United Security Providers UK Ltd

USP Secure Entry Server® Cloud Appliance

USP Secure Entry Server® is a comprehensive Web Access Management solution. An advanced WAF securing web applications and portals from cyber-attacks, uniquely combined with context based Multi-factor user-authentication, Web SSO and Federation.
AWS images available for deployment within your Private Cloud, along with fully managed operational support, direct from USP.

Features

  • Web Application Firewall with advanced web and webservice security features
  • Reverse Proxy with extended protocol support and Secure Session Management
  • Dynamic Whitelisting and Blacklisting including geolocation IP-reputation based access control
  • Anomaly detection, real time analytics and reporting dashboard
  • Multi-factor authentication (tokens, mobile, biometric)
  • Context (Risk) based web user authentication with fine-grained authorization enforcement
  • Web user Single Sign-On. LDAP and legacy application integration
  • Federation (SAML, Kerberos and openID Connect support)
  • DDOS mitigation and out-of-box SIEM / Monitoring Integration
  • Fully managed operational service on demand

Benefits

  • Easy all-in-one solution management covering WAF, Authentication, Federation
  • Activate Turn-key protection against OWASP Top10 threats and beyond
  • Protect even legacy applications with pre-integrated multi-factor authentication
  • Implement adaptive access control, including context and risk based factors
  • Provide easy-to-use federated identity with universal, vendor-independent solution
  • Happier users through single sign-on even in hybrid setups
  • Provide easy-to-use federated identity with universal, vendor-independent solution
  • Easily integrate High-integrity transaction protection and verification
  • Protect privacy by retaining, transforming, omitting, obfuscating data

Pricing

£279 per instance per month

  • Education pricing available
  • Free trial available

Service documents

G-Cloud 9

781820211217856

United Security Providers UK Ltd

Lincoln Hewett

07415455382

lincoln.hewett@united-security-providers.com

Service scope

Service scope
Software add-on or extension No
Cloud deployment model Hybrid cloud
Service constraints None
System requirements 8GB RAM, 150 GB Disk or higher

User support

User support
Email or online ticketing support Email or online ticketing
Support response times Depending on MSA: From Office hours best effort to 4 hours.
Optional Managed Service: 1 hour / 2 hours on weekends.
User can manage status and priority of support tickets Yes
Online ticketing support accessibility None or don’t know
Phone support Yes
Phone support availability 24 hours, 7 days a week
Web chat support No
Onsite support Yes, at extra cost
Support levels Depending on concrete MSA we guarantee response times ranging from business hours / best effort up to 4h.
Optional managed service: we have maximum response time of 1 hour during business days and 2 hours at weekends

The costs for support level Business Hours Basic are included in the subscription fee. For extra costs, the customer can upgrade to higher SLA.

In addition to the support levels above, we provide named technical account managers and cloud support engineers based on request.
Support available to third parties Yes

Onboarding and offboarding

Onboarding and offboarding
Getting started Amazon Instance is deployed by USP. Customer receives access to web based management UI in order to configure the services.

We provide onsite training, online training (webinar) and user documentation about the solution.
Service documentation Yes
Documentation formats
  • HTML
  • PDF
End-of-contract data extraction Relevant data can be exported (configuration or logs) with downloads or in case of logs with automated transfer (for archiving purposes).
End-of-contract process Termination of the service is included. Potential migration to other service is in the reponsability of the customer.

Using the service

Using the service
Web browser interface Yes
Supported browsers
  • Internet Explorer 7
  • Internet Explorer 8
  • Internet Explorer 9
  • Internet Explorer 10+
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
  • Opera
Application to install No
Designed for use on mobile devices Yes
Differences between the mobile and desktop service If the web applications protected by USP Secure Entry Server® provide a mobile format, there is no difference from our perspective.
Using Mobile Apps might involve other authentication methods compared to web applications, and both can be fully supported by USP Secure Entry Server®.
Accessibility standards None or don’t know
Description of accessibility Controls are named and described in help / documentation.
Tests (in Analysis tools for instance) are described verbally.
The criteria for time based media, sensory support, CAPTCHA are not applicable, as they do not occur in the management UI of the solution.
Likewise there are no elements in the UI for decoration.
As such the most important application points of WCAG 2 Criterion 1.1.1 are supported.
Accessibility testing None
API No
Customisation available Yes
Description of customisation Depending on their needs, customers can use different modules of the functionality.

In case of the authentication, the login process (i.e. flow and used methods) and its look & feel (presented login dialog for instance) is fully customisable.

Scaling

Scaling
Independence of resources By dedicated instance

Analytics

Analytics
Service usage metrics Yes
Metrics types Following Statistics are provided:
- overall state of the Appliance and its processes
- System / Network: load, memory usage, disksspace, I/O etc.
- Traffic: requests / sec, throughput, number of errors etc.
- Session Management: concurrent sessions, etc.
Reporting types Real-time dashboards

Resellers

Resellers
Supplier type Not a reseller

Staff security

Staff security
Staff security clearance Other security clearance
Government security clearance Up to Developed Vetting (DV)

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations
  • United Kingdom
  • European Economic Area (EEA)
  • EU-US Privacy Shield agreement locations
  • Other locations
User control over data storage and processing locations Yes
Datacentre security standards Managed by a third party
Penetration testing frequency At least once a year
Penetration testing approach In-house
Protecting data at rest
  • Physical access control, complying with another standard
  • Other
Other data at rest protection approach Amazon S3 Server Side Encryption (SSE). This uses one of the strongest block ciphers available – 256-bit Advanced Encryption Standard (AES-256). With Amazon S3 SSE, every protected object is encrypted with a unique encryption key. This object key itself is then encrypted with a regularly rotated master key. Amazon S3 SSE provides additional security by storing the encrypted data and encryption keys in different hosts.
Data sanitisation process Yes
Data sanitisation type
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
Equipment disposal approach A third-party destruction service

Data importing and exporting

Data importing and exporting
Data export approach Exporting / importing configuration via web management UI.
Logdata either via web management UI or automated transfer.
Data export formats CSV
Data import formats Other
Other data import formats
  • Certificats for encryption / decryption
  • JSP for customised login flows
  • HTML for customised error messages
  • WSDL and XSD for webservice validation
  • CRLs for revocation

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks
  • Private network or public sector network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Legacy SSL and TLS (under version 1.2)
Data protection within supplier network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

Availability and resilience
Guaranteed availability The optional managed security service provides several SLA variants between best effort and 99.95% availability. The SLA's including also regulations (penalties) in case of not meeting the guaranteed levels of availability.
Approach to resilience This information is available on request
Outage reporting Outages can be reported in several ways. E.g. in a Dashboard or email alerts.

Identity and authentication

Identity and authentication
User authentication needed Yes
User authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Limited access network (for example PSN)
  • Dedicated link (for example VPN)
  • Username or password
Access restrictions in management interfaces and support channels Access is restricted by dedicated access (VPN and/or IP restriction) and user authentication. Customer Portal is protected by strong 2 factor authentication.
Access restriction testing frequency At least once a year
Management access authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Dedicated link (for example VPN)
  • Username or password

Audit information for users

Audit information for users
Access to user activity audit information Users have access to real-time audit information
How long user audit data is stored for User-defined
Access to supplier activity audit information Users contact the support team to get audit information
How long supplier audit data is stored for User-defined
How long system logs are stored for User-defined

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification No
ISO 28000:2007 certification No
CSA STAR certification No
PCI certification No
Other security accreditations Yes
Any other security accreditations We regularly execute security audits for ISO 27001 conformity

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance accreditation No
Security governance approach USP is currently in the process of completing ISO27001 certification.
Information security policies and processes USP has implemented information security policies aligned with best practice standards, including regular audits. Further details can be provided to potential clients after signing an NDA.

Operational security

Operational security
Configuration and change management standard Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Configuration and change management approach In our managed services all activities and provisions regarding configuration changes of the services are documented and where possible automated. Furthermore we back up all active configurations in order to re-aply them or restore the systems state.
The documentation of the managed service is accessible via a webportal.

The change management process refers to the ongoing control of changes throughout the whole life cycle. To avoid service interruptions and risks, an impact analysis is executed on all change requests.
Vulnerability management type Supplier-defined controls
Vulnerability management approach Both product and managed service is subject to a continuous vulnerabilty scanning process.

We permanently monitor the used components for vulnerabilities and deliver according security patches. New products components are assessed by security specialists.

Vulnerabilities are fixed within a stipulated time-frame, typically we provided security fixes for the products within hours or a few days at the most. We inform customers about critical vulnerabilities with security bulletins.

Information about vulnerabilities we receive from the usual vulnerability data feeds, from the vendors. We also collaborate with governmental institutions.
Protective monitoring type Supplier-defined controls
Protective monitoring approach Within the optional managed security service all components are monitored for security events. All logs and message data generated in this way are stored for a fixed period and are available for security audits. All incidents identified by the monitoring process are categorized, correlated and classified as critical or non-critical. It is an ongoing process to supervise and improve the categorization. For each critical event, an alert is raised and sent to the security operation center.
Incident management type Supplier-defined controls
Incident management approach Yes, we do have pre-defined processes for common events.
Customers interact with us primarily over our digital interface, the customer portal USP Connect.
Reports are provided by direct feed to the customers, i.e. email, portal download.

Secure development

Secure development
Approach to secure software development best practice Conforms to a recognised standard, but self-assessed

Public sector networks

Public sector networks
Connection to public sector networks No

Pricing

Pricing
Price £279 per instance per month
Discount for educational organisations Yes
Free trial available Yes
Description of free trial Free Test Licenses for a limited time are available.

Documents

Documents
Pricing document View uploaded document
Terms and conditions document View uploaded document
Return to top ↑