Barrier Networks Centri Managed Service for Secure Web Gateway, Secure DNS and SASE (Cisco)
Barrier Networks provide a Secure Internet Gateway in the cloud, Cisco Umbrella provides the first line of defence against threats on the internet. Deployed in minutes, our managed service provides immediate intelligence, visibility and protection.
Features
- DNS & IP Layer Enforcement
- Intelligent Proxying
- Command & Control Call Back Blocking
- Automated protection against known emergent threats
- Cloud Based Security the blocks threats without affecting performance
- Protect devices and users on or off your network
- Stops Ransomware Malware
- Identifty unsanctioned cloud applications (Shadow IT)
Benefits
- Increase Security Protection for all managed devices
- Save time prtoecting corporate/managed networks and guest newtorks
- Mitigate remediation costs and breach damage
- Reduce the time to detect and contain threats
- Increase visibility into internet activity across all locations and users
- Identify cloud apps used across the business
Pricing
£20 a user a year
- Education pricing available
- Free trial available
Service documents
Request an accessible format
Framework
G-Cloud 14
Service ID
5 8 7 9 7 8 1 0 8 9 1 9 5 6 9
Contact
Barrier Networks
Iain Slater
Telephone: 0141 356 0101
Email: info@barriernetworks.com
Service scope
- Software add-on or extension
- No
- Cloud deployment model
- Public cloud
- Service constraints
- There are no specific constraints.
- System requirements
-
- Change DNS settings
- A client is required to protect users when "roaming" off-network
User support
- Email or online ticketing support
- Email or online ticketing
- Support response times
-
P1 - Service Outage: 30 Minutes
P2 - Technical Issue: 1 Business Day
P3 - Information Request: 2 Business Days
24x7 for P1; 24x5 for P2/P3 - User can manage status and priority of support tickets
- No
- Phone support
- Yes
- Phone support availability
- 24 hours, 7 days a week
- Web chat support
- No
- Onsite support
- Onsite support
- Support levels
-
There are 4 main support levels which Barrier Networks offer which can be stacked to create the best fit for your organisation.
1) Remote Service Desk - providing technical assistance, advice and guidance.
2) Break Fix Support - providing minor software patches and upgrades. Our engineering resources can either be remote or onsite.
3) Monitoring Service - providing proactive monitoring of devices with downtime alerts.
4) Managed Service - providing Moves, Adds, Changes and Deletes, monthly backups and storage, vulnerability scanning, patching and monthly reporting.
The service levels are priced dependant on customer volumes, POA. - Support available to third parties
- Yes
Onboarding and offboarding
- Getting started
-
Barrier Networks onboards customers by gathering all key information required to bring the service live.
All system information and supporting documentation is developed and distributed to the customer as part of the onboarding process.
Detailed design documentation is derived from this initial documentation. The detailed design is agreed and signed off by both parties prior to implementation.
A full copy of the system documentation is provided following user acceptance testing. - Service documentation
- Yes
- Documentation formats
- End-of-contract data extraction
-
Umbrella has the ability to upload, store and archive the traffic activity logs from your organization in the cloud. The archiving of logs is done using the Amazon AWS S3 service. S3 is Amazon's Simple Storage Service (hence, the three S's). This feature is sometimes referred to as 'offline storage' or 'log retention.'
The logs are stored in a compressed (gzip) archive in CSV format. Logs are uploaded every ten minutes so there's a minimum of delay between network traffic coming from your network, being logged by Umbrella and then being available to download from S3.
Data is provided upon request by Barrier Networks once the contract has ceased.
The tenant will be deleted following sign off from the customer. Some customers may want to retain read only copies of some data, this can be arranged following conversations with our technical team. - End-of-contract process
-
All Software functionality is provided for the duration of the contract with Barrier Networks.
Once the contract has ceased, the organisation will be off-boarded, information securely deleted from the Barrier Networks database, and tenant is removed at no extra cost. Bespoke off-boarding requirements can be purchased via "Barrier Networks Cyber Security Consultancy Services".
Using the service
- Web browser interface
- Yes
- Supported browsers
-
- Internet Explorer 11
- Microsoft Edge
- Firefox
- Chrome
- Safari
- Application to install
- No
- Designed for use on mobile devices
- Yes
- Differences between the mobile and desktop service
- No difference in service. Interface is scaled for the mobile environment
- Service interface
- No
- User support accessibility
- None or don’t know
- API
- Yes
- What users can and can't do using the API
-
The Umbrella Enforcement API allows partners and customers with their own homegrown SIEM/Threat Intelligence Platform (TIP) environments to inject events and/or threat intelligence into their Umbrella environment.
These events are then instantly converted into visibility and enforcement that can extend beyond the perimeter and thus the reach of the systems that might have generated those events or threat intelligence.
Please see: https://support.umbrella.com/hc/en-us/articles/231248748-Cisco-Umbrella-The-Umbrella-Enforcement-API-for-Custom-Integrations
The Enforcement API can ingest events in the generic event format described in the API documentation and can support ADD, DELETE, or LIST functions.
Please see: https://docs.umbrella.com/enforcement-api/reference/
The Enforcement API integrates security events with Umbrella, Network Devices API integrates hardware and Investigate API lets customers dig into the data to find more about security incidents.
Umbrella Enforcement API: Gives technology partners the ability to send security events from their platform within a mutual customer’s environment to the Umbrella cloud for enforcement.
Umbrella Investigate API: Provides API access to Umbrella threat intelligence and provides querying of our threat database to find emerging threats.
Umbrella API: Helps our technology partners integrate their network devices with the Umbrella dashboard. - API documentation
- Yes
- API documentation formats
-
- HTML
- API sandbox or test environment
- No
- Customisation available
- Yes
- Description of customisation
- The Barrier Networks service is customisable, the customisation required will be captured during onboarding or during BaU service. The SIG service customisation focuses on filtering policies and decisions, connectivity to the service and reporting. The customisation is achieved by customer nominated contract administrators engaging Barrier Networks.
Scaling
- Independence of resources
-
Barrier Networks are reselling a global Cisco Platform so organisations are not at service risk.
Cisco hold a validated design guide detailing configuration maximums and minimums to enable customers to scale from small to large enterprise deployment.
Barrier Networks have a mature staff scaling strategy enabling a response to the demands of our clients from small to enterprise.
Analytics
- Service usage metrics
- Yes
- Metrics types
-
Customers can request Ad-Hoc reports or Regular Reporting (Weekly, Monthly or Quarterly) can be provided.
Customers can be provided access to the Umbrella interface. - Reporting types
-
- Real-time dashboards
- Regular reports
- Reports on request
Resellers
- Supplier type
- Reseller providing extra features and support
- Organisation whose services are being resold
- Cisco
Staff security
- Staff security clearance
- Other security clearance
- Government security clearance
- Up to Developed Vetting (DV)
Asset protection
- Knowledge of data storage and processing locations
- Yes
- Data storage and processing locations
-
- United Kingdom
- European Economic Area (EEA)
- Other locations
- User control over data storage and processing locations
- Yes
- Datacentre security standards
- Supplier-defined controls
- Penetration testing frequency
- At least once a year
- Penetration testing approach
- In-house
- Protecting data at rest
-
- Physical access control, complying with another standard
- Encryption of all physical media
- Data sanitisation process
- Yes
- Data sanitisation type
-
- Explicit overwriting of storage before reallocation
- Deleted data can’t be directly accessed
- Equipment disposal approach
- A third-party destruction service
Data importing and exporting
- Data export approach
- Umbrella has the ability to upload, store and archive the traffic activity logs from your organization in the cloud. The archiving of logs is done using the Amazon AWS S3 service. The logs are stored in a compressed (gzip) archive in CSV format. Logs are uploaded every ten minutes so there's a minimum of delay between network traffic coming from your network, being logged by Umbrella and then being available to download from S3. Data is provided upon request by Barrier Networks.
- Data export formats
- CSV
- Data import formats
- CSV
Data-in-transit protection
- Data protection between buyer and supplier networks
-
- TLS (version 1.2 or above)
- IPsec or TLS VPN gateway
- Data protection within supplier network
-
- TLS (version 1.2 or above)
- IPsec or TLS VPN gateway
Availability and resilience
- Guaranteed availability
- 99.999% made possible through the global network of DNS providers based on Open DNS
- Approach to resilience
-
Cisco Umbrella security research team leverages the Cisco Umbrella global network, the world’s largest security network, which features the industry’s best uptime, and geographically distributed data centers serving 85 million active users daily in 160+ countries.
The combination of our network security services and the Umbrella global network provides the ultimate in coverage, efficacy, and performance, protecting users on any device at any time.
Internet connectivity is optimized via transparent load-balanced Anycast routing — where every data center announces the same IP addresses — and by co-locating with the top internet exchange points across five continents — which shortens routes between Umbrella and every network. - Outage reporting
- Email Alerts
Identity and authentication
- User authentication needed
- Yes
- User authentication
-
- 2-factor authentication
- Public key authentication (including by TLS client certificate)
- Dedicated link (for example VPN)
- Username or password
- Access restrictions in management interfaces and support channels
-
Vulnerability Assessment and security alerting for any malicious activity. Each zone is firewalled and there is a separate, out-of-band DMZ network that provides management access to infrastructure.
All management interfaces are made available via the management VLAN only.
The access to out of band management interfaces is restricted via ACL’s and two factor authentication (where supported).
We utilise Role Based Access Control (RBAC) across all services to ensure that once a user is authenticated they can only access the data they are required and authorised to. - Access restriction testing frequency
- At least every 6 months
- Management access authentication
-
- 2-factor authentication
- Username or password
Audit information for users
- Access to user activity audit information
- Users contact the support team to get audit information
- How long user audit data is stored for
- At least 12 months
- Access to supplier activity audit information
- Users contact the support team to get audit information
- How long supplier audit data is stored for
- At least 12 months
- How long system logs are stored for
- At least 12 months
Standards and certifications
- ISO/IEC 27001 certification
- Yes
- Who accredited the ISO/IEC 27001
- 360 Certification Ltd
- ISO/IEC 27001 accreditation date
- 28th June 2019
- What the ISO/IEC 27001 doesn’t cover
- N/A
- ISO 28000:2007 certification
- No
- CSA STAR certification
- No
- PCI certification
- No
- Cyber essentials
- Yes
- Cyber essentials plus
- Yes
- Other security certifications
- No
Security governance
- Named board-level person responsible for service security
- Yes
- Security governance certified
- Yes
- Security governance standards
- Other
- Other security governance standards
- IASME Governance including Cyber Essentials Plus
- Information security policies and processes
-
To date, Cisco Services organisation has achieved ISO 27001 certification globally, including in the scope the services and support for Networking, Data Center, Communications, Video, Collaboration and Security Products and Solutions.
This Privacy Data Sheet describes the processing of personal data (or personal identifiable information) by Cisco Umbrella: https://trustportal.cisco.com/c/dam/r/ctp/docs/privacydatasheet/security/umbrella-privacy-data-sheet.pdf
All employees of Barrier Networks must abide by the Barrier Networks Information Security Policy and Acceptable Use Policy.
Barrier Networks follow the processesCyber Essentials as well as key processes and procedures from 27001.
Operational security
- Configuration and change management standard
- Supplier-defined controls
- Configuration and change management approach
- All changes and configuration management follow ITIL V3 best practice.
- Vulnerability management type
- Supplier-defined controls
- Vulnerability management approach
-
All external facing services are subject to monthly vulnerability scans.
Patching takes place monthly with emergency patching taking place within 1 week of the vulnerability detection.
In extreme circumstances and to protect the security of the organisation and customer, Barrier Networks will patch on the same day.
Vulnerability information is obtained from Cisco's TALOS platform and Cisco TAC.
We use independent feeds using QUALSYS and EDGESCAN scanning engines, correlating all known CVE's, enabling us to establish impact for all managed assets scanned by the platform. - Protective monitoring type
- Supplier-defined controls
- Protective monitoring approach
-
Our SOC provides Intrusion Detection Vulnerability Assessment and security alerting for malicious activity.
IDS and Network Monitoring component provides real-time detection of security incidents. If an intrusion/breach is detected, a security alert is issued which generates an automatic ticket within the SOC Helpdesk software.
These tickets are classified based on the Priority.
Our incident response process is designed in alignment with NIST Special Publication 800-61 Revision 2 and is a service that is available to customers. - Incident management type
- Supplier-defined controls
- Incident management approach
-
Incident Response Service for managing security incident and is based on NIST Special Publication 800-61 Revision 2 .
Incidents are logged with a unique case reference number and tracked from triage through to resolution via our service desk platform.
We have pre-approved processes / changes for certain tasks, however day to day operation is bespoke per customer and may change depending on the organisation’s needs.
Users can report incidents via email, web or telephone.
Reports are provided via email upon request. Major incident reports are provided within 48 hours of the incident resolution. Updates available upon request.
Secure development
- Approach to secure software development best practice
- Supplier-defined process
Public sector networks
- Connection to public sector networks
- No
Social Value
- Social Value
-
Social Value
- Equal opportunity
- Wellbeing
Equal opportunity
• To create an environment in which individual differences and the contributions of all our staff are recognised and valued.
• Every employee is entitled to a working environment that promotes dignity and respect to all. No form of intimidation, bullying or harassment will be tolerated.
• Training, development and progression opportunities are available to all staff.
• To promote equality in the workplace which we believe is good management practice and makes sound business sense.
• We will review all our employment practices and procedures to ensure fairness.
• Breaches of our Equality Policy will be regarded as misconduct and could lead to disciplinary proceedings.
• This policy is fully supported by Senior Management.
• The policy will be monitored and reviewed regularly.Wellbeing
• We promote an open, supportive company culture where employees look out for one another and feel comfortable discussing any difficulties. Mental health is valued equally to physical health.
• Employees have access to confidential counselling, therapy, and other mental health resources through our employee assistance program.
• We encourage taking time off when needed for mental health days in addition to sick days. Employees are trusted to manage their time off responsibly.
• Training is provided to managers on recognizing signs of burnout,
work overload, and other mental health concerns. Managers work to
proactively address issues and reduce employee stress.
• Employee workloads and schedules are designed to be reasonable
and sustainable.
• Wellness initiatives like meditation breaks, stress management
workshops, mindfulness programs, and social events are offered
throughout the year.
Pricing
- Price
- £20 a user a year
- Discount for educational organisations
- Yes
- Free trial available
- Yes
- Description of free trial
- Free 14 Day Trial available