NETconnection System Ltd

Radware Cloud DDoS Protection Service

Radware’s Cloud DDoS Protection Service defends organisation against today’s most advanced DDoS attacks using advanced behavioural-based detection for both network-layer (L3/4) and application-layer (L7) attacks, automatic real-time signature creation to protect against zero-day attacks, unique SSL DDoS protection and flexible cloud-based and hybrid deployment options to suit every customer.

Features

  • Protection against SSL-based attacks without requiring customer certificates
  • Protection from Burst, Dynamic IP, DNS and other attacks
  • Zero-day protection against network and application layer DDOS attacks
  • Protection against known and unknown threats
  • Behavioural-based detection using advanced, patented machine learning algorithms

Benefits

  • Fullest possible protection against simple and advanced online cyber threats
  • Single pane of glass protection across Cloud and traditional datacentres
  • Immediate protection that is extremely fast to deploy during crisis
  • Low ongoing management overhead into any environment
  • Low false positive rate
  • Fully managed ERT service to deal with attacks 24x7x365

Pricing

£2,200 a unit a month

  • Free trial available

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at tony.brar@netconnection.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 12

Service ID

3 9 7 4 3 9 4 1 5 9 0 0 0 9 2

Contact

NETconnection System Ltd Tony Brar
Telephone: 07725 988546
Email: tony.brar@netconnection.co.uk

Service scope

Software add-on or extension
No
Cloud deployment model
  • Private cloud
  • Hybrid cloud
Service constraints
No
System requirements
  • Provision of valid SSL certificates, if relevant, to customers service
  • Capability to managed DNS records to refer service to platform

User support

Email or online ticketing support
Email or online ticketing
Support response times
Routine Questions are dealt with Next Business Day
User can manage status and priority of support tickets
Yes
Online ticketing support accessibility
None or don’t know
Phone support
Yes
Phone support availability
24 hours, 7 days a week
Web chat support
Web chat
Web chat support availability
24 hours, 7 days a week
Web chat support accessibility standard
None or don’t know
How the web chat support is accessible
Through web service portal.
Web chat accessibility testing
None.
Onsite support
Yes, at extra cost
Support levels
There are SLAs in place for Time-To-Mitigation (5 to 15 Minutes depending on attack type) plus Consistency-Of-Mitigation for DDoS Attacks. The overall platform uptime commitment is 99.999%. There are 24x7 support response SLAs for general systems issues across a number of categories:
Business Critical (30 minutes);
Minor and Major (24 hours); and
Routine configuration changes (Next Business Day).

In additional to general 24x7 support, the overall managed service includes: automatic policy generation, log review, system monitoring, periodical reports, emergency response attack mitigation and access to security experts
Support available to third parties
Yes

Onboarding and offboarding

Getting started
The security administrators of the platforms to come under our protection work through an automated onboarding process which we provide a team to oversee
Service documentation
Yes
Documentation formats
PDF
End-of-contract data extraction
The system holds no customer 'data' it does however contain metadata that they can be extract via our management API.
End-of-contract process
The customer would re-designate their DNS records to point at a new preferred location, the Cloud DDoS instance is closed down at the contract finalisation date,

Using the service

Web browser interface
Yes
Supported browsers
  • Internet Explorer 7
  • Internet Explorer 8
  • Internet Explorer 9
  • Internet Explorer 10
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
  • Opera
Application to install
No
Designed for use on mobile devices
Yes
Differences between the mobile and desktop service
There are no differences
Service interface
Yes
Description of service interface
Accessible via web portal
Accessibility standards
None or don’t know
Description of accessibility
Clients under our Cloud protection service designate their Application's Domain names to point at Radware's Cloud infrastructure
Accessibility testing
None
API
Yes
What users can and can't do using the API
They can integrate our stateful API with SIEM platforms and other logging and alerting apparatus.
API documentation
Yes
API documentation formats
PDF
API sandbox or test environment
No
Customisation available
Yes
Description of customisation
They can configure the management dashboard by shifting widgets to suit their operational preferences.

Scaling

Independence of resources
Each client organisation has their own separate Cloud DDoS instance.

Analytics

Service usage metrics
Yes
Metrics types
Details of throughput of legitimate traffic, malicious traffic and attack types
Reporting types
  • API access
  • Real-time dashboards

Resellers

Supplier type
Reseller providing extra support
Organisation whose services are being resold
Radware

Staff security

Staff security clearance
Other security clearance
Government security clearance
Up to Security Clearance (SC)

Asset protection

Knowledge of data storage and processing locations
Yes
Data storage and processing locations
United Kingdom
User control over data storage and processing locations
Yes
Datacentre security standards
Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency
At least every 6 months
Penetration testing approach
In-house
Protecting data at rest
Physical access control, complying with SSAE-16 / ISAE 3402
Data sanitisation process
Yes
Data sanitisation type
Explicit overwriting of storage before reallocation
Equipment disposal approach
A third-party destruction service

Data importing and exporting

Data export approach
The system holds no customer 'data' it does however contain metadata that they would normally extract via our management API.
Data export formats
CSV
Data import formats
Other
Other data import formats
To SIEM standatd

Data-in-transit protection

Data protection between buyer and supplier networks
Other
Other protection between networks
Our platform passes the data received from internet users onto the customers web applications via regular public internet service by default. The customer could however purchase private line connectivity for the forwarding of data instead of using the internet. Private line connectivity would typically be leveraged for performance reasons as there would not be any security value as the traffic is already coming from internet locations
Data protection within supplier network
Other
Other protection within supplier network
Our platform passes the data received from internet users onto the customers web applications via regular public internet service by default. The customer could however purchase private line connectivity for the forwarding of data instead of using the internet. Private line connectivity would typically be leveraged for performance reasons as there would not be any security value as the traffic is already coming from internet locations

Availability and resilience

Guaranteed availability
Platform uptime 99.999%
Approach to resilience
Radware's Cloud SSoS services operates from +30 POPs globally, each with full redundancy and the ability to failover to another location
Outage reporting
Email notification from the Operations team

Identity and authentication

User authentication needed
No
Access restrictions in management interfaces and support channels
The Management Interface enables various levels of privilege for administrators and support representatives in our client's ICT organisations
Access restriction testing frequency
At least once a year
Management access authentication
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)

Audit information for users

Access to user activity audit information
No audit information available
Access to supplier activity audit information
Users have access to real-time audit information
How long supplier audit data is stored for
User-defined
How long system logs are stored for
User-defined

Standards and certifications

ISO/IEC 27001 certification
Yes
Who accredited the ISO/IEC 27001
QCD
ISO/IEC 27001 accreditation date
08/05/2018
What the ISO/IEC 27001 doesn’t cover
Radware's ISO27001 certification is for Operations of information security, MIS, IT. Its cloud services are certified under ISO 27017.
ISO 28000:2007 certification
No
CSA STAR certification
Yes
CSA STAR accreditation date
28/10/2016
CSA STAR certification level
Level 1: CSA STAR Self-Assessment
What the CSA STAR doesn’t cover
No Exemptions
PCI certification
No
Other security certifications
Yes
Any other security certifications
  • ISO 27002 Information technology Security techniques / Controls
  • ISO 27032 Security Techniques -- Guidelines for Cybersecurity
  • ISO 27017 Information Security for Cloud Services
  • ISO 27018 IS Protection of PII in public clouds
  • US SSAE16 SOC-1 Type II, SOC-2 Type II

Security governance

Named board-level person responsible for service security
Yes
Security governance certified
Yes
Security governance standards
ISO/IEC 27001
Information security policies and processes
"ISO 27001 Information Security Management Systems
ISO 27002 Information technology — Security techniques — Code of practice for security controls
ISO 27032 Security Techniques -- Guidelines for Cybersecurity
ISO 27017 Information Security for Cloud Services
ISO 27018 Information Security Protection of Personally identifiable information (PII) in public clouds
ISO 28000 Specification for Security Management Systems for the Supply Chain
EU GDPR EU General Data Protection Regulation
PCI-DSS v3.1 Payment Card Industry Data Security Standard
HIPPA Health Insurance Portability and Accountability Act
US SSAE16 SOC-1 Type II, SOC-2 Type II"

Operational security

Configuration and change management standard
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Configuration and change management approach
Aligned to ISO, SOC-1, SOC-2 and SSAE-16
Vulnerability management type
Supplier-defined controls
Vulnerability management approach
Periodic vulnerability scanning and patching through our Cloud Services DevOps team. Additional vulnerability scanning is performed after any significant change implementation
Protective monitoring type
Supplier-defined controls
Protective monitoring approach
Fully monitored 24x7 using a specialist DevOps team
Incident management type
Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
Incident management approach
Defined in our internal Security Policy and other internal documentation

Secure development

Approach to secure software development best practice
Supplier-defined process

Public sector networks

Connection to public sector networks
No

Pricing

Price
£2,200 a unit a month
Discount for educational organisations
No
Free trial available
Yes
Description of free trial
Time limited trial

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at tony.brar@netconnection.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.