Ixis IT Limited

Web Application Firewall (WAF) and Intrusion Prevention System (IPS)

A Website Application Firewall (WAF) & Intrusion Prevention System (IPS) which provides advanced Distributed Denial of Service (DDoS) protection with layer 3/4/7 network protection.

Features

  • A weekly report for each of your site(s)
  • Content Delivery Network (flat rate bandwidth)
  • Web Application Firewall (WAF)
  • Intrusion Prevention System (IPS)
  • SSL Certificate support
  • PCI compliant firewall protection

Benefits

  • DDoS attack prevention
  • Brute force attack prevention
  • Protection form exploiting known software vulnerabilities
  • Continuous malware & hack scanning with automatic alerting upon detection
  • Free SSL certificate included for 1 domain

Pricing

£660 per unit per year

Service documents

G-Cloud 10

729919035027572

Ixis IT Limited

Dan Pala

01925320041

quotes@ixis.co.uk

Service scope

Service scope
Service constraints No
System requirements
  • Public hosted website
  • Drupal module for purging cache must be installed
  • Ability to configure your domain DNS record

User support

User support
Email or online ticketing support Yes, at extra cost
Support response times 30 minutes for critical.
2 Hour response for non-critical problems.
User can manage status and priority of support tickets Yes
Online ticketing support accessibility None or don’t know
Phone support Yes
Phone support availability 9 to 5 (UK time), Monday to Friday
Web chat support No
Onsite support No
Support levels .
Support available to third parties No

Onboarding and offboarding

Onboarding and offboarding
Getting started We provide on-boarding support to assist with the DNS change to add the WAF to your live website.

Additional support can be provided for configuring the Drupal CMS with a dedicated module to enable automated cache clearing in the CDN.
Service documentation Yes
Documentation formats HTML
End-of-contract data extraction There is no data to extract from the service.
End-of-contract process You must point your DNS away from the service and change it to point directly at your new CDN or the host server.

We will assist in the information needed for re-pointing DNS.

Using the service

Using the service
Web browser interface No
API Yes
What users can and can't do using the API Dashboard metrics, Scanning, and CDN all provide their own API endpoints over HTTP

Documentation for the APIs can be found from the dashboard once logged in to the service.
API automation tools
  • Ansible
  • Chef
  • OpenStack
  • Puppet
  • Other
API documentation Yes
API documentation formats HTML
Command line interface No

Scaling

Scaling
Scaling available Yes
Scaling type Automatic
Independence of resources The cloud proxy content delivery network (CDN) provides performance optimisation by caching content so that the destination server doesn't get reached.
Usage notifications No

Analytics

Analytics
Infrastructure or application metrics Yes
Metrics types
  • HTTP request and response status
  • Network
  • Other
Other metrics
  • Blocked network attacks
  • Visitors browsers used to access url
  • Types of devices used to access url
  • Caching status of CDN
  • HTTP version used to access url
  • Average Traffic per Hour
  • Traffic by Country (Top 10)
Reporting types
  • API access
  • Real-time dashboards
  • Regular reports

Resellers

Resellers
Supplier type Reseller providing extra support
Organisation whose services are being resold Sucuri

Staff security

Staff security
Staff security clearance Staff screening not performed
Government security clearance None

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations
  • United Kingdom
  • European Economic Area (EEA)
  • Other locations
User control over data storage and processing locations No
Datacentre security standards Supplier-defined controls
Penetration testing frequency Never
Protecting data at rest Other
Other data at rest protection approach Only anonymous visitor data is collected.
Data sanitisation process No
Equipment disposal approach A third-party destruction service

Backup and recovery

Backup and recovery
Backup and recovery No

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks TLS (version 1.2 or above)
Data protection within supplier network TLS (version 1.2 or above)

Availability and resilience

Availability and resilience
Guaranteed availability 99.5% availability with monitoring every 30 minutes 24/7/365

Threat mitigation from immediate to 4 hrs response depending on severity
Approach to resilience The WAF runs on a Globally Distributed Anycast Network (GDAN). The GDAN configuration allows for high availability and redundancy in the event of any failures in the network. There are currently six Points of Presence (PoP) around the globe.
Outage reporting Alerts are available as email, RSS, Slack notifications, SMS or Twitter private direct messages.

Identity and authentication

Identity and authentication
User authentication
  • 2-factor authentication
  • Username or password
Access restrictions in management interfaces and support channels All services are restricted access requiring either a username and password of 2fa.
Access restriction testing frequency At least once a year
Management access authentication
  • 2-factor authentication
  • Username or password
Devices users manage the service through Directly from any device which may also be used for normal business (for example web browsing or viewing external email)

Audit information for users

Audit information for users
Access to user activity audit information No audit information available
Access to supplier activity audit information No audit information available
How long system logs are stored for Less than 1 month

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification Yes
Who accredited the ISO/IEC 27001 Alcumus ISOQAR
ISO/IEC 27001 accreditation date 27/04/2018
What the ISO/IEC 27001 doesn’t cover Working in secure areas (11.1.5)
ISO 28000:2007 certification No
CSA STAR certification No
PCI certification No
Other security certifications Yes
Any other security certifications Cyber Essentials

Security governance

Security governance
Named board-level person responsible for service security No
Security governance certified No
Security governance approach .
Information security policies and processes Supplier defined

Operational security

Operational security
Configuration and change management standard Supplier-defined controls
Configuration and change management approach All components of the service both CDN and WAF are tracked and updated annually or as deemed necessary to reduce security threats.

Changes are assessed for their impact and risk, and a process of continual identification, monitoring and review of the levels of IT services specified in the SLA ensure that quality is maintained. All changes are implemented through a version-controlled configuration management system and progress through a series of automated and manual testing steps before being applied to the 'live' infrastructure. This systematic approach ensures that changes to services are reviewed, tested, approved and communicated.
Vulnerability management type Undisclosed
Vulnerability management approach Monitoring takes place 24/7 every 30 minutes with patches deployed within 4hrs of a potential threat being detected.
Protective monitoring type Undisclosed
Protective monitoring approach 24/7/365 monitoring is provided and incidents are responded to within 30 minutes.
Incident management type Undisclosed
Incident management approach We have established practices for managing and recovering from incidents, and restoring a secure service.

Users report by phone / email or raising a ticket on our partner portal.

Incident reports are provided by ticket - with root cause analysis where needed.

Secure development

Secure development
Approach to secure software development best practice Supplier-defined process

Separation between users

Separation between users
Virtualisation technology used to keep applications and users sharing the same infrastructure apart No

Energy efficiency

Energy efficiency
Energy-efficient datacentres Yes

Pricing

Pricing
Price £660 per unit per year
Discount for educational organisations No
Free trial available No

Documents

Documents
Pricing document View uploaded document
Terms and conditions document View uploaded document
Return to top ↑