Ixis IT Limited

Web Application Firewall (WAF) and Intrusion Prevention System (IPS)

A Website Application Firewall (WAF) & Intrusion Prevention System (IPS) which provides advanced Distributed Denial of Service (DDoS) protection with layer 3/4/7 network protection.


  • OWASP Top 10 Threats protection
  • Protection from SQL Injection attacks
  • Web Application Firewall (WAF)
  • Intrusion Prevention System (IPS)
  • SSL Certificate support
  • PCI compliant firewall protection
  • Cross-site Scripting protection
  • Control and limiting for Automated Traffic (Bots)
  • Custom rules and limits
  • Web Acceleration (CDN)


  • DDoS attack prevention
  • Brute force attack prevention
  • Protection form exploiting known software vulnerabilities
  • Free SSL certificate included for 1 domain


£660 to £30000 per unit per year

  • Education pricing available

Service documents

G-Cloud 11


Ixis IT Limited

Dan Pala



Service scope

Service scope
Service constraints No
System requirements
  • Public hosted website
  • Drupal module for purging cache must be installed
  • Ability to configure your domain DNS record

User support

User support
Email or online ticketing support Email or online ticketing
Support response times Standard office hours 9-5pm Monday to Friday (UK time)

P1- Urgent = 30 Minute response time Target to restore service in 2 hours

P2 - High = Respond within 2 hours Target to restore service in 4 hours

P3 - Medium = Respond within 4 hours Target to restore service in 2 working days

P4 - Low = Respond within 2 working days Resolution to be discussed

P5 - Low = To be discussed and agreed
User can manage status and priority of support tickets Yes
Online ticketing support accessibility None or don’t know
Phone support Yes
Phone support availability 9 to 5 (UK time), Monday to Friday
Web chat support No
Onsite support Yes, at extra cost
Support levels .
Support available to third parties Yes

Onboarding and offboarding

Onboarding and offboarding
Getting started We provide on-boarding support to assist with the DNS change to add the WAF to your live website.

Additional support can be provided for configuring the Drupal CMS with a dedicated module to enable automated cache clearing in the CDN.
Service documentation Yes
Documentation formats
  • HTML
  • ODF
  • PDF
End-of-contract data extraction There is no data to extract from the service.
End-of-contract process You must point your DNS away from the service and change it to point directly at your new CDN or the host server.

We will assist in the information needed for re-pointing DNS.

Using the service

Using the service
Web browser interface No
What users can and can't do using the API Dashboard metrics, Scanning, and CDN all provide their own API endpoints over HTTP

Documentation for the APIs can be found from the dashboard once logged in to the service.
API automation tools
  • Ansible
  • Chef
  • OpenStack
  • Puppet
  • Other
API documentation Yes
API documentation formats HTML
Command line interface No


Scaling available Yes
Scaling type Automatic
Independence of resources The cloud proxy web acceleration service (CDN) provides performance optimisation by caching content so that the destination server doesn't get reached.
Usage notifications No


Infrastructure or application metrics Yes
Metrics types
  • HTTP request and response status
  • Network
  • Other
Other metrics
  • Blocked network attacks
  • Visitors browsers used to access url
  • Types of devices used to access url
  • Caching status of CDN
  • HTTP version used to access url
  • Average Traffic per Hour
  • Traffic by Country (Top 10)
Reporting types
  • API access
  • Real-time dashboards
  • Regular reports


Supplier type Reseller providing extra support
Organisation whose services are being resold Stackpath

Staff security

Staff security
Staff security clearance Staff screening not performed
Government security clearance None

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations
  • United Kingdom
  • European Economic Area (EEA)
  • Other locations
User control over data storage and processing locations No
Datacentre security standards Supplier-defined controls
Penetration testing frequency Never
Protecting data at rest Other
Other data at rest protection approach Only anonymous visitor data is collected.
Data sanitisation process No
Equipment disposal approach A third-party destruction service

Backup and recovery

Backup and recovery
Backup and recovery No

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks TLS (version 1.2 or above)
Data protection within supplier network TLS (version 1.2 or above)

Availability and resilience

Availability and resilience
Guaranteed availability 99.99% uptime

Threat mitigation from immediate to 4 hrs response depending on severity
Approach to resilience The WAF runs on a Globally Distributed Anycast Network (GDAN). The GDAN configuration allows for high availability and redundancy in the event of any failures in the network. There are currently six Points of Presence (PoP) around the globe.
Outage reporting Alerts are available as email, RSS, Slack notifications, SMS or Twitter private direct messages.

Identity and authentication

Identity and authentication
User authentication
  • 2-factor authentication
  • Username or password
Access restrictions in management interfaces and support channels All services are restricted access requiring either a username and password of 2fa.
Access restriction testing frequency At least once a year
Management access authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Dedicated link (for example VPN)
  • Username or password
Devices users manage the service through Directly from any device which may also be used for normal business (for example web browsing or viewing external email)

Audit information for users

Audit information for users
Access to user activity audit information No audit information available
Access to supplier activity audit information No audit information available
How long system logs are stored for Less than 1 month

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification Yes
Who accredited the ISO/IEC 27001 Alcumus ISOQAR
ISO/IEC 27001 accreditation date 27/04/2018
What the ISO/IEC 27001 doesn’t cover Working in secure areas (11.1.5)
ISO 28000:2007 certification No
CSA STAR certification No
PCI certification No
Other security certifications Yes
Any other security certifications Cyber Essentials

Security governance

Security governance
Named board-level person responsible for service security No
Security governance certified No
Security governance approach .
Information security policies and processes Supplier defined

Operational security

Operational security
Configuration and change management standard Supplier-defined controls
Configuration and change management approach All components of the service both CDN and WAF are tracked and updated annually or as deemed necessary to reduce security threats.

Changes are assessed for their impact and risk, and a process of continual identification, monitoring and review of the levels of IT services specified in the SLA ensure that quality is maintained. All changes are implemented through a version-controlled configuration management system and progress through a series of automated and manual testing steps before being applied to the 'live' infrastructure. This systematic approach ensures that changes to services are reviewed, tested, approved and communicated.
Vulnerability management type Undisclosed
Vulnerability management approach Monitoring takes place 24/7 every 30 minutes with patches deployed within 4hrs of a potential threat being detected.
Protective monitoring type Undisclosed
Protective monitoring approach 24/7/365 monitoring is provided and incidents are responded to within 30 minutes.
Incident management type Undisclosed
Incident management approach We have established practices for managing and recovering from incidents, and restoring a secure service.

Users report by phone / email or raising a ticket on our partner portal.

Incident reports are provided by ticket - with root cause analysis where needed.

Secure development

Secure development
Approach to secure software development best practice Supplier-defined process

Separation between users

Separation between users
Virtualisation technology used to keep applications and users sharing the same infrastructure apart No

Energy efficiency

Energy efficiency
Energy-efficient datacentres Yes
Description of energy efficient datacentres We use Amazon Web Services datacentres which adhere to the EU Code of Conduct for Energy Efficient datacentres


Price £660 to £30000 per unit per year
Discount for educational organisations Yes
Free trial available No

Service documents

pdf document: Pricing document pdf document: Skills Framework for the Information Age rate card pdf document: Terms and conditions
Service documents
Return to top ↑