Barrier Networks

Barrier Networks Centri for Secure Email Gateway (Cisco Email Security)

Centri for Secure Email Gateway is a flexible, industry leading, deployment agnostic service backed by real time threat intelligence data that ensures your organisation is continuously and robustly protected from email-based threats including social engineering vectors.

Features

• Threat Intelligence
• Outbreak Filters
• Spam Filtering
• Ransomware and Malware Protection
• Phishing Protection
• Data Loss Protection
• Encryption
• Brand Protection
• Graymail
• Forged email detection

Benefits

• Prevents inbound malicious threats & outbound data loss risks
• Creates IT operational efficiencies

£10 a user a month

• Education pricing available
• Free trial available

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at info@barriernetworks.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

929644309170644

Contact

Iain Slater
0141 356 0101
info@barriernetworks.com

Service scope

• Software add-on or extension: No
• Cloud deployment model:
  • Public cloud
  • Private cloud
• Service constraints: None
• System requirements: Microsoft Office O365

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Please see service description
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: None or don’t know
• Phone support: Yes
• Phone support availability: 24 hours, 7 days a week
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: Please see service description
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: Please see service description
• Service documentation: Yes
• Documentation formats: PDF
• End-of-contract data extraction: Request to our service desk
• End-of-contract process: At contract end the customer can request all information held in the service. Any project work to support transition to another service will be costed separately.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
• Application to install: No
• Designed for use on mobile devices: No
• Service interface: No
• User support accessibility: None or don’t know
• API: Yes
• What users can and can't do using the API: The AsyncOS API for Cisco Email Security appliances (or AsyncOS API) is a representational state transfer (REST) based set of operations that provide secure and authenticated access to the Email Security appliance reports, report counters, and tracking. You can retrieve the Email Security appliance reporting and tracking data using the API.; ; https://www.cisco.com/c/en/us/td/docs/security/esa/esa13-0/api/b_ESA_API_Guide/b_ESA_API_Guide_chapter_01.html
• API documentation: Yes
• API documentation formats: HTML
• API sandbox or test environment: No
• Customisation available: Yes
• Description of customisation: Please see service description

Scaling

• Independence of resources: Cisco Email Security in the cloud provides you with a flexible deployment model for email security. It helps you reduce costs with co-management and no onsite email security infrastructure. Dedicated email security deployments in multiple resilient Cisco data centers provide the highest levels of service availability and data protection.

Analytics

• Service usage metrics: Yes
• Metrics types: These will be defined by the customer but can include all reporting functionality in the Cisco solution.
• Reporting types:
  • Regular reports
  • Reports on request

Resellers

• Supplier type: Reseller providing extra features and support
• Organisation whose services are being resold: Cisco, Fortinet

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: Up to Developed Vetting (DV)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations:
  • United Kingdom
  • European Economic Area (EEA)
• User control over data storage and processing locations: Yes
• Datacentre security standards: Supplier-defined controls
• Penetration testing frequency: At least once a year
• Penetration testing approach: Another external penetration testing organisation
• Protecting data at rest:
  • Physical access control, complying with another standard
  • Encryption of all physical media
  • Scale, obfuscating techniques, or data storage sharding
• Data sanitisation process: Yes
• Data sanitisation type: Explicit overwriting of storage before reallocation
• Equipment disposal approach: In-house destruction process

Data importing and exporting

• Data export approach: You can export raw data to a comma-separated values (CSV) file, which you can access and manipulate using database applications such as Microsoft Excel.
• Data export formats: CSV
• Data import formats: CSV

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

• Guaranteed availability: Dedicated email security deployments in multiple resilient Cisco data centers provide the highest levels of service availability and data protection. This service is all inclusive, with software, computing power, and support bundled for simplicity.
• Approach to resilience: Dedicated email security deployments in multiple resilient Cisco data centers.
• Outage reporting: Email alerts

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Username or password
• Access restrictions in management interfaces and support channels: Cisco enforces the rule of least privilege through segregation of duties and access restriction based by roles and job functions. Cisco has an account administration application that provides a central access point to request and perform administrative functions for account requests across multiple platforms. This includes accounts for applications, hosts, databases, and responsibilities. ; Through segregation of duties and access restrictions, Cisco protects information from unauthorized use. Cisco restricts the use of generic and shared accounts and has provisioning controls that govern the lifecycle of generic services and administrative accounts.
• Access restriction testing frequency: At least once a year
• Management access authentication:
  • 2-factor authentication
  • Username or password

Audit information for users

• Access to user activity audit information: Users receive audit information on a regular basis
• How long user audit data is stored for: At least 12 months
• Access to supplier activity audit information: Users receive audit information on a regular basis
• How long supplier audit data is stored for: User-defined
• How long system logs are stored for: At least 12 months

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: 360 Certification Ltd
• ISO/IEC 27001 accreditation date: 28th June 2019
• What the ISO/IEC 27001 doesn’t cover: Available on request
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: Yes
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: ISO/IEC 27001
• Information security policies and processes: Available on request

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: Cisco uses a formal change management system that documents, maintains, and archives changes made to the IT infrastructure. Requests for change management are documented, reviewed, and approved. Changes are appropriately developed and tested before and after implementation. Implementation plans are documented, communicated, and coordinated between change implementers and relevant end-users; . The effectiveness of change management at Cisco is measured to identify areas for improvement. Production and non-production environments are segregated. The Cisco Secure Development Lifecycle details the documentation and review requirements for all software changes. Version control systems retain all versions of source code indefinitely.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: Cisco follows a patch management life cycle from development to stage to production. The cycle time depends on the criticality of the patch. The Security Alert tiger team evaluates vulnerabilities that are identified through the various organizations and categorizes them as applicable to Cisco and its environment. The vulnerabilities are rated using the Common Vulnerability Scoring System (CVSS). These ratings are reviewed with the appropriate support teams who analyze business impact and collectively determine implementation timeframes (for example, in the next patch cycle or if an immediate fix is required).
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: The Cisco Computer Security Incident Response (CSIRT) monitors Intrusion Detection Systems (IDS) using network- and host-based IDS. Cisco has deployed IDS at the perimeter and other internal network choke points to provide alerts for security incidents. CSIRT has full-time, dedicated resources that run daily reports for potentially dangerous activities (for example, malicious code spread).; The audit log reviews determine the level of monitoring and controls in place to ensure authorized activity.
• Incident management type: Supplier-defined controls
• Incident management approach: The security culture at Cisco emphasizes ownership and responsibility. Employees and customers are encouraged to identify and report weaknesses.; Cisco has an established Computer Security Incident Response Team (CSIRT) that provides proactive threat analysis, incident detection, and coordinated incident response. CSIRT coordinates and investigates policy violations, unauthorized access to Cisco assets, malicious code related incidents, and other security incidents.

Secure development

• Approach to secure software development best practice: Supplier-defined process

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  • Equal opportunity
  • Wellbeing

  Equal opportunity

  • To create an environment in which individual differences and the contributions of all our staff are recognised and valued.; • Every employee is entitled to a working environment that promotes dignity and respect to all. No form of intimidation, bullying or harassment will be tolerated.; • Training, development and progression opportunities are available to all staff.; • To promote equality in the workplace which we believe is good management practice and makes sound business sense.; • We will review all our employment practices and procedures to ensure fairness.; • Breaches of our Equality Policy will be regarded as misconduct and could lead to disciplinary proceedings.; • This policy is fully supported by Senior Management.; • The policy will be monitored and reviewed regularly.

  Wellbeing

  • We promote an open, supportive company culture where employees look out for one another and feel comfortable discussing any difficulties. Mental health is valued equally to physical health.; • Employees have access to confidential counselling, therapy, and other mental health resources through our employee assistance program.; • We encourage taking time off when needed for mental health days in addition to sick days. Employees are trusted to manage their time off responsibly.; • Training is provided to managers on recognizing signs of burnout, ; work overload, and other mental health concerns. Managers work to ; proactively address issues and reduce employee stress.; • Employee workloads and schedules are designed to be reasonable ; and sustainable. ; • Wellness initiatives like meditation breaks, stress management ; workshops, mindfulness programs, and social events are offered ; throughout the year.

Pricing

• Price: £10 a user a month
• Discount for educational organisations: Yes
• Free trial available: Yes
• Description of free trial: Please contact Barrier Networks for details

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at info@barriernetworks.com. Tell them what format you need. It will help if you say what assistive technology you use.