e2e Secure Cloud Web Gateway Service
Provides users and devices with a trusted web gateway and cloud access broker to secure online business activities and web browsing. Options allow for a complete virtual desktop browsing platform in the cloud, a secure file transfer solution and advanced secure, anonymous, web browsing. Explicit/Transparent Proxy. ADFS and SAML Integration.
Features
- Managed web browsing and connection to internet and web filtering
- Active Directory, ADFS, LDAP, SAML and RADIUS integration
- HTTP, HTTPS, DNS and NTP traffic filtering
- Advanced malware and UTM threat protection
- Detailed reporting down to a per user view of browsing
- Ability to whitelist at user/group/URL/OU/AD/Computer/IP level
- Transparent and Explicit proxy options
- Includes Protective Monitoring services
- Full audit trail with logs kept for 2 years
- Virtual browsing VMs/images for full web-browsing 'brake-out'
Benefits
- Manage user's internet browsing and report on usage
- Maintain existing services and deploy at OFFICIAL SENSITIVE
- Reduce risks of malware, web threats, and other web risks
- Protects organisations from liability issues
- Provides IA compliance with various standards
- Provides effective secure web browsing solution
- Reduce risks of inappropriate web sites being accessed
- Improve productivity by restricted access to business related sites
- Provides Anonymous internet access
- Keeps internet users browsing safe and appropriate
Pricing
£4 to £35 a user a month
- Free trial available
Service documents
Request an accessible format
Framework
G-Cloud 12
Service ID
5 0 3 1 4 6 9 2 1 1 6 7 3 4 2
Contact
e2e-assure Ltd
Mark Peart
Telephone: 01666 860108
Email: mark.peart@e2e-assure.com
Service scope
- Software add-on or extension
- Yes, but can also be used as a standalone service
- What software services is the service an extension to
-
E2e Protective Monitoring and SOC Service
e2e Cloud Connect Service
e2e Managed Private Cloud Infrastructure
e2e Managed Private Cloud Platform - Cloud deployment model
- Private cloud
- Service constraints
- See Service Definition
- System requirements
- See Service Definition
User support
- Email or online ticketing support
- Email or online ticketing
- Support response times
- Dependent on SLA agreed
- User can manage status and priority of support tickets
- No
- Phone support
- Yes
- Phone support availability
- 24 hours, 7 days a week
- Web chat support
- No
- Onsite support
- Yes, at extra cost
- Support levels
- See SLA information in Service Definition
- Support available to third parties
- Yes
Onboarding and offboarding
- Getting started
- See Terms and Conditions
- Service documentation
- Yes
- Documentation formats
- End-of-contract data extraction
- All customer data will be removed. The customer is expected to migrate their own data out of the service prior to the end of the service (if applicable). Optionally we can also migrate the data out of the service (such as historical access logs) on a time and material basis.
- End-of-contract process
- Off-boarding is included with the following scope: all user access will be revoked and any components containing customer data will be removed and securely wiped.
Using the service
- Web browser interface
- No
- Application to install
- Yes
- Compatible operating systems
-
- Android
- IOS
- Linux or Unix
- MacOS
- Windows
- Windows Phone
- Designed for use on mobile devices
- Yes
- Differences between the mobile and desktop service
- None
- Service interface
- No
- API
- No
- Customisation available
- No
Scaling
- Independence of resources
- Capacity Management and design of cloud systems
Analytics
- Service usage metrics
- Yes
- Metrics types
- Detailed reports including number of Users, connection logs
- Reporting types
-
- Regular reports
- Reports on request
Resellers
- Supplier type
- Not a reseller
Staff security
- Staff security clearance
- Conforms to BS7858:2012
- Government security clearance
- Up to Developed Vetting (DV)
Asset protection
- Knowledge of data storage and processing locations
- Yes
- Data storage and processing locations
- United Kingdom
- User control over data storage and processing locations
- No
- Datacentre security standards
- Complies with a recognised standard (for example CSA CCM version 3.0)
- Penetration testing frequency
- At least once a year
- Penetration testing approach
- ‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
- Protecting data at rest
-
- Physical access control, complying with CSA CCM v3.0
- Physical access control, complying with SSAE-16 / ISAE 3402
- Encryption of all physical media
- Scale, obfuscating techniques, or data storage sharding
- Data sanitisation process
- Yes
- Data sanitisation type
- Explicit overwriting of storage before reallocation
- Equipment disposal approach
- Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001
Data importing and exporting
- Data export approach
- N/a
- Data export formats
- CSV
- Data import formats
- CSV
Data-in-transit protection
- Data protection between buyer and supplier networks
-
- TLS (version 1.2 or above)
- IPsec or TLS VPN gateway
- Data protection within supplier network
-
- TLS (version 1.2 or above)
- IPsec or TLS VPN gateway
Availability and resilience
- Guaranteed availability
- See Service Description
- Approach to resilience
- All e2e services operated from UK datacentres in three regions (England, Scotland and Wales) with multiple power and Internet Service Providers to ensure resilience. Individual service resilience may be dependent upon the Service Level that is ordered for each service.
- Outage reporting
- An incident management and response process will be agreed with each customer with email and phone alerting processes as required.
Identity and authentication
- User authentication needed
- No
- Access restrictions in management interfaces and support channels
- If required, support channels will agree processes for authenticating users including names users/account and the use of agreed passcodes.
- Access restriction testing frequency
- At least once a year
- Management access authentication
- 2-factor authentication
Audit information for users
- Access to user activity audit information
- No audit information available
- Access to supplier activity audit information
- Users contact the support team to get audit information
- How long supplier audit data is stored for
- At least 12 months
- How long system logs are stored for
- At least 12 months
Standards and certifications
- ISO/IEC 27001 certification
- Yes
- Who accredited the ISO/IEC 27001
- BSI - Certificate Number 620531
- ISO/IEC 27001 accreditation date
- Up to date and current since we first achieved ISO27001:2013 on 17/07/2015
- What the ISO/IEC 27001 doesn’t cover
- The whole organisation and all services are covered
- ISO 28000:2007 certification
- No
- CSA STAR certification
- No
- PCI certification
- No
- Other security certifications
- Yes
- Any other security certifications
-
- Cyber Essentials Plus - November 2nd, 2017
- Police Assured Secure Facilities (PASF) for DCs and e2e Management
- Classified Material Assessment Toolkit (CMAT) inspections at DCs
Security governance
- Named board-level person responsible for service security
- Yes
- Security governance certified
- Yes
- Security governance standards
- ISO/IEC 27001
- Information security policies and processes
- This is detailed in our ISO 27001:2013 documentation and a full RMADS for all services
Operational security
- Configuration and change management standard
- Supplier-defined controls
- Configuration and change management approach
- All changes are documented and managed via the internal ticket system. A Separate test environment is used to ensure changes tested prior to being applied to the ‘live environment’. All changes reviewed and approved by appropriate senior staff prior to implementation to ensure they do not compromise security controls.
- Vulnerability management type
- Supplier-defined controls
- Vulnerability management approach
-
All services are assess as a part of the e2e Accreditation Framework with a full IS1/2 risk assessment provided as part of the RMADS.
e2e provide comprehensive and detailed protective monitoring services independently for customer environments and all service offerings.
Critical security patches are typically deployed within 8 hours.
e2e
As well as ingesting intelligence which is used by our toolsets and rules engines, threat intelligence is can also be consumed from CERT-UK, CiSP, other Service Providers and from the NCSC. - Protective monitoring type
- Supplier-defined controls
- Protective monitoring approach
-
E2e provide comprehensive and detailed protective monitoring services independently for customer environments and all service offerings. The capability provides a comprehensive set of tool-sets to proactively defend customers and services; This includes:
Proactive Cyber Defence and Enterprise Risk Management
Integrated Enterprise wide coverage with Flexible Log Management, Network Discovery, Asset Management, Traffic Flow Analysis
NIDS, Packet Capture, Packet Analysis, Internal and External Vulnerability scanning,
Threat Intelligence and Proactive Incident Response.
All incidents will follow a predefined incident response playbook with fully automated and manual response actions. Typical response time is 15 minutes. - Incident management type
- Supplier-defined controls
- Incident management approach
- E2e have a range of operational service levels that can be provided to customers. These range from carrying out initial triage and incident prioritisation through to full Incident Management. e2e can run Incident Response through to conclusion should that be required by its customers. Reporting of incidents can be though email or phone and depneding upon the service, email reports can be provided or access to the on line ticketing and incident portal is provided.
Secure development
- Approach to secure software development best practice
- Supplier-defined process
Public sector networks
- Connection to public sector networks
- No
Pricing
- Price
- £4 to £35 a user a month
- Discount for educational organisations
- No
- Free trial available
- Yes
- Description of free trial
- The Web Gateway Service is available for trials for up to 200 users/device up to 2 months.