Barrier Networks

Barrier Networks Managed Security Operation Centre Service

Barrier Networks Managed Security Operation Centre provides customers with a cost-effective, advanced intrusion detection capability which enables them to identify and respond to cyber attacks.
We’ve designed and built a platform using a suite of security products that we manage centrally.

Features

  • Security/threat prevention rules targeting known/unknown threats, blocking attacks
  • Protect critical business applications from both external and internal attacks
  • Advanced Malware Protection (AMP) discover, track, contain, and block
  • IPS Signatures updates & monitor and understand traffic patterns
  • Actionable threat intelligence
  • Centralised logging and event correlation
  • Network intrusion detection systems
  • Host-based intrusion detection agents

Benefits

  • Provides multiple threat protection
  • Can detect/stop attacks that other security controls cannot
  • Helps implement security good practices
  • Signatures can offer a high level of precision and accuracy
  • Can reduce amount of network traffic reaching other security controls
  • Supports tuning of detection capabilities

Pricing

£1000 per device per year

Service documents

G-Cloud 10

125365909586725

Barrier Networks

Iain Slater

0141 356 0101

info@barriernetworks.com

Service scope

Service scope
Service constraints Any constraints will be identified through discussion with the buyer.
System requirements Barrier Networks' policy is leveraging clients existing investments wherever possible.

User support

User support
Email or online ticketing support Email or online ticketing
Support response times We automatically acknowledge receipt of questions immediately. Resolution times will be according to the SLA for the service.
User can manage status and priority of support tickets Yes
Online ticketing support accessibility None or don’t know
Phone support Yes
Phone support availability 9 to 5 (UK time), Monday to Friday
Web chat support No
Onsite support Yes, at extra cost
Support levels A technical account manager or equivalent is available to act as a point of contact in respect of the service 9 to 5 (UK time), Monday to Friday.
Longer hours are optionally supported unless already provided for in the offer.
Support available to third parties Yes

Onboarding and offboarding

Onboarding and offboarding
Getting started We help users make use of our services through training and documentation as appropriate on a case by case basis.
Service documentation Yes
Documentation formats PDF
End-of-contract data extraction Arrangements for Buyer data to be extracted can be agreed at the start of each contract, and the execution of such arrangements can be completed as part of the contract close down procedures.
End-of-contract process At the end of the contract, Barrier Networks can review with the Buyer:
that contractual obligations have been met,
that invoices have been raised and paid,
that no outstanding, documented issues remain (unless agreed otherwise),
that access rights have been terminated and user IDs deleted and
that data had been backed up and recovered as appropriate

Using the service

Using the service
Web browser interface No
API No
Command line interface No

Scaling

Scaling
Scaling available No
Independence of resources The service is hosted in the cloud meaning there is availability for expansion should the vendor require it. However demand should not impact multiple customers across the service
Usage notifications Yes
Usage reporting Email

Analytics

Analytics
Infrastructure or application metrics Yes
Metrics types
  • Number of active instances
  • Other
Other metrics Contact Barrier Networks for details of any other metrics required.
Reporting types
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

Resellers
Supplier type Reseller providing extra features and support
Organisation whose services are being resold Alien Vault, F5, Symantec, Cisco, Fortinet

Staff security

Staff security
Staff security clearance Conforms to BS7858:2012
Government security clearance Up to Developed Vetting (DV)

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations
  • United Kingdom
  • European Economic Area (EEA)
  • EU-US Privacy Shield agreement locations
User control over data storage and processing locations Yes
Datacentre security standards Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency At least once a year
Penetration testing approach In-house
Protecting data at rest
  • Physical access control, complying with CSA CCM v3.0
  • Physical access control, complying with SSAE-16 / ISAE 3402
Data sanitisation process Yes
Data sanitisation type
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
Equipment disposal approach Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Backup and recovery

Backup and recovery
Backup and recovery No

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
Data protection within supplier network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

Availability and resilience
Guaranteed availability Barrier Networks service hours for the Managed service are 8 x 5 (8 hours per day [9am – 5pm] x 5 day per week [Monday – Friday], 365 days per year.
Barrier Networks will be responsible for the health monitoring of managed service components. This includes: proactive polling of devices, patch management and monitoring of device data (Interface up/down, AC power loss, Cold/Warm Start, Environmental e.g. temperature, CPU, Memory, Disk Space, Critical Service Status and Thresholds).
Barrier Networks will ensure the appropriate person is contactable within the service hours, as described above, by telephone, email, SMS or other equivalent communication.
Barrier Networks operate a ticketing system based on priority levels to ensure the correct assistance is available under different circumstances – this is outlined below:

Priority Level Update - 1, Time Frequency – 1 Hour, Escalation Point – SOC Manager
Priority Level Update - 2, Time Frequency – 2 Hour, Escalation Point – Allocated Service Delivery Manager
Priority Level Update - 3, Time Frequency – 8 Hour, Escalation Point – Allocated Service Delivery Manager
Approach to resilience Available on Request
Outage reporting Email alerts

Identity and authentication

Identity and authentication
User authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Dedicated link (for example VPN)
  • Username or password
Access restrictions in management interfaces and support channels Vulnerability Assessment and security alerting for any malicious activity. Each zone is firewalled and there is a separate, out-of-band DMZ network that provides management access to infrastructure. The access to our of band management interfaces is restricted via ACL’s and two factor authentication (where supported). We utilise Role Based Access Control (RBAC) across all services to ensure that once a user is authenticated they can only access the data they are required and authorised to.
Access restriction testing frequency At least once a year
Management access authentication
  • 2-factor authentication
  • Dedicated link (for example VPN)
  • Username or password
Devices users manage the service through Dedicated device over multiple services or networks

Audit information for users

Audit information for users
Access to user activity audit information Users receive audit information on a regular basis
How long user audit data is stored for At least 12 months
Access to supplier activity audit information Users receive audit information on a regular basis
How long supplier audit data is stored for At least 12 months
How long system logs are stored for At least 12 months

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification No
ISO 28000:2007 certification No
CSA STAR certification No
PCI certification No
Other security certifications Yes
Any other security certifications IASME Governance including Cyber Essentials Plus

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance certified Yes
Security governance standards Other
Other security governance standards IASME Governance including Cyber Essentials Plus
Information security policies and processes All employees of Barrier Networks must abide by the Barrier Networks Information Security Policy and Acceptable Use Policy. Additionally, the SOC operates under the SOC process and playbook guidelines which detail the processes for standard operational procedures and incident handling. The Barrier Networks SOC SOP’s ensure that SOC data is handled in a secure fashion and that a manager-authorised, risk based approach is utilised when actions are not covered by documented process. The SOC Analysts report into the SOC Team Leader who reports to the Head of Managed Services. The Head of Managed Services is a director level appointment and reports to the Managing Director.

Operational security

Operational security
Configuration and change management standard Supplier-defined controls
Configuration and change management approach PRINCE2 project management framework for onboardinging new clients to our service and an ITIL Service Management aligned operational model to ensure that once service is deployed it is managed safely and securely. We have an internal change management approval process for managing changes to the technical environment which requires approval from the change raisers line manager. When a change is raised, a BIA (Business Impact Assessment) form is completed on the change management interface that documents any potential risks to the confidentiality, availability or integrity of the service.
Vulnerability management type Supplier-defined controls
Vulnerability management approach Our SOC provides Intrusion Detection (via active scanning and passive network monitoring), Vulnerability Assessment and security alerting for any malicious activity. If we identify vulnerable services within our environments (managed service zone or operational zone), a ticket is raised automatically by the vulnerability scanner. The ticket is automatically classified as Informational/Low/Medium/High/Critical, These are then prioritised for remediation with all Critical and High closed within an SLA of 5 days. We deploy all critical and high security patches within 5 days and standard patches with 14 days. The information from the vulnerabilities come from AlienVault OTX and Tenable Nessus vulnerability scanner.
Protective monitoring type Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Protective monitoring approach Our SOC provides Intrusion Detection Vulnerability Assessment and security alerting for malicious activity. IDS and Passive Network Monitoring component provides real-time detection of security incidents. If an intrusion/breach is detected, a security alert is issued which generates an automatic ticket within the SOC Helpdesk software. These tickets are classified based on the category of alert but a compromise of our infrastructure would be classed as a critical which would trigger our incident response process. Our incident response process is designed in alignment with NIST Special Publication 800-61 Revision 2 and is a service that we offer to customers as well.
Incident management type Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
Incident management approach Incident Response Service for managing security incident and is based on NIST Special Publication 800-61 Revision 2 . Any security incidents would be reported to our security operations centre who would then follow our Incident Response Service process to close the incident and remove the threat. Our incident reports consist of the incident log book, lessons learned and the location of archived evidence. We report security incidents related to Barrier Networks via National Cyber Security Centre and Police Scotland. These reports are provided as encrypted file archives that each file cryptographically hashed and the hashes recorded separately for forensic purposes.

Secure development

Secure development
Approach to secure software development best practice Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Separation between users

Separation between users
Virtualisation technology used to keep applications and users sharing the same infrastructure apart No

Energy efficiency

Energy efficiency
Energy-efficient datacentres Yes

Pricing

Pricing
Price £1000 per device per year
Discount for educational organisations No
Free trial available No

Documents

Documents
Pricing document View uploaded document
Skills Framework for the Information Age rate card View uploaded document
Terms and conditions document View uploaded document
Return to top ↑