Cyberfort Ltd

Managed Firewall

Cyberfort’s Managed Firewall Service draws on our experience and depth of knowledge in perimeter security and is a fully-managed service that ensures best practices are employed in the initial setup and ongoing management of your firewall rules and policies.

Features

• Advanced protection options: Intrusion Detection/Prevention, IPSec and TLS VPN
• Bespoke design for every business use case
• Security-focused advisory service, review of each request for network safety
• Experienced security team with many years experience defending against cyber-threat
• Multi-vendor offering to suit customer needs
• UK-based, ex-MoD, ISO27001, PCI-DSS and CE+ certified datacentres

Benefits

• Logically segment networks into different zones of trust
• Improve security with best-practice configuration delivered by security specialists
• Mitigate safety concerns and fend off network threats
• Built by security specialists to the highest standards of compliance
• Minimal attack surface and least-privilege design
• Fully-managed firewall service offerings tailored to your business need
• Enhance business confidence in secure, consistent delivery of IT services
• Maximize your uptime with our high-availability (HA) service offering
• Assured UK data residency and sovereignty
• 24/7/365 monitoring by our ever-vigilant, UK-based Operations Team

£100 an instance a month

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

• Modern Slavery statement

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at bidmanagement@cyberfortgroup.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 13

Service ID

674073649192713

Contact

Cyberfort Bid Team
01635 015600
bidmanagement@cyberfortgroup.com

Service scope

• Service constraints: The Managed Firewall Service is fully managed by Cyberfort so all configuration changes and firewall rules should be submitted to the service desk and actioned by the security team. On setup we will agree a regular maintenance window which will be required to upgrade and patch the firewall device. For HA customers impact can be limited to a risk window where the HA mechanism will keep traffic flowing whilst maintenance is being carried out.
• System requirements:
  • Open source offering requires no license
  • Commercial offering may require additional license

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Cyberfort’s Service Desk operates 24 hours a day 365 days a year and is primary point of contact for any incidents, requests or escalations.; Each inbound query made by the client is captured by Cyberfort’s ticketing system and assigned a unique reference number with an appropriate priority rating. ; A ticket number will be issued with an initial response within the first 15 minutes of logging a query and resolution times will be subject to the priority rating assigned.
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: WCAG 2.1 AA or EN 301 549
• Phone support: Yes
• Phone support availability: 24 hours, 7 days a week
• Web chat support: Web chat
• Web chat support availability: 24 hours, 7 days a week
• Web chat support accessibility standard: WCAG 2.1 AA or EN 301 549
• Web chat accessibility testing: In regard to assistive users, our Online Chat service provider (Microsoft) undertakes and publishes regularly and routine testing for assistive requirements: https://www.microsoft.com/en-us/accessibility/
• Onsite support: Yes, at extra cost
• Support levels: Effective service management is the key to the smooth delivery of our G-Cloud services during our engagement with clients, and as a result, they will receive secure, flexible and reliable services from Cyberfort utilising robust support and service management processes and best practice. From the Service Desk to your dedicated Account Manager, all are in place to manage the relationship across your business and ensure that you receive the right engagement to help drive and deliver a great service. ; • Cyberfort’s Service Desk operates 24 hours a day 365 days a year and is primary point of contact for any incidents, requests or escalations.; • The Cyberfort Service Desk team will proactively manage all support calls to resolution, escalating incidents and problems in line with comprehensive operational level agreements, service level agreements and any third-party underpinning contracts.; • We place significant importance on the support and service management function that is provided for each contract according to operational requirements. ; • This is integrated into contracts and built into the price. ; • Ongoing support and management will be led by a dedicated Account Manager supported by Service Delivery Manager, Technical Champion, and our team of specialists and subject matter experts.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: Cyberfort applies the core principle of providing you with an assured and auditable approach to the design and delivery of our Cloud Hosting services. We take a “one team” approach, working with clients, engaging with stakeholders, and focusing on business objectives, to build relationships that are conducive to agile delivery of project outcomes. ; Service initiation and on-boarding are covered during project delivery to ensure clients maximise the value of their investment, and include the following elements: ; • Clients will receive a ‘Welcome Pack’ containing details of the service, key contacts, processes and services that they should be aware of. ; • Project Manager (PM) will lead a Project-Kick Off meeting with the client. ; • A ‘Delivery and Implementation Plan’, defining project specific deliverables, dependencies, resource requirements and timeframes. ; • Scheduled reporting, validation and agreement of all project deliverables at key milestones. ; • Full risk assessment conducted across all aspects of the project. ; • Operational Acceptance to record SLA’s that the Project, Technical Delivery, Facilities and Service Support Teams will follow to ensure services are introduced consistently and efficiently. ; Additional, focused training is available at an extra cost.
• Service documentation: Yes
• Documentation formats: PDF
• End-of-contract data extraction: There is no user data, only firewall configuration which are securely deleted upon end-of-contract. The firewall logs are deleted from the device with a military grade disk wipe. The disk is then physically destroyed.
• End-of-contract process: Clients can choose to ‘off-board’ services from Cyberfort as follows: ; • Provide three months' notice in writing (to expire on or after the Initial Term), to their account manager (directly or via the Service Desk), who will assist in arranging any required off-boarding services and the deletion of client data. ; • Once the required works are agreed and the client has exported their data, Cyberfort will shut down and destroy any remaining services. ; • Fees may apply for off-boarding technical work and process management.

Using the service

• Web browser interface: No
• API: No
• Command line interface: No

Scaling

• Scaling available: No
• Independence of resources: Physical firewalls are dedicated for the sole use of the customer. Virtual firewalls can have dedicated resource reservations that cannot be breached by other users. The guarantee of virtual resource reservation is provided by the underlying hypervisor.
• Usage notifications: Yes
• Usage reporting: Email

Analytics

• Infrastructure or application metrics: Yes
• Metrics types:
  • CPU
  • HTTP request and response status
  • Network
  • Number of active instances
• Reporting types: Real-time dashboards

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Conforms to BS7858:2019
• Government security clearance: Up to Developed Vetting (DV)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: Yes
• Datacentre security standards: Supplier-defined controls
• Penetration testing frequency: Never
• Protecting data at rest:
  • Physical access control, complying with CSA CCM v3.0
  • Other
• Other data at rest protection approach: Encryption of physical media where physical location cannot be controlled or subject to client requirements.
• Data sanitisation process: Yes
• Data sanitisation type:
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
  • Hardware containing data is completely destroyed
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Backup and recovery

• Backup and recovery: Yes
• What’s backed up:
  • Firewall configuration files
  • Firmware
• Backup controls: There is no user control of backups. A backup is made by Cyberfort upon every configuration change.
• Datacentre setup: Multiple datacentres
• Scheduling backups: Supplier controls the whole backup schedule
• Backup recovery: Users contact the support team

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • TLS (version 1.2 or above)
  • Other
• Other protection between networks: SSH with public key encryption
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Other
• Other protection within supplier network: SSH with public key encryption

Availability and resilience

• Guaranteed availability: Service availability achieved within any month shall be calculated monthly as follows: (Total online hours of availability – service downtime) x 100% Total online hours of availability. ; ; The service availability calculation above will exclude any time which occurred as a result of events outside the control of Cyberfort. In the event the target service availability level is not achieved when measured over a monthly period, the following service credits shall apply: For each full percentage point (1%) by which the availability in any month is reduced below the target availability, a service credit shall be due which is equal to 5% of the monthly charge for the affected service line subject to a maximum of 100% of the affected service line for the month.
• Approach to resilience: Cyberfort has two data centres in geographically separate locations. This enables Cyberfort to offer solutions such as infrastructure mirroring or a warm standby environment, both available should your primary environment become unavailable for any reason. Cyberfort data centres are linked to one another and to the Internet via fully redundant diverse circuits. ; Customer Environments are deployed according to the specific requirements of the customer.; ; Datacentre infrastructure is designed in a N+1 or N+N depending on requirements or infrastructure type. ; ; Network ISP services are deployed in a N+N configuration. ; ; Power & A/C ; 2×11,000 Volt HV Feeds. Primary feed direct from national grid sub-station ; Backup Generators ; Various UPS systems capable of supplying dual UPS feeds ; N+1 chilled water system, with zoned hotspot directional air provision sensors; ; Communications; Carrier Neutral Facility ; Multiple Internet Service Providers; Diverse Independent Risers from highway to data floors; Choice of ISP’s/Telecommunications providers; Satellite dish and Microwave space available
• Outage reporting: Cyberfort Managed Firewall services are continuously monitored, with alerts automatically responded to by the Cyberfort technical support teams.; Customer notifications are managed via our ticketing system / Email

Identity and authentication

• User authentication:
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Dedicated link (for example VPN)
  • Username or password
• Access restrictions in management interfaces and support channels: Access restrictions are typically defined by the client. Cyberfort recommend access via VPN only or SSH with Public Key Authentication for firewall systems. IP Access Control Lists can be implemented to restrict the source of traffic to authorized VPN and SSH endpoints if required.
• Access restriction testing frequency: At least once a year
• Management access authentication:
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Dedicated link (for example VPN)
• Devices users manage the service through: Any device but through a bastion host (a bastion host is a server that provides access to a private network from an external network such as the internet)

Audit information for users

• Access to user activity audit information: Users contact the support team to get audit information
• How long user audit data is stored for: User-defined
• Access to supplier activity audit information: You control when users can access audit information
• How long supplier audit data is stored for: User-defined
• How long system logs are stored for: User-defined

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: BSi
• ISO/IEC 27001 accreditation date: Valid from:19/05/20 - Expires: 18/05/2023
• What the ISO/IEC 27001 doesn’t cover: A14.2.7 Outsourced Development 15.1.3 Information, Communication and technology supply chain
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: Yes
• Who accredited the PCI DSS certification: 247 CyberLabs Ltd
• PCI DSS accreditation date: Valid from: 05/09/2021 Expires:05/09/2022
• What the PCI DSS doesn’t cover: Requirement 3 Requirement 4 Appendix A1 Appendix A2
• Cyber essentials: Yes
• Cyber essentials plus: Yes
• Other security certifications: Yes
• Any other security certifications: Data Security and Protection Toolkit

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: ISO/IEC 27001
• Information security policies and processes: As an ISO 27001 accredited company, Cyberfort recognize the importance of Information Technology (IT) and its impacts on Information Security and have designed our ‘IT Information Security Policy’ to ensure correct and secure operations are maintained across or organization. The policy applies to all our operations and all that we do, including 3rd parties, recruitment, IT security, and physical security amongst other subjects. ; ; To ensure that the importance of each information security area is not missed or vague, we use separate policies and procedures for each information security area and where applicable, including; business continuity, breach management, physical and environment security, HR resource security, incident management, asset management, access control, supplier relationships, and information management policies. ; ; Cyberfort’s Group Data Protection & Compliance Officer is responsible for managing and directing our Information Security efforts within this organization and that our policies are approved at board level. ; ; The IT Information Security Policy is reviewed annually as a matter of course, considering our organizational or technical infrastructure, legislation, and incident reviews. An Information governance and compliance team is in place with clear roles of responsibilities to manage and maintain the compliancy frameworks within the business

Operational security

• Configuration and change management standard: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Configuration and change management approach: Cyberfort's change management policy is documented and audited as part of our ISO27001 accreditation and ensures all changes are auditable and subject to the correct level of scrutiny based on the potential risk and impact.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: Cyberfort use continual vulnerability monitoring to alert us to threats in real-time and in the face of constant changes to our services. An annual infrastructure assessment is commissioned to perform more detailed analysis. Critical vulnerabilities are patched or mitigated within 30 days.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: Cyberfort deploy next generation endpoint security agents which constantly assess the behavior of the servers and endpoints for malicious or threatening activity. Threats are notified to out 24x7x365 Service Desk for remediation.
• Incident management type: Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
• Incident management approach: Cyberfort operate ISO27001 and ITIL process for Incident Management, with defined paths for escalation which are dependent on Impact and Urgency. Users can report Incidents by Email, Telephone or Self Service Portal. Incident Reports are provided via Email.

Secure development

• Approach to secure software development best practice: Supplier-defined process

Separation between users

• Virtualisation technology used to keep applications and users sharing the same infrastructure apart: Yes
• Who implements virtualisation: Supplier
• Virtualisation technologies used: Other
• Other virtualisation technology used: Vmware, ; KVM Hypervisor, ; Red Hat Virtualisation
• How shared infrastructure is kept separate: Physical firewalls are dedicated for the sole use of a single client. Where multi-tenant infrastructure is used (Virtual Firewalls), each organization has a dedicated set of VLANs which run through the infrastructure. The underlying Hypervisor is trusted to protect against cross vm interference and are patched to mitigate against exploits.

Energy efficiency

• Energy-efficient datacentres: No

Social Value

• Fighting climate change:

  Fighting climate change

  Cyberfort are committed to fighting climate change and promoting sustainable development by reducing, as far as practical, our environmental impacts from business activities and as a result, an Environmental Management System (EMS) has been implemented which meets the requirements of BS EN ISO 14001:2015. ; For example, against MAC 4.1 we are committed to achieving Net Zero by 2050. We have policy commitments to become a net-zero and environmentally conscious company by conserving energy, minimising consumption, reducing, and preferring low pollution materials, maximising environmental efficiency, whilst ensuring waste is managed and controlled. ; Key Areas of focus; • Cyberfort to consider who we purchase goods and services from ensuring providers are targeting net-zero initiatives and consider environmental impacts.; • Assess external provider environmental policies and sustainable product and services.; • Ensure ethical, equality, human rights and employee standards are met. Preferring external providers who are firmly committed to enhancing their environmental performance.
• Covid-19 recovery:

  Covid-19 recovery

  Cyberfort commits to supporting the Covid-19 recovery, for example against MAC 1.5 we are undertaking regular Risk Assessments, implementing the following improvements in line with Risk Assessment findings and validated with our external Health & Safety partner:; • Closure of 3 offices where social distancing was not possible or appropriate, moving staff to either remote or hybrid working contracts.; • Reassessed our COVID risk assessment to ensure that appropriate controls remain.; • Allowing teams to return to remaining offices as required by managers for planning, collaboration or team-building meetings.; • Deconflicting teams on-site, continuing the ability to maintain controls where necessary.; • Provision of Lateral Flow Test kits for all remaining offices. ; • Maintaining all sanitization stations and controls.; • Maintaining effective social distancing where appropriate.
• Tackling economic inequality:

  Tackling economic inequality

  Cyberfort is committed to tackling economic inequality, through supporting new businesses, new employment opportunities and development of new skills. We are currently signatories of the Tech Talent Charter and the Armed Forces Covenant and are a Disability Confident Employer. Most recently we have become founding members of Neurodiversity in Business and we have partnered with to Lexxic help us on our journey to becoming a Neurodiversity Smart employer. ; ; Specific commitments for example are: ; Against MAC 2.2 - Cyberfort will be offering Apprenticeship placements in 2022. ; ; Against MAC 2.3 – We have long been advocates of education and sharing our knowledge and regularly interact with local schools, colleges and universities and has been involved in supporting the East Kent Colleges in the development of the Cybersecurity GNVQ qualification. We have various work experience schemes in place for school children and contribute to virtual careers fairs in the Kent Area. ; ; Against MAC 3.5 - With cyber security at the heart of Cyberfort, we have adopted the required technical standards and best practice as a basis for appropriate cyber security controls, including both our compliance and cybersecurity practices have NCSC certified services.
• Equal opportunity:

  Equal opportunity

  Cyberfort is an equal opportunities employer and commits to supporting Equal Opportunities through Social Value. We value people as individuals with diverse opinions, cultures, lifestyles and circumstances. All employees are covered by our Equality & Diversity policy and it applies to all areas of employment including recruitment, selection, training, deployment, career development, and promotion. These areas are monitored, and policies and practices are amended, to ensure that no unfair or unlawful discrimination, intentional, unintentional, direct or indirect, overt or latent exists. As part of our ambition to be a Neurodiversity Smart employer, we will be auditing all our recruitment and selection processes to ensure we are inclusive of neurodivergent individuals. ; ; Specific commitments for example are: ; Against MAC 6.2 - We provide training, development and progression opportunities to all staff to support in-work progression. We are committed to ensuring that each employee/contractor is given the opportunity to develop within the organization, in accordance with ability, ambition and opportunities available. As a commitment to people, Cyberfort encourages everyone to reach the fullest potential with opportunities available. We have recently launched an internal mentoring scheme, connecting employees with experienced professionals who can support them with their professional journeys. ; ; Against MAC 6.3 - While Cyberfort is not required under S.54 of the Modern Slavery Act 2015 to have an Anti-Slavery Policy, we feel passionately that we must act ethically and transparently in every situation and consequently have set out the steps that we have taken, and are continuing to take, to ensure that modern slavery or human trafficking is not taking place within our business or supply chain. Modern slavery encompasses slavery, servitude, human trafficking and forced labour. We have a zero–tolerance approach to any form of modern slavery.
• Wellbeing:

  Wellbeing

  Cyberfort fully supports and is committed to supporting Wellbeing, for example against MAC 7.1, we have understood the issues relating to health and wellbeing, including physical and mental health and have the delivered the following to support our workforce: ; ; Mental Health First Aiders – We have 9 fully trained Mental Health First Aiders within our workforce. They are a point of contact and reassurance for any person who may experience a mental health issue of emotional distress, offering an ear, cuppa and support and where needed signpost people to the appropriate services for further support. ; ; Awareness Days – Through awareness we can support one another. We have organised and promoted events for the workforce, for example in February we offered a Free Webinar ‘5 ways to increase your happiness in 2022’ with Dr Andy Cope (the doctor of happiness) and we will be supporting Mental Health week in May with various activities each day. ; ; Wellbeing Page - We have a Wellness Page on Cyberfort’s SharePoint that provides information on support available from Cyberfort, our Mental Health First Aiders, and links around advice from other organisations such as: ; • Working from home - a Wellness Action Plan by Mind ; • Every Mind Matters One You by the NHS; • App for meditation and relaxation by Calm; • 5 steps to mental wellbeing by the NHS

Pricing

• Price: £100 an instance a month
• Discount for educational organisations: No
• Free trial available: No

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

• Modern Slavery statement

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at bidmanagement@cyberfortgroup.com. Tell them what format you need. It will help if you say what assistive technology you use.