Skip to main content

Help us improve the Digital Marketplace - send your feedback

Barrier Networks

Barrier Networks Centri Managed Service for Secure Web Gateway, Secure DNS and SASE (Cisco)

Barrier Networks provide a Secure Internet Gateway in the cloud, Cisco Umbrella provides the first line of defence against threats on the internet. Deployed in minutes, our managed service provides immediate intelligence, visibility and protection.

Features

  • DNS & IP Layer Enforcement
  • Intelligent Proxying
  • Command & Control Call Back Blocking
  • Automated protection against known emergent threats
  • Cloud Based Security the blocks threats without affecting performance
  • Protect devices and users on or off your network
  • Stops Ransomware Malware
  • Identifty unsanctioned cloud applications (Shadow IT)

Benefits

  • Increase Security Protection for all managed devices
  • Save time prtoecting corporate/managed networks and guest newtorks
  • Mitigate remediation costs and breach damage
  • Reduce the time to detect and contain threats
  • Increase visibility into internet activity across all locations and users
  • Identify cloud apps used across the business

Pricing

£20 a user a year

  • Education pricing available
  • Free trial available

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at info@barriernetworks.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

5 8 7 9 7 8 1 0 8 9 1 9 5 6 9

Contact

Barrier Networks Iain Slater
Telephone: 0141 356 0101
Email: info@barriernetworks.com

Service scope

Software add-on or extension
No
Cloud deployment model
Public cloud
Service constraints
There are no specific constraints.
System requirements
  • Change DNS settings
  • A client is required to protect users when "roaming" off-network

User support

Email or online ticketing support
Email or online ticketing
Support response times
P1 - Service Outage: 30 Minutes
P2 - Technical Issue: 1 Business Day
P3 - Information Request: 2 Business Days
24x7 for P1; 24x5 for P2/P3
User can manage status and priority of support tickets
No
Phone support
Yes
Phone support availability
24 hours, 7 days a week
Web chat support
No
Onsite support
Onsite support
Support levels
There are 4 main support levels which Barrier Networks offer which can be stacked to create the best fit for your organisation.
1) Remote Service Desk - providing technical assistance, advice and guidance.
2) Break Fix Support - providing minor software patches and upgrades. Our engineering resources can either be remote or onsite.
3) Monitoring Service - providing proactive monitoring of devices with downtime alerts.
4) Managed Service - providing Moves, Adds, Changes and Deletes, monthly backups and storage, vulnerability scanning, patching and monthly reporting.

The service levels are priced dependant on customer volumes, POA.
Support available to third parties
Yes

Onboarding and offboarding

Getting started
Barrier Networks onboards customers by gathering all key information required to bring the service live.

All system information and supporting documentation is developed and distributed to the customer as part of the onboarding process.

Detailed design documentation is derived from this initial documentation. The detailed design is agreed and signed off by both parties prior to implementation.

A full copy of the system documentation is provided following user acceptance testing.
Service documentation
Yes
Documentation formats
PDF
End-of-contract data extraction
Umbrella has the ability to upload, store and archive the traffic activity logs from your organization in the cloud. The archiving of logs is done using the Amazon AWS S3 service. S3 is Amazon's Simple Storage Service (hence, the three S's). This feature is sometimes referred to as 'offline storage' or 'log retention.'

The logs are stored in a compressed (gzip) archive in CSV format. Logs are uploaded every ten minutes so there's a minimum of delay between network traffic coming from your network, being logged by Umbrella and then being available to download from S3.

Data is provided upon request by Barrier Networks once the contract has ceased.

The tenant will be deleted following sign off from the customer. Some customers may want to retain read only copies of some data, this can be arranged following conversations with our technical team.
End-of-contract process
All Software functionality is provided for the duration of the contract with Barrier Networks.

Once the contract has ceased, the organisation will be off-boarded, information securely deleted from the Barrier Networks database, and tenant is removed at no extra cost. Bespoke off-boarding requirements can be purchased via "Barrier Networks Cyber Security Consultancy Services".

Using the service

Web browser interface
Yes
Supported browsers
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
Application to install
No
Designed for use on mobile devices
Yes
Differences between the mobile and desktop service
No difference in service. Interface is scaled for the mobile environment
Service interface
No
User support accessibility
None or don’t know
API
Yes
What users can and can't do using the API
The Umbrella Enforcement API allows partners and customers with their own homegrown SIEM/Threat Intelligence Platform (TIP) environments to inject events and/or threat intelligence into their Umbrella environment.

These events are then instantly converted into visibility and enforcement that can extend beyond the perimeter and thus the reach of the systems that might have generated those events or threat intelligence.

Please see: https://support.umbrella.com/hc/en-us/articles/231248748-Cisco-Umbrella-The-Umbrella-Enforcement-API-for-Custom-Integrations

The Enforcement API can ingest events in the generic event format described in the API documentation and can support ADD, DELETE, or LIST functions.

Please see: https://docs.umbrella.com/enforcement-api/reference/

The Enforcement API integrates security events with Umbrella, Network Devices API integrates hardware and Investigate API lets customers dig into the data to find more about security incidents.

Umbrella Enforcement API: Gives technology partners the ability to send security events from their platform within a mutual customer’s environment to the Umbrella cloud for enforcement.

Umbrella Investigate API: Provides API access to Umbrella threat intelligence and provides querying of our threat database to find emerging threats.

Umbrella API: Helps our technology partners integrate their network devices with the Umbrella dashboard.
API documentation
Yes
API documentation formats
  • HTML
  • PDF
API sandbox or test environment
No
Customisation available
Yes
Description of customisation
The Barrier Networks service is customisable, the customisation required will be captured during onboarding or during BaU service. The SIG service customisation focuses on filtering policies and decisions, connectivity to the service and reporting. The customisation is achieved by customer nominated contract administrators engaging Barrier Networks.

Scaling

Independence of resources
Barrier Networks are reselling a global Cisco Platform so organisations are not at service risk.

Cisco hold a validated design guide detailing configuration maximums and minimums to enable customers to scale from small to large enterprise deployment.

Barrier Networks have a mature staff scaling strategy enabling a response to the demands of our clients from small to enterprise.

Analytics

Service usage metrics
Yes
Metrics types
Customers can request Ad-Hoc reports or Regular Reporting (Weekly, Monthly or Quarterly) can be provided.

Customers can be provided access to the Umbrella interface.
Reporting types
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

Supplier type
Reseller providing extra features and support
Organisation whose services are being resold
Cisco

Staff security

Staff security clearance
Other security clearance
Government security clearance
Up to Developed Vetting (DV)

Asset protection

Knowledge of data storage and processing locations
Yes
Data storage and processing locations
  • United Kingdom
  • European Economic Area (EEA)
  • Other locations
User control over data storage and processing locations
Yes
Datacentre security standards
Supplier-defined controls
Penetration testing frequency
At least once a year
Penetration testing approach
In-house
Protecting data at rest
  • Physical access control, complying with another standard
  • Encryption of all physical media
Data sanitisation process
Yes
Data sanitisation type
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
Equipment disposal approach
A third-party destruction service

Data importing and exporting

Data export approach
Umbrella has the ability to upload, store and archive the traffic activity logs from your organization in the cloud. The archiving of logs is done using the Amazon AWS S3 service. The logs are stored in a compressed (gzip) archive in CSV format. Logs are uploaded every ten minutes so there's a minimum of delay between network traffic coming from your network, being logged by Umbrella and then being available to download from S3. Data is provided upon request by Barrier Networks.
Data export formats
CSV
Data import formats
CSV

Data-in-transit protection

Data protection between buyer and supplier networks
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
Data protection within supplier network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

Guaranteed availability
99.999% made possible through the global network of DNS providers based on Open DNS
Approach to resilience
Cisco Umbrella security research team leverages the Cisco Umbrella global network, the world’s largest security network, which features the industry’s best uptime, and geographically distributed data centers serving 85 million active users daily in 160+ countries.

The combination of our network security services and the Umbrella global network provides the ultimate in coverage, efficacy, and performance, protecting users on any device at any time.

Internet connectivity is optimized via transparent load-balanced Anycast routing — where every data center announces the same IP addresses — and by co-locating with the top internet exchange points across five continents — which shortens routes between Umbrella and every network.
Outage reporting
Email Alerts

Identity and authentication

User authentication needed
Yes
User authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Dedicated link (for example VPN)
  • Username or password
Access restrictions in management interfaces and support channels
Vulnerability Assessment and security alerting for any malicious activity. Each zone is firewalled and there is a separate, out-of-band DMZ network that provides management access to infrastructure.

All management interfaces are made available via the management VLAN only.

The access to out of band management interfaces is restricted via ACL’s and two factor authentication (where supported).

We utilise Role Based Access Control (RBAC) across all services to ensure that once a user is authenticated they can only access the data they are required and authorised to.
Access restriction testing frequency
At least every 6 months
Management access authentication
  • 2-factor authentication
  • Username or password

Audit information for users

Access to user activity audit information
Users contact the support team to get audit information
How long user audit data is stored for
At least 12 months
Access to supplier activity audit information
Users contact the support team to get audit information
How long supplier audit data is stored for
At least 12 months
How long system logs are stored for
At least 12 months

Standards and certifications

ISO/IEC 27001 certification
Yes
Who accredited the ISO/IEC 27001
360 Certification Ltd
ISO/IEC 27001 accreditation date
28th June 2019
What the ISO/IEC 27001 doesn’t cover
N/A
ISO 28000:2007 certification
No
CSA STAR certification
No
PCI certification
No
Cyber essentials
Yes
Cyber essentials plus
Yes
Other security certifications
No

Security governance

Named board-level person responsible for service security
Yes
Security governance certified
Yes
Security governance standards
Other
Other security governance standards
IASME Governance including Cyber Essentials Plus
Information security policies and processes
To date, Cisco Services organisation has achieved ISO 27001 certification globally, including in the scope the services and support for Networking, Data Center, Communications, Video, Collaboration and Security Products and Solutions.

This Privacy Data Sheet describes the processing of personal data (or personal identifiable information) by Cisco Umbrella: https://trustportal.cisco.com/c/dam/r/ctp/docs/privacydatasheet/security/umbrella-privacy-data-sheet.pdf

All employees of Barrier Networks must abide by the Barrier Networks Information Security Policy and Acceptable Use Policy.

Barrier Networks follow the processesCyber Essentials as well as key processes and procedures from 27001.

Operational security

Configuration and change management standard
Supplier-defined controls
Configuration and change management approach
All changes and configuration management follow ITIL V3 best practice.
Vulnerability management type
Supplier-defined controls
Vulnerability management approach
All external facing services are subject to monthly vulnerability scans.

Patching takes place monthly with emergency patching taking place within 1 week of the vulnerability detection.

In extreme circumstances and to protect the security of the organisation and customer, Barrier Networks will patch on the same day.

Vulnerability information is obtained from Cisco's TALOS platform and Cisco TAC.

We use independent feeds using QUALSYS and EDGESCAN scanning engines, correlating all known CVE's, enabling us to establish impact for all managed assets scanned by the platform.
Protective monitoring type
Supplier-defined controls
Protective monitoring approach
Our SOC provides Intrusion Detection Vulnerability Assessment and security alerting for malicious activity.

IDS and Network Monitoring component provides real-time detection of security incidents. If an intrusion/breach is detected, a security alert is issued which generates an automatic ticket within the SOC Helpdesk software.

These tickets are classified based on the Priority.

Our incident response process is designed in alignment with NIST Special Publication 800-61 Revision 2 and is a service that is available to customers.
Incident management type
Supplier-defined controls
Incident management approach
Incident Response Service for managing security incident and is based on NIST Special Publication 800-61 Revision 2 .

Incidents are logged with a unique case reference number and tracked from triage through to resolution via our service desk platform.

We have pre-approved processes / changes for certain tasks, however day to day operation is bespoke per customer and may change depending on the organisation’s needs.

Users can report incidents via email, web or telephone.

Reports are provided via email upon request. Major incident reports are provided within 48 hours of the incident resolution. Updates available upon request.

Secure development

Approach to secure software development best practice
Supplier-defined process

Public sector networks

Connection to public sector networks
No

Social Value

Social Value

Social Value

  • Equal opportunity
  • Wellbeing

Equal opportunity

• To create an environment in which individual differences and the contributions of all our staff are recognised and valued.
• Every employee is entitled to a working environment that promotes dignity and respect to all. No form of intimidation, bullying or harassment will be tolerated.
• Training, development and progression opportunities are available to all staff.
• To promote equality in the workplace which we believe is good management practice and makes sound business sense.
• We will review all our employment practices and procedures to ensure fairness.
• Breaches of our Equality Policy will be regarded as misconduct and could lead to disciplinary proceedings.
• This policy is fully supported by Senior Management.
• The policy will be monitored and reviewed regularly.

Wellbeing

• We promote an open, supportive company culture where employees look out for one another and feel comfortable discussing any difficulties. Mental health is valued equally to physical health.
• Employees have access to confidential counselling, therapy, and other mental health resources through our employee assistance program.
• We encourage taking time off when needed for mental health days in addition to sick days. Employees are trusted to manage their time off responsibly.
• Training is provided to managers on recognizing signs of burnout,
work overload, and other mental health concerns. Managers work to
proactively address issues and reduce employee stress.
• Employee workloads and schedules are designed to be reasonable
and sustainable.
• Wellness initiatives like meditation breaks, stress management
workshops, mindfulness programs, and social events are offered
throughout the year.

Pricing

Price
£20 a user a year
Discount for educational organisations
Yes
Free trial available
Yes
Description of free trial
Free 14 Day Trial available

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at info@barriernetworks.com. Tell them what format you need. It will help if you say what assistive technology you use.