USP Secure Entry Server® is a comprehensive Web Access Management solution. An advanced WAF securing web applications and portals from cyber-attacks, uniquely combined with context based Multi-factor user-authentication, Web SSO and Federation.
AWS images available for deployment within your Private Cloud, along with fully managed operational support, direct from USP.
- Web Application Firewall with advanced web and webservice security features
- Reverse Proxy with extended protocol support and Secure Session Management
- Dynamic Whitelisting and Blacklisting including geolocation IP-reputation based access control
- Anomaly detection, real time analytics and reporting dashboard
- Multi-factor authentication (tokens, mobile, biometric)
- Context (Risk) based web user authentication with fine-grained authorization enforcement
- Web user Single Sign-On. LDAP and legacy application integration
- Federation (SAML, Kerberos and openID Connect support)
- DDOS mitigation and out-of-box SIEM / Monitoring Integration
- Fully managed operational service on demand
- Easy all-in-one solution management covering WAF, Authentication, Federation
- Activate Turn-key protection against OWASP Top10 threats and beyond
- Protect even legacy applications with pre-integrated multi-factor authentication
- Implement adaptive access control, including context and risk based factors
- Provide easy-to-use federated identity with universal, vendor-independent solution
- Happier users through single sign-on even in hybrid setups
- Provide easy-to-use federated identity with universal, vendor-independent solution
- Easily integrate High-integrity transaction protection and verification
- Protect privacy by retaining, transforming, omitting, obfuscating data
£279 per instance per month
- Education pricing available
- Free trial available
United Security Providers UK Ltd
|Software add-on or extension||No|
|Cloud deployment model||Hybrid cloud|
|System requirements||8GB RAM, 150 GB Disk or higher|
|Email or online ticketing support||Email or online ticketing|
|Support response times||
Depending on MSA: From Office hours best effort to 4 hours.
Optional Managed Service: 1 hour / 2 hours on weekends.
|User can manage status and priority of support tickets||Yes|
|Online ticketing support accessibility||None or don’t know|
|Phone support availability||24 hours, 7 days a week|
|Web chat support||No|
|Onsite support||Yes, at extra cost|
Depending on concrete MSA we guarantee response times ranging from business hours / best effort up to 4h.
Optional managed service: we have maximum response time of 1 hour during business days and 2 hours at weekends
The costs for support level Business Hours Basic are included in the subscription fee. For extra costs, the customer can upgrade to higher SLA.
In addition to the support levels above, we provide named technical account managers and cloud support engineers based on request.
|Support available to third parties||Yes|
Onboarding and offboarding
Amazon Instance is deployed by USP. Customer receives access to web based management UI in order to configure the services.
We provide onsite training, online training (webinar) and user documentation about the solution.
|End-of-contract data extraction||Relevant data can be exported (configuration or logs) with downloads or in case of logs with automated transfer (for archiving purposes).|
|End-of-contract process||Termination of the service is included. Potential migration to other service is in the reponsability of the customer.|
Using the service
|Web browser interface||Yes|
|Application to install||No|
|Designed for use on mobile devices||Yes|
|Differences between the mobile and desktop service||
If the web applications protected by USP Secure Entry Server® provide a mobile format, there is no difference from our perspective.
Using Mobile Apps might involve other authentication methods compared to web applications, and both can be fully supported by USP Secure Entry Server®.
|Accessibility standards||None or don’t know|
|Description of accessibility||
Controls are named and described in help / documentation.
Tests (in Analysis tools for instance) are described verbally.
The criteria for time based media, sensory support, CAPTCHA are not applicable, as they do not occur in the management UI of the solution.
Likewise there are no elements in the UI for decoration.
As such the most important application points of WCAG 2 Criterion 1.1.1 are supported.
|Description of customisation||
Depending on their needs, customers can use different modules of the functionality.
In case of the authentication, the login process (i.e. flow and used methods) and its look & feel (presented login dialog for instance) is fully customisable.
|Independence of resources||By dedicated instance|
|Service usage metrics||Yes|
Following Statistics are provided:
- overall state of the Appliance and its processes
- System / Network: load, memory usage, disksspace, I/O etc.
- Traffic: requests / sec, throughput, number of errors etc.
- Session Management: concurrent sessions, etc.
|Reporting types||Real-time dashboards|
|Supplier type||Not a reseller|
|Staff security clearance||Other security clearance|
|Government security clearance||Up to Developed Vetting (DV)|
|Knowledge of data storage and processing locations||Yes|
|Data storage and processing locations||
|User control over data storage and processing locations||Yes|
|Datacentre security standards||Managed by a third party|
|Penetration testing frequency||At least once a year|
|Penetration testing approach||In-house|
|Protecting data at rest||
|Other data at rest protection approach||Amazon S3 Server Side Encryption (SSE). This uses one of the strongest block ciphers available – 256-bit Advanced Encryption Standard (AES-256). With Amazon S3 SSE, every protected object is encrypted with a unique encryption key. This object key itself is then encrypted with a regularly rotated master key. Amazon S3 SSE provides additional security by storing the encrypted data and encryption keys in different hosts.|
|Data sanitisation process||Yes|
|Data sanitisation type||
|Equipment disposal approach||A third-party destruction service|
Data importing and exporting
|Data export approach||
Exporting / importing configuration via web management UI.
Logdata either via web management UI or automated transfer.
|Data export formats||CSV|
|Data import formats||Other|
|Other data import formats||
|Data protection between buyer and supplier networks||
|Data protection within supplier network||
Availability and resilience
|Guaranteed availability||The optional managed security service provides several SLA variants between best effort and 99.95% availability. The SLA's including also regulations (penalties) in case of not meeting the guaranteed levels of availability.|
|Approach to resilience||This information is available on request|
|Outage reporting||Outages can be reported in several ways. E.g. in a Dashboard or email alerts.|
Identity and authentication
|User authentication needed||Yes|
|Access restrictions in management interfaces and support channels||Access is restricted by dedicated access (VPN and/or IP restriction) and user authentication. Customer Portal is protected by strong 2 factor authentication.|
|Access restriction testing frequency||At least once a year|
|Management access authentication||
Audit information for users
|Access to user activity audit information||Users have access to real-time audit information|
|How long user audit data is stored for||User-defined|
|Access to supplier activity audit information||Users contact the support team to get audit information|
|How long supplier audit data is stored for||User-defined|
|How long system logs are stored for||User-defined|
Standards and certifications
|ISO/IEC 27001 certification||No|
|ISO 28000:2007 certification||No|
|CSA STAR certification||No|
|Other security accreditations||Yes|
|Any other security accreditations||We regularly execute security audits for ISO 27001 conformity|
|Named board-level person responsible for service security||Yes|
|Security governance accreditation||No|
|Security governance approach||USP is currently in the process of completing ISO27001 certification.|
|Information security policies and processes||USP has implemented information security policies aligned with best practice standards, including regular audits. Further details can be provided to potential clients after signing an NDA.|
|Configuration and change management standard||Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402|
|Configuration and change management approach||
In our managed services all activities and provisions regarding configuration changes of the services are documented and where possible automated. Furthermore we back up all active configurations in order to re-aply them or restore the systems state.
The documentation of the managed service is accessible via a webportal.
The change management process refers to the ongoing control of changes throughout the whole life cycle. To avoid service interruptions and risks, an impact analysis is executed on all change requests.
|Vulnerability management type||Supplier-defined controls|
|Vulnerability management approach||
Both product and managed service is subject to a continuous vulnerabilty scanning process.
We permanently monitor the used components for vulnerabilities and deliver according security patches. New products components are assessed by security specialists.
Vulnerabilities are fixed within a stipulated time-frame, typically we provided security fixes for the products within hours or a few days at the most. We inform customers about critical vulnerabilities with security bulletins.
Information about vulnerabilities we receive from the usual vulnerability data feeds, from the vendors. We also collaborate with governmental institutions.
|Protective monitoring type||Supplier-defined controls|
|Protective monitoring approach||Within the optional managed security service all components are monitored for security events. All logs and message data generated in this way are stored for a fixed period and are available for security audits. All incidents identified by the monitoring process are categorized, correlated and classified as critical or non-critical. It is an ongoing process to supervise and improve the categorization. For each critical event, an alert is raised and sent to the security operation center.|
|Incident management type||Supplier-defined controls|
|Incident management approach||
Yes, we do have pre-defined processes for common events.
Customers interact with us primarily over our digital interface, the customer portal USP Connect.
Reports are provided by direct feed to the customers, i.e. email, portal download.
|Approach to secure software development best practice||Conforms to a recognised standard, but self-assessed|
Public sector networks
|Connection to public sector networks||No|
|Price||£279 per instance per month|
|Discount for educational organisations||Yes|
|Free trial available||Yes|
|Description of free trial||Free Test Licenses for a limited time are available.|
|Pricing document||View uploaded document|
|Terms and conditions document||View uploaded document|