is committed to encouraging equality and diversity among our workforce and eliminating unlawful discrimination. The aim is for our workforce to be truly representative of all sections of society, and for each employee to feel respected and able to give of their best.
Pricing
- Price
- £205 to £1,500 a unit a month
- Discount for educational organisations
- Yes
- Free trial available
- No