Leidos Innovations UK Limited

Managed Real-Time DDoS Detection and Mitigation

Managed DDoS service is a fully managed DDoS threat detection and mitigation solution utilising Corero's SmartWall Threat Defense System technology which is deployed at the data centre edge to inspect raw Internet traffic for DDoS attacks and cyber threats and subsequently protect downstream critical infrastructure and services.


  • • Line Rate DDoS detection and Mitigation at 30Mpps
  • • Instantanteous detection and mitigation of DDoS security threats
  • • Highly scalable, in 10G increments delivers up to 1TB
  • • 24x7x365 Security Operations Centre
  • • Reporting and analytics web based via a secure portal
  • • Secure Remote setup and management by Corero SoC
  • • Simple Plug and Play installation for self service
  • • Zero false positives leveraging programmable and behavourial analysis
  • • DDoS protection single and multi-vector, L3-L7


  • • Transparent deployment - no network re-configuration
  • • Continouous monitoring of customers network for security threats
  • • Capex cost savings, no requirement in house DDoS
  • • Opex cost savings, Corero provides 100% monitoring and mitigation
  • • Complete protection against a multi-tude of DDoS attacks
  • • Complete reporting and analysis of attack vectors
  • • Try before you buy free trail period


£6000 per gigabyte per month

  • Free trial available

Service documents

G-Cloud 9


Leidos Innovations UK Limited

Morag Young

+44 (0) 333 6000 200


Service scope

Service scope
Service constraints Service Constraints
The Corero Managed DDoS Detection and Mitigation service has the following limitations and exclusions:
• The Service excludes support to security accreditation and testing (including penetration testing)
• The Service excludes visits to Customer sites, including the attendance of service reviews, attendance will be
subject to prior agreement with any expenses incurred recovered from the Customer.
System requirements
  • 1Gbps or 10Gbps network connection - copper or fibre
  • Minimum of 3u rack space in customer DC
  • Separate management LAN
  • Remote connectivity to allow secure connection to SoC

User support

User support
Email or online ticketing support Email or online ticketing
Support response times Corero provides a web, telephone and email Service Desk for all Customers during Core Hours of Service.
Incidents affecting the system(s) being protected by the Service will be assigned a priority. Corero’s incident
management guidelines provide a framework for internal/external notification and issue-resolution activities. Corero
has established a classification structure for incidents based on the severity of the incident.
if you have an attack then you will have engament from the support team in less than 30 mins
User can manage status and priority of support tickets No
Phone support Yes
Phone support availability 9 to 5 (UK time), Monday to Friday
Web chat support No
Onsite support No
Support levels The Managed DDoS Detection and Mitigation service is provided on a 24/7 operational basis
The Support Portal is the Corero web based incident management and tracking system and is a critical resource for support, downloads, technical documentation and other useful information about the Corero products. The Support Portal offers the ability to search an extensive knowledge base, manage incidents and communicate directly with Corero Customer Service engineers. It is the most effective way to resolve support issues and for finding technical
product data.
Support available to third parties Yes

Onboarding and offboarding

Onboarding and offboarding
Getting started Corero provides full installation, configuration and tuning of the solution as a part of the service. Training courses are also provided at additional costs to enable the user to manage the solution if required
Service documentation Yes
Documentation formats
  • HTML
  • PDF
End-of-contract data extraction The removal of the hard disc from the management server, which is the only storage location for customer data within the solution. The disc will be handed to the customer for storage/disposal
End-of-contract process On service termination, Corero will commence a service off-boarding process, including:
• The de-installation of the hardware supplied as a part of the service.
• The removal of the hard disc from the management server, which is the only storage location for customer data within the solution. The disc will be handed to the customer for storage/disposal

Using the service

Using the service
Web browser interface Yes
Using the web interface The Central Management Server (CMS) is a comprehensive and centralized tool for managing all aspects of network protection for your servers and other computing resources that reside inside your organization's firewall. The CMS achieves this through its control of appliance configuration for each site. The CMS enables you to define the server and client profiles, header blocking conditions, and server protection policies that protect your organization's critical infrastructure. In addition, the CMS provides detailed real-time visibility into the traffic entering your network at each step, as it is first observed, assessed for threats, treated for threats, and subsequently allowed to enter protected areas of your network.
Web interface accessibility standard None or don’t know
How the web interface is accessible The interface has been designed with no reliance on fonts or colours
Web interface accessibility testing Internal testing
What users can and can't do using the API The Central Management Server supports the use of a REST API over HTTP for performing configuration and monitoring tasks. You can use a variety of REST tools to exercise the API; the descriptions in this help set center around the UNIX/Linux command line tool, cURL, and the Postman REST client for the Google Chrome web browser.
API automation tools Other
Other API automation tools Any tools that will work with Rest API over HTTP
API documentation Yes
API documentation formats Other
Command line interface Yes
Command line interface compatibility Other
Using the command line interface The CMS provides a JunOS-like command line interface (CLI) that can be used for all configuration
and monitoring tasks.


Scaling available Yes
Scaling type Automatic
Independence of resources Each deployment is individually scaled to specific customer requirements and runs autonomously to deployments for other customers. The only combined infrastructure is for alerts and reporting, where the multi-tenant attributes of the solution provide segregation to ensure both security and integrity.
Usage notifications Yes
Usage reporting
  • API
  • Other


Infrastructure or application metrics Yes
Metrics types Other
Other metrics All critical system metrics are provided trough the CMS
Reporting types API access


Supplier type Reseller providing extra support
Organisation whose services are being resold Corero

Staff security

Staff security
Staff security clearance Staff screening not performed
Government security clearance Up to Baseline Personnel Security Standard (BPSS)

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations United Kingdom
User control over data storage and processing locations Yes
Datacentre security standards Supplier-defined controls
Penetration testing frequency At least once a year
Penetration testing approach In-house
Protecting data at rest Physical access control, complying with another standard
Data sanitisation process Yes
Data sanitisation type Explicit overwriting of storage before reallocation
Equipment disposal approach In-house destruction process

Backup and recovery

Backup and recovery
Backup and recovery Yes
What’s backed up CMS configuration
Backup controls Backed-up CMS configurations are stored in "backup bundles", each of which is a gzipped tar file.
When the backup action is invoked, a backup bundle is created and written to "/var/www/Corero/backup", using a user-specified file name. If a backup bundle already exists when the backup action is invoked, the existing file will be removed before the new bundle is created. The latest backup bundle will always remain until the next backup is made. After the backup has been created, the backup bundle is available for retrieval using HTTP GET.
Datacentre setup Multiple datacentres with disaster recovery
Scheduling backups Users schedule backups through a web interface
Backup recovery Users can recover backups themselves, for example through a web interface

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks Other
Other protection between networks Encrypted connections between Corero SoC and user network.
Web portals are presented for the Central Management System and the SecureWatch Analytics dashboard. Connections to the CMS server will be encrypted using TLSv1.2. An Ephemeral Diffie-Hellman key exchange is used with an AES256 Cipher using the block chaining mode of operation. 256bit keys are present. Sky may use their own Security certificates if they wish. The Central Management System web portal access is encrypted using TLSv1.2 with RSA key exchange and AES 128 Cipher using block chaining.
Data protection within supplier network Other
Other protection within supplier network All data resides within the CMS on the client site and is accessed via secure connections

Availability and resilience

Availability and resilience
Guaranteed availability The 'do no harm' philosophy that underpins the design and development of the solution combined with the resilient topology used in the implementation of the solution, ensures that good traffic always passes unimpeded.
Approach to resilience The deployment of the SmartWall solution includes a zero-voltage bypass function that allows for both optical and electrical bypass of the active component. In the event of a failure, the system will fail safe.
Outage reporting Hardware failures or service degradation alerts are sent via the SecureWatch monitor function to the SoC. SecureWatch analytics will provide details analysis of the alerts and recommend appropriate action.

Identity and authentication

Identity and authentication
User authentication Username or password
Access restrictions in management interfaces and support channels The CMS supports a set of groups that orrespond to essential roles:
admin – Access all aspects of the data models required to manage users, devices, data, etc. This group is intended for administrators who require privileges to define and change all aspects of the configuration. Note that admin users can change passwords for all accounts, including support users.
defense – Configure server defense policies and view configurations, statistics, and reports.
monitor – View configurations, statistics, and reports. No configuration actions are allowed.
Access restriction testing frequency At least once a year
Management access authentication Username or password
Devices users manage the service through Any device but through a bastion host (a bastion host is a server that provides access to a private network from an external network such as the internet)

Audit information for users

Audit information for users
Access to user activity audit information Users have access to real-time audit information
How long user audit data is stored for User-defined
Access to supplier activity audit information Users have access to real-time audit information
How long supplier audit data is stored for User-defined
How long system logs are stored for User-defined

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification Yes
Who accredited the ISO/IEC 27001 NQA
ISO/IEC 27001 accreditation date 7 March 2017
What the ISO/IEC 27001 doesn’t cover The certificate related to the information security management system and not to the products or services of the certified organisation
ISO 28000:2007 certification No
CSA STAR certification No
PCI certification No
Other security accreditations Yes
Any other security accreditations Cyber Essentials Plus

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance accreditation No
Security governance approach Corero conforms to recognised standards for security governance, but does not follow the path through to certification at the present time.
Information security policies and processes Corero conforms to recognised standards for security governance, but does not follow the path through to certification at the present time.

Operational security

Operational security
Configuration and change management standard Supplier-defined controls
Configuration and change management approach Configuration and change management is a collaborative process between Corer and the customer. Processes and authorisation levels are agreed during the on-boarding phase.
Vulnerability management type Supplier-defined controls
Vulnerability management approach Corero conforms to recognised standards for vulnerability management, but does not follow the path through to certification at the present time.
Protective monitoring type Supplier-defined controls
Protective monitoring approach Automated reporting and analytics provided via the SecureWatch application to the SoC ensure both pro-active and reactive timely responses.
Incident management type Supplier-defined controls
Incident management approach Corero provides customers with a Service/Support Portal which allows customer to create and manage their service cases, obtain/download software and documentation as well as search a library of knowledge based articles.

Secure development

Secure development
Approach to secure software development best practice Conforms to a recognised standard, but self-assessed

Separation between users

Separation between users
Virtualisation technology used to keep applications and users sharing the same infrastructure apart No

Energy efficiency

Energy efficiency
Energy-efficient datacentres Yes


Price £6000 per gigabyte per month
Discount for educational organisations No
Free trial available Yes
Description of free trial Can offer a free trial (“Free Trial”) 30 day trial for prospective Customers for the Managed DDoS Detection and Mitigation service. At the end will deliver a report summarising the results . The Free Trial will be implemented by Corero with the required assistance of the customer


Pricing document View uploaded document
Service definition document View uploaded document
Terms and conditions document View uploaded document
Return to top ↑