Hutchinson Networks Ltd

Fabrix Secure Analytics (Tetration-as-a-Service)

Cloud-hosted Cisco Tetration appliance provides:

• Application Dependency Mapping
• Zero Trust Security Policies
• Security Policy Enforcement
• Actionable Flow Insight

for data centre migration and compliance projects. No hardware costs, OpEx model (price per sensor), UK data sovereignty


  • Application Flow Forensics
  • Application Dependency Mapping
  • Zero Trust Security Policies
  • Security Policy Enforcement
  • Actionable Flow Insight
  • Comprehensive Reporting
  • Collects up to 500,000 events per second
  • Retains data for up to four months
  • Change Impact Analysis


  • Free consultancy and solution design
  • Capture critical workflow information in real time
  • Save up to 70% time spent on application dependency mapping
  • Reduce business risk with security policy automation
  • Monitoring of individual application components ensures PIC-DSS and GDPR compliance
  • Reduce risk with change impact analysis


£15 per server per month

  • Education pricing available
  • Free trial available

Service documents

G-Cloud 10


Hutchinson Networks Ltd

Olga Melnyk

0131 554 3438

Service scope

Service scope
Service constraints No constraints
System requirements No specific requirements, Hutchinson Networks will assist with everything

User support

User support
Email or online ticketing support Email or online ticketing
Support response times 24x7x365 Support available.

Ticket Acknowledged and Investigation Commences:

• Priority 1 (High) - 10 minutes
• Priority 2 (Urgent) - 15 minutes
• Priority 3 (Medium) - 1 hour
• Priority 4 (Low) - 2 hours

Escalation SLA to Subject Matter Expert (SME):
• Priority 1 (High) - 1 hour
• Priority 2 (Urgent) - 2 hours
• Priority 3 (Medium) - 4 hours
• Priority 4 (Low) - 6 hours
User can manage status and priority of support tickets Yes
Online ticketing support accessibility None or don’t know
Phone support Yes
Phone support availability 24 hours, 7 days a week
Web chat support No
Onsite support Yes, at extra cost
Support levels There are standard Support Packages (full information can be provided on request) however support can also be tailored to specific customer requirements (Bespoke Support). The price depends on the package, more information can be provided on request.

Each customer has an Account Manager and a Technical lead assigned to their account, and there is Fabrix Technical team supporting all customers and working closely with 24x7x365 NOC.
Support available to third parties Yes

Onboarding and offboarding

Onboarding and offboarding
Getting started We provide free consultancy to get the requirement and produce free solution design. We provide a proposal detailing the design, hardware/software requirements, engineering level of effort and costs of the solution. We assing a Solutions Architect to lead the pre-sales and implementation of the solution with a team of engineers. Once the solution is deployed and tested, we provide user training and hand the system over to the customer and the HN Support
Service documentation Yes
Documentation formats
  • HTML
  • PDF
  • Other
Other documentation formats
  • Word
  • Excel
End-of-contract data extraction There is no restriction for users to extract their data. When a contract ends (or at any time before), users can either extract their data by themselves or request Hutchinson Networks assistance.
End-of-contract process Customers have an opportunity to renew or terminate their service when the contract ends. HN assists users if they want to leave the Fabrix platform and is happy to work with a new service provider on making the transition as quick and smooth as possible

Using the service

Using the service
Web browser interface No
Command line interface No


Scaling available Yes
Scaling type Manual
Independence of resources Fabrix cloud platform provides multi-tenancy isolation without contention. Fabrix Technical team and 24/7 NOC (Network Operations Centre) receive regular Capacity Reports to make sure the platform scales in a way that doesn't affect the users.
Usage notifications Yes
Usage reporting
  • Email
  • Other


Infrastructure or application metrics Yes
Metrics types
  • Network
  • Other
Other metrics
  • Packet loss
  • Latency
  • Queue length
  • Application process
  • Bandwidth usage
  • Application flow data
  • Application security data
Reporting types
  • Real-time dashboards
  • Regular reports
  • Reports on request


Supplier type Not a reseller

Staff security

Staff security
Staff security clearance Other security clearance
Government security clearance Up to Security Clearance (SC)

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations United Kingdom
User control over data storage and processing locations Yes
Datacentre security standards Supplier-defined controls
Penetration testing frequency At least every 6 months
Penetration testing approach Another external penetration testing organisation
Protecting data at rest
  • Physical access control, complying with another standard
  • Other
Other data at rest protection approach Encryption of the media selected by a user
Data sanitisation process Yes
Data sanitisation type Deleted data can’t be directly accessed
Equipment disposal approach A third-party destruction service

Backup and recovery

Backup and recovery
Backup and recovery No

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks
  • Private network or public sector network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Bonded fibre optic connections
  • Legacy SSL and TLS (under version 1.2)
  • Other
Other protection between networks Other bespoke options
Data protection within supplier network
  • TLS (version 1.2 or above)
  • Legacy SSL and TLS (under version 1.2)
  • Other
Other protection within supplier network Other bespoke options

Availability and resilience

Availability and resilience
Guaranteed availability Fabrix IaaS SLA is 99.95%.

Refund Mechanism:

If Monthly Uptime Percentage is less than 99.95% but equal to or greater than 95.0%, users receive 10% in Service Credits

If Monthly Uptime Percentage is less than 95%, users receive 20% in Service Credits
Approach to resilience Fabrix is fully resilient. More information is available on request.
Outage reporting In an unlikely event of outage, each user receives email notification and information is published on a public dashboard on Fabrix portal.

Identity and authentication

Identity and authentication
User authentication
  • Public key authentication (including by TLS client certificate)
  • Dedicated link (for example VPN)
  • Username or password
Access restrictions in management interfaces and support channels We implement full RBAC (role based access control). More information can be provided on request.
Access restriction testing frequency At least every 6 months
Management access authentication
  • Public key authentication (including by TLS client certificate)
  • Dedicated link (for example VPN)
  • Username or password
Devices users manage the service through
  • Dedicated device on a segregated network (providers own provision)
  • Dedicated device over multiple services or networks
  • Directly from any device which may also be used for normal business (for example web browsing or viewing external email)

Audit information for users

Audit information for users
Access to user activity audit information Users have access to real-time audit information
How long user audit data is stored for At least 12 months
Access to supplier activity audit information Users have access to real-time audit information
How long supplier audit data is stored for At least 12 months
How long system logs are stored for Between 6 months and 12 months

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification No
ISO 28000:2007 certification No
CSA STAR certification No
PCI certification Yes
Who accredited the PCI DSS certification Trustwave Holdings
PCI DSS accreditation date 04/04/2017
What the PCI DSS doesn’t cover Fully compliant
Other security certifications No

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance certified No
Security governance approach In line with ISO 27001 requirements
Information security policies and processes Hutchinson Networks has a documented Information Security Management Policy. The purpose of this document is to outline HN approach to information security management of the Fabrix platform.

It covers the four areas:
• Physical Security
• Network Security
• Server Security
• Logical Data Security

Fabrix is built from the ground up with security in mind, utilising the latest Cisco and F5 technology to ensure logical isolation and all hardware is deployed in ISO27001 UK-based Data Centres.

Full document can be provided on request

Operational security

Operational security
Configuration and change management standard Supplier-defined controls
Configuration and change management approach Hutchinson Networks adopts an agile approach to the configuration and development. Components are tracked through their lifetime via industry leading cloud management platform. Software changes are tracked via GIT. All changes are tried and tested in Staging environment.
Vulnerability management type Supplier-defined controls
Vulnerability management approach We assess potential threats via vendor feeds and pen testing. We deploy patches as and when they are available.
Protective monitoring type Supplier-defined controls
Protective monitoring approach We constantly follow vendor recommendations, conduct known threats analysis, participate in the peer groups and exchange with information about potential compromises and the ways to mitigate them.

In Fabrix, we have perimeter device alerting, built-in anti-DDoS features, 24/7 monitoring with immediate reaction / troubleshooting / escalation.
Incident management type Supplier-defined controls
Incident management approach Hutchinson Networks has a documented Incident Management Policy and Process.

The primary goal of the Incident Management process is to restore normal service operation as quickly as possible and minimize the adverse impact on business operations, thus ensuring that the best possible levels of service quality and availability are maintained.

The full document is available on request.

Secure development

Secure development
Approach to secure software development best practice Conforms to a recognised standard, but self-assessed

Separation between users

Separation between users
Virtualisation technology used to keep applications and users sharing the same infrastructure apart Yes
Who implements virtualisation Supplier
Virtualisation technologies used VMware
How shared infrastructure is kept separate We follow the vendor best practice for multi-tenancy

Energy efficiency

Energy efficiency
Energy-efficient datacentres Yes


Price £15 per server per month
Discount for educational organisations Yes
Free trial available Yes
Description of free trial A 1-month free trial for up to 50 sensors with application dependancy map and report provided to the customer at the end of the trial


Pricing document View uploaded document
Skills Framework for the Information Age rate card View uploaded document
Service definition document View uploaded document
Terms and conditions document View uploaded document
Return to top ↑