Gradian Systems Ltd

Broadcom/Symantec Web Isolation

Symantec Web Isolation cloud service provides an isolation layer that protects users from threats from uncategorized websites or URLs with potentially unsafe risk profiles. Web isolation eliminates web threats and solves the challenge of providing secured access to the uncategorized and potentially risky web.


  • Prevents any website code from being executed on user's devices
  • Provides a transparent and seamless user experience
  • Available as a cloud service, on-premises, or a hybrid
  • Access web documents through isolation
  • Simple integration with Symantec Secure Web Gateways


  • Isolate web browsing of privileged users
  • Provide users with a seamless web browsing experience
  • Prevent users from submitting corporate passwords


£52.58 a user

  • Free trial available

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at Tell them what format you need. It will help if you say what assistive technology you use.


G-Cloud 12

Service ID

3 0 2 0 0 3 2 6 5 0 4 9 5 9 0


Gradian Systems Ltd Ciaran O'Rourke
Telephone: 07770 377 936

Service scope

Software add-on or extension
Yes, but can also be used as a standalone service
What software services is the service an extension to
Endpoint Detection and Response (EDR) - Global Intelligence Network (GIN): - IT Management Suite - Cyber Security Services: - Web Security Service (proxy cloud) - Symantec Endpoint Protection Mobile
Cloud deployment model
Public cloud
Service constraints
No system requirements (managed cloud service).
System requirements
  • Client Workstation and Server : windows and Mac OS
  • Management Console OS Windows 2008 64 bit & R2
  • Management Console OS Windows Windows 2012 Windows 2016
  • Web Browser supported: Internet Explorer 11 Mozilla Firefox 5
  • Web Browser supported: Google Chrome 66 Microsoft Edge
  • Virtual Environments - Microsoft Azure - Amazon WorkSpaces
  • Virtual Environments VMware ESX 2.5 VMware ESXi 4.1 - 5.5
  • Virtual Environments Microsoft Virtual Server and Hyper V
  • Windows Hardware 32/64 -bit processor
  • Mac Hardware 64-bit Intel Core 2 Duo or later

User support

Email or online ticketing support
Email or online ticketing
Support response times
Please see Gradian's Support Guide attached.
User can manage status and priority of support tickets
Online ticketing support accessibility
None or don’t know
Phone support
Phone support availability
24 hours, 7 days a week
Web chat support
Onsite support
Support levels
Please see Gradian's Support Guide attached.
Support available to third parties

Onboarding and offboarding

Getting started
Gradian possess the skills and support to configure, deploy, support and run this service on your behalf. These services can be found under Gradian's Professional Service and Gradian's Managed Configuration Service. Alternatve support options can be found under Gradian's Technical Account Service Plan (T.A.S.P) and Gradian Support for Symantec Products.
Service documentation
Documentation formats
Other documentation formats
End-of-contract data extraction
Data can be exported via REST APIs or through the portal.
End-of-contract process
The service is terminated should the contract end and all customer data will be securely deleted after the end of the contract. The AWS security process applies for the data decommissioning.

Using the service

Web browser interface
Supported browsers
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
Application to install
Designed for use on mobile devices
Differences between the mobile and desktop service
Currently mobile support in beta stage. Full mobile browser support expected Q2FY20.
Service interface
Description of service interface
Customer can access the Service through a self-service online portal .
Accessibility standards
None or don’t know
Description of accessibility
Customer may configure and manage the Service, access reports, and view data and statistics, through the Portal, when available as part of the Service.
Accessibility testing
What users can and can't do using the API
The backend is accessible via a REST API, which allows to pull logs and the modification of policies.
API documentation
API documentation formats
API sandbox or test environment
Customisation available
Description of customisation
Customers get full access to the administrative portal, meaning they have complete control and can customize policies, block pages etc.


Independence of resources
Each Web Isolation Cloud instance is a fully separate entity provisioned in AWS.


Service usage metrics
Metrics types
Variety of metrics around user statistics, threats detected etc.
Reporting types
  • API access
  • Real-time dashboards
  • Regular reports


Supplier type
Reseller providing extra features and support
Organisation whose services are being resold

Staff security

Staff security clearance
Other security clearance
Government security clearance
Up to Developed Vetting (DV)

Asset protection

Knowledge of data storage and processing locations
Data storage and processing locations
  • United Kingdom
  • European Economic Area (EEA)
  • EU-US Privacy Shield agreement locations
  • Other locations
User control over data storage and processing locations
Datacentre security standards
Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency
At least every 6 months
Penetration testing approach
Another external penetration testing organisation
Protecting data at rest
Physical access control, complying with SSAE-16 / ISAE 3402
Data sanitisation process
Data sanitisation type
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
Equipment disposal approach
Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data export approach
Data can be exported via REST APIs or through the portal.
Data export formats
  • CSV
  • Other
Other data export formats
  • JSON via API
  • Arcsight via API
  • AWS S3 via API
Data import formats
Other data import formats

Data-in-transit protection

Data protection between buyer and supplier networks
TLS (version 1.2 or above)
Data protection within supplier network
TLS (version 1.2 or above)

Availability and resilience

Guaranteed availability
99.9% Service Availability.
Approach to resilience
Each Web Isolation Cloud instance is provisioned within AWS in at least 2 Availability Zones and Elastic Load Balancing eanbled.
Outage reporting
Reporting for the Service is available through the Portal.

Identity and authentication

User authentication needed
User authentication
Other user authentication
Users are authenticated via SAML.
Access restrictions in management interfaces and support channels
IP based access restrictions.
Access restriction testing frequency
At least every 6 months
Management access authentication
  • Limited access network (for example PSN)
  • Username or password

Audit information for users

Access to user activity audit information
Users have access to real-time audit information
How long user audit data is stored for
Access to supplier activity audit information
Users have access to real-time audit information
How long supplier audit data is stored for
At least 12 months
How long system logs are stored for

Standards and certifications

ISO/IEC 27001 certification
ISO 28000:2007 certification
CSA STAR certification
PCI certification
Other security certifications

Security governance

Named board-level person responsible for service security
Security governance certified
Security governance standards
Other security governance standards
SSAE-18, SOC2 Type2, Privacy Shield and FedRAMP compliance.
Information security policies and processes
All of engineering, from the CTO downward, is highly focused on ensuring security is a part of everything we do. Security controls and checks are build into our SDLC, along with continuous monitoring and scanning.

Operational security

Configuration and change management standard
Supplier-defined controls
Configuration and change management approach
We follow a multi-stage process. Our DevOps process drives change management, including the development cycle, testing, quality assurance and staging, prior to deployment into production deployment.
Vulnerability management type
Supplier-defined controls
Vulnerability management approach
Symantec has a formal process for handling and managing vulnerabilities. For any externally reported issues, Symantec follows the process outlined in ISO 29147, Information technology — Security techniques — Vulnerability disclosure ([ISO/IEC 29147:2014(E)]). Symantec'c Software Security Group works with the impacted team(s) to: Recreate the environment and issue within Symantec’s labs for an expedited resolution. Facilitate a prompt and accurate response. Avoid delays in new Symantec releases.
Protective monitoring type
Supplier-defined controls
Protective monitoring approach
Access to all customer instances is logged and monitored centrally.
Incident management type
Supplier-defined controls
Incident management approach
Symantec’s internal Security Incident Response Plan documents repeatable, industry standard procedures for handling actual cyber threats when they arise. It also provides the necessary engagement and information-sharing processes to allow prompt coordination among all relevant stakeholders, and describes the reporting, communication, containment, investigation, and recovery mechanisms that exist to support a comprehensive end-to-end process flow from threat detection through remediation. The development and implementation of this forward-looking plan supports Symantec’s ultimate mission to its customers, partners, shareholders, and employees as a trusted leader in information security risk management.

Secure development

Approach to secure software development best practice
Supplier-defined process

Public sector networks

Connection to public sector networks


£52.58 a user
Discount for educational organisations
Free trial available
Description of free trial
Available on request.

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at Tell them what format you need. It will help if you say what assistive technology you use.