COOLSPIRiT

COOLSPIRiT a Databarracks Company: Barracuda Web Application Firewall (WAF-as-a-Service)

Barracuda Web Application Firewall blocks sophisticated web-based attacks that target the applications hosted on web servers and the sensitive or confidential data to which they have access. Placed between the Internet and web servers, scan all inbound web traffic to block attacks and outbound traffic to prevent data loss.

Features

• OWASP Top 10 Protection
• API Security & Protection
• Advanced Bot Protection
• Realtime Reporting & Analytics
• Denial of Service (DDOS) Protection
• Secure Application Delivery (CDN)
• Risk based attack Detection
• Web Application Protection
• Automation, Reporting, Analytics, and Services

Benefits

• Gain ML-backed adaptive protections to stop latest bots and attacks.
• Automatically discover and protect hidden shadow APIs.
• Simplify security with automated configuration tuning and signature updates.
• Enable DevSecOps teams to move fast, securely.
• Gain deep visibility and automated response capabilities.
• Extend protection to your internal apps.
• Complete N-S and E-W security for hybrid deployments.

£1,100 a server

• Education pricing available
• Free trial available

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at frameworks@coolspirit.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

738548279736603

Contact

Alex Raben
01246 454 222
frameworks@coolspirit.co.uk

Service scope

• Software add-on or extension: Yes
• What software services is the service an extension to: N/A
• Cloud deployment model: Public cloud
• Service constraints: N/A
• System requirements: N/A Cloud Service

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Enhanced support is included with all services. Upgraded support can be purchased; https://www.barracuda.com/support/plans-and-packages
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: WCAG 2.1 AA or EN 301 549
• Phone support: Yes
• Phone support availability: 24 hours, 7 days a week
• Web chat support: No
• Onsite support: No
• Support levels: All Barracuda SaaS software comes with 24x7x365 support services included with the service. Premium support can be purchased at additional cost; https://assets.barracuda.com/assets/docs/dms/Barracuda_Premium_Support.pdf
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: All Barracuda customer have access to Barracuda Campus which documents both how to use the system and gives access to self paced video training. Customer may also purchase Professional Services direct from Barracuda to support installation and delivery of the solution. Professional Services are an additional cost.
• Service documentation: Yes
• Documentation formats: Other
• Other documentation formats: Via Barracuda Campus website
• End-of-contract data extraction: At end of contract Barracuda will destroy any data held within the system within 90 days of license expiry. If customer would like to extract data contract Barracuda Support or Account Manager to discuss options. Professional Services charges may apply for data extraction
• End-of-contract process: At end of contract Barracuda will destroy any data held within the system within 90 days of license expiry. If customer would like to extract data contract Barracuda Support or Account Manager to discuss options. Professional Services charges may apply for data extraction

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
• Application to install: No
• Designed for use on mobile devices: No
• Service interface: Yes
• User support accessibility: None or don’t know
• Description of service interface: Interface is web based and allows for resellers and customers to support environments
• Accessibility standards: None or don’t know
• Description of accessibility: Interface allows for customers to see log data and manage the platform for granular control of application security needs
• Accessibility testing: Not Known
• API: Yes
• What users can and can't do using the API: Configure settings in the system such as application profiles, DDoS protection, URL re-wrties, Application deployment plus much more
• API documentation: Yes
• API documentation formats: Other
• API sandbox or test environment: No
• Customisation available: No

Scaling

• Independence of resources: Barracuda Networks supply a service with an SLA of 99.9%. See link for latest SLA documentation; https://assets.barracuda.com/assets/docs/dms/Barracuda_Email_Protection_SLA.pdf

Analytics

• Service usage metrics: Yes
• Metrics types: Processed Traffic; Volume of Attacks; Type of Attacks; Throughput; average latency plus much more
• Reporting types: Real-time dashboards

Resellers

• Supplier type: Reseller providing extra features and support
• Organisation whose services are being resold: Barracuda Networks

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: None

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations:
  • United Kingdom
  • Other locations
• User control over data storage and processing locations: Yes
• Datacentre security standards: Managed by a third party
• Penetration testing frequency: At least once a year
• Penetration testing approach: In-house
• Protecting data at rest: Physical access control, complying with another standard
• Data sanitisation process: Yes
• Data sanitisation type:
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

• Data export approach: At end of contract Barracuda will destroy any data held within the system within 90 days of license expiry. If customer would like to extract data contract Barracuda Support or Account Manager to discuss options. Professional Services charges may apply for data extraction
• Data export formats: Other
• Other data export formats: Contact helpcentre
• Data import formats: Other
• Other data import formats: Contact Helpcentre

Data-in-transit protection

• Data protection between buyer and supplier networks: TLS (version 1.2 or above)
• Data protection within supplier network: TLS (version 1.2 or above)

Availability and resilience

• Guaranteed availability: Barracuda cloud solutions are built with high availability at the core to ensure uptime of services. Further details can be requested during purchase process.; Barracuda Networks supply a service with an SLA of 99.9%. See link for latest SLA documentation; ; https://assets.barracuda.com/assets/docs/dms/Barracuda_Email_Protection_SLA.pdf
• Approach to resilience: Barracuda cloud solutions are built with high availability at the core to ensure uptime of services. Further details can be requested during purchase process.; Barracuda Networks supply a service with an SLA of 99.9%. See link for latest SLA documentation; ; https://assets.barracuda.com/assets/docs/dms/Barracuda_Email_Protection_SLA.pdf
• Outage reporting: All service outages are published at https://status.barraucda.com. Customers can sign up for proactive email alerts for the service they utilise

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Username or password
• Access restrictions in management interfaces and support channels: Username and password to validate user credentials. HTTPs protocol and SSH interfaces
• Access restriction testing frequency: At least once a year
• Management access authentication:
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Limited access network (for example PSN)
  • Username or password
  • Other
• Description of management access authentication: The Barracuda WAF integrates with a number of two-factor authentication technologies including client certificates, SMS PASSCODES, and hardware tokens such as RSA SecurID to provide strong user authentication.; Integrations: SMS PASSCODES, RSA SecurID.; More on this at Barracuda Campus Online

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: User-defined
• Access to supplier activity audit information: Users have access to real-time audit information
• How long supplier audit data is stored for: User-defined
• How long system logs are stored for: User-defined

Standards and certifications

• ISO/IEC 27001 certification: No
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: Yes
• Other security certifications: Yes
• Any other security certifications: Available on request

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: Other
• Other security governance standards: SOC2 Type 2
• Information security policies and processes: Details around policies and procedures are not published to the public. Information can be requested during procurement if required

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: Details of Controls can be requested from the vendor
• Vulnerability management type: Undisclosed
• Vulnerability management approach: Details can be requested when required
• Protective monitoring type: Undisclosed
• Protective monitoring approach: Details can be requested when required
• Incident management type: Undisclosed
• Incident management approach: Details can be requested when required

Secure development

• Approach to secure software development best practice: Supplier-defined process

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  Fighting climate change

  Fighting climate change

  As an organisation, COOLSPIRiT is wholly committed to improving our social & sustainability record and drive real change through to delivery of our contracts. We take great pride working with our supply chain and customers to understand how our services can be provided with reduced emissions seeking a net zero impact on our environment. We employ a number of activities / initiatives to help accelerate us towards our global population becoming carbon neutral, including, Partnering with World Land Trust to plant trees in Borneo, SME Climate Commitment, Working from solar-powered offices, Availability of electric car charge points, Electric-powered company vehicles, Upgrading to LED lighting throughout our offices, Eradicating the use of single-use plastic, Achieving ISO 14001 Certification, Supporting the 721 Challenge. We understand that our business has a direct impact on the environment, so we're actively working towards best practices in the technology sector. In regard to our Social Responsibility, we also thrive on making differences wherever possible, be it big or small, to help support the overall impact that organisations can have on our local communities. Initiatives we have in place include, Apprenticeships for local people, Employment skills structure, Supporting the community, Donations of technology equipment, Local collaboration, Sustainability and environmental focus, Supporting Charity. We're excited to have now partnered with the World Land Trust (Registered Charity No. 1001291) as a corporate supporter. The World Land Trust carries out essential reforestation projects, supporting conservation and creation of wildlife-rich habitats benefitting local communities, reconnecting forest areas, and storing carbon. In addition to the measures noted above we will automatically plant a tree for every contract placed with us. More information can be found on our website https://www.coolspirit.co.uk/

Pricing

• Price: £1,100 a server
• Discount for educational organisations: Yes
• Free trial available: Yes
• Description of free trial: 30 days free trial
• Link to free trial: http://webgateway.barracuda.com/cgi-mod/index.cgi

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at frameworks@coolspirit.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.