Ixis IT Limited

Web Application Firewall (WAF) and Intrusion Prevention System (IPS)

A Website Application Firewall (WAF) & Intrusion Prevention System (IPS) which provides advanced Distributed Denial of Service (DDoS) protection with layer 3/4/7 network protection.

Features

  • OWASP Top 10 Threats protection
  • Protection from SQL Injection attacks
  • Web Application Firewall (WAF)
  • Intrusion Prevention System (IPS)
  • SSL Certificate support
  • PCI compliant firewall protection
  • Cross-site Scripting protection
  • Control and limiting for Automated Traffic (Bots)
  • Custom rules and limits
  • Web Acceleration (CDN)

Benefits

  • DDoS attack prevention
  • Brute force attack prevention
  • Protection form exploiting known software vulnerabilities
  • Free SSL certificate included for 1 domain

Pricing

£660 to £30000 per unit per year

  • Education pricing available

Service documents

Framework

G-Cloud 11

Service ID

5 2 0 7 0 0 2 1 5 5 3 1 5 4 8

Contact

Ixis IT Limited

Dan Pala

01925320041

quotes@ixis.co.uk

Service scope

Service constraints
No
System requirements
  • Public hosted website
  • Drupal module for purging cache must be installed
  • Ability to configure your domain DNS record

User support

Email or online ticketing support
Email or online ticketing
Support response times
Standard office hours 9-5pm Monday to Friday (UK time)

P1- Urgent = 30 Minute response time Target to restore service in 2 hours

P2 - High = Respond within 2 hours Target to restore service in 4 hours

P3 - Medium = Respond within 4 hours Target to restore service in 2 working days

P4 - Low = Respond within 2 working days Resolution to be discussed

P5 - Low = To be discussed and agreed
User can manage status and priority of support tickets
Yes
Online ticketing support accessibility
None or don’t know
Phone support
Yes
Phone support availability
9 to 5 (UK time), Monday to Friday
Web chat support
No
Onsite support
Yes, at extra cost
Support levels
.
Support available to third parties
Yes

Onboarding and offboarding

Getting started
We provide on-boarding support to assist with the DNS change to add the WAF to your live website.

Additional support can be provided for configuring the Drupal CMS with a dedicated module to enable automated cache clearing in the CDN.
Service documentation
Yes
Documentation formats
  • HTML
  • ODF
  • PDF
End-of-contract data extraction
There is no data to extract from the service.
End-of-contract process
You must point your DNS away from the service and change it to point directly at your new CDN or the host server.

We will assist in the information needed for re-pointing DNS.

Using the service

Web browser interface
No
API
Yes
What users can and can't do using the API
Dashboard metrics, Scanning, and CDN all provide their own API endpoints over HTTP

Documentation for the APIs can be found from the dashboard once logged in to the service.
API automation tools
  • Ansible
  • Chef
  • OpenStack
  • Puppet
  • Other
API documentation
Yes
API documentation formats
HTML
Command line interface
No

Scaling

Scaling available
Yes
Scaling type
Automatic
Independence of resources
The cloud proxy web acceleration service (CDN) provides performance optimisation by caching content so that the destination server doesn't get reached.
Usage notifications
No

Analytics

Infrastructure or application metrics
Yes
Metrics types
  • HTTP request and response status
  • Network
  • Other
Other metrics
  • Blocked network attacks
  • Visitors browsers used to access url
  • Types of devices used to access url
  • Caching status of CDN
  • HTTP version used to access url
  • Average Traffic per Hour
  • Traffic by Country (Top 10)
Reporting types
  • API access
  • Real-time dashboards
  • Regular reports

Resellers

Supplier type
Reseller providing extra support
Organisation whose services are being resold
Stackpath

Staff security

Staff security clearance
Staff screening not performed
Government security clearance
None

Asset protection

Knowledge of data storage and processing locations
Yes
Data storage and processing locations
  • United Kingdom
  • European Economic Area (EEA)
  • Other locations
User control over data storage and processing locations
No
Datacentre security standards
Supplier-defined controls
Penetration testing frequency
Never
Protecting data at rest
Other
Other data at rest protection approach
Only anonymous visitor data is collected.
Data sanitisation process
No
Equipment disposal approach
A third-party destruction service

Backup and recovery

Backup and recovery
No

Data-in-transit protection

Data protection between buyer and supplier networks
TLS (version 1.2 or above)
Data protection within supplier network
TLS (version 1.2 or above)

Availability and resilience

Guaranteed availability
99.99% uptime

Threat mitigation from immediate to 4 hrs response depending on severity
Approach to resilience
The WAF runs on a Globally Distributed Anycast Network (GDAN). The GDAN configuration allows for high availability and redundancy in the event of any failures in the network. There are currently six Points of Presence (PoP) around the globe.
Outage reporting
Alerts are available as email, RSS, Slack notifications, SMS or Twitter private direct messages.

Identity and authentication

User authentication
  • 2-factor authentication
  • Username or password
Access restrictions in management interfaces and support channels
All services are restricted access requiring either a username and password of 2fa.
Access restriction testing frequency
At least once a year
Management access authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Dedicated link (for example VPN)
  • Username or password
Devices users manage the service through
Directly from any device which may also be used for normal business (for example web browsing or viewing external email)

Audit information for users

Access to user activity audit information
No audit information available
Access to supplier activity audit information
No audit information available
How long system logs are stored for
Less than 1 month

Standards and certifications

ISO/IEC 27001 certification
Yes
Who accredited the ISO/IEC 27001
Alcumus ISOQAR
ISO/IEC 27001 accreditation date
27/04/2018
What the ISO/IEC 27001 doesn’t cover
Working in secure areas (11.1.5)
ISO 28000:2007 certification
No
CSA STAR certification
No
PCI certification
No
Other security certifications
Yes
Any other security certifications
Cyber Essentials

Security governance

Named board-level person responsible for service security
No
Security governance certified
No
Security governance approach
.
Information security policies and processes
Supplier defined

Operational security

Configuration and change management standard
Supplier-defined controls
Configuration and change management approach
All components of the service both CDN and WAF are tracked and updated annually or as deemed necessary to reduce security threats.

Changes are assessed for their impact and risk, and a process of continual identification, monitoring and review of the levels of IT services specified in the SLA ensure that quality is maintained. All changes are implemented through a version-controlled configuration management system and progress through a series of automated and manual testing steps before being applied to the 'live' infrastructure. This systematic approach ensures that changes to services are reviewed, tested, approved and communicated.
Vulnerability management type
Undisclosed
Vulnerability management approach
Monitoring takes place 24/7 every 30 minutes with patches deployed within 4hrs of a potential threat being detected.
Protective monitoring type
Undisclosed
Protective monitoring approach
24/7/365 monitoring is provided and incidents are responded to within 30 minutes.
Incident management type
Undisclosed
Incident management approach
We have established practices for managing and recovering from incidents, and restoring a secure service.

Users report by phone / email or raising a ticket on our partner portal.

Incident reports are provided by ticket - with root cause analysis where needed.

Secure development

Approach to secure software development best practice
Supplier-defined process

Separation between users

Virtualisation technology used to keep applications and users sharing the same infrastructure apart
No

Energy efficiency

Energy-efficient datacentres
Yes
Description of energy efficient datacentres
We use Amazon Web Services datacentres which adhere to the EU Code of Conduct for Energy Efficient datacentres

Pricing

Price
£660 to £30000 per unit per year
Discount for educational organisations
Yes
Free trial available
No

Service documents

Return to top ↑