Hardenize

Network and Security Configuration Monitoring

Continuous discovery and monitoring of network infrastructure with comprehensive coverage of network and security standards. Special focus on certificate monitoring and Certificate Transparency. The standards include: DNS, DNSSEC, SMTP, SPF, DMARC, MTA-STS, SSL, TLS, PKI, HTTP, web application security, CSP, HSTS, CAA, security headers, and others.

Features

  • Automated discovery of organisation hosts and certificates
  • Continuous monitoring of network and security configuration
  • Detection of configuration problems affecting security, availability, and performance
  • Provides configuration and improvement guidance
  • Certificate compliance and correctness analysis
  • Monitoring of organisation certificates issued globally
  • Keyword monitoring of new hosts and domain names worldwide
  • Designed for ease of use and automated operation
  • Supports a modern REST-based API
  • Provided as a web-based service (SaaS); no installation required

Benefits

  • Maintain an up-to-date inventory of all organisation network assets
  • Detect internet infrastructure changes (e.g., new hosts or services)
  • Identify hosts and applications with configuration problems
  • Plan improvements and adoption of security defences
  • Track location of each installed certificate and prevent expiration
  • Monitor configuration history over time
  • Ensure compliance with security policies and standards
  • Build a complete inventory of organisation certificates
  • Understand third-party library and service dependencies in web applications

Pricing

£99 to £999 per unit per month

Service documents

G-Cloud 11

853834026670169

Hardenize

Ivan Ristic

+44 7766508210

ivanr@hardenize.com

Service scope

Service scope
Software add-on or extension No
Cloud deployment model Public cloud
Service constraints Not applicable
System requirements Web browser access

User support

User support
Email or online ticketing support Email or online ticketing
Support response times We respond within one business day.
User can manage status and priority of support tickets Yes
Online ticketing support accessibility WCAG 2.1 A
Phone support No
Web chat support No
Onsite support No
Support levels We provide a range of support levels depending on the purchased service tier. Lower tiers come with only email support, whereas higher tiers include a dedicated technical account manager as well as a support SLA.
Support available to third parties No

Onboarding and offboarding

Onboarding and offboarding
Getting started Our focus is on making our platform user friendly so that no training is required to operate it. Further documentation is provided. Higher service tiers may include assisted onboarding and training.
Service documentation Yes
Documentation formats
  • HTML
  • PDF
End-of-contract data extraction Export features are provided within the service itself.
End-of-contract process There are no end-of-contract costs.

Using the service

Using the service
Web browser interface Yes
Supported browsers
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
  • Opera
Application to install No
Designed for use on mobile devices No
API Yes
What users can and can't do using the API We provide a modern REST-based API that enables our users to interact with our service as well as receive real-time notifications for integration purposes.
API documentation Yes
API documentation formats
  • Open API (also known as Swagger)
  • HTML
API sandbox or test environment Yes
Customisation available Yes
Description of customisation The software itself can be configured to suit a range of use-cases.

Scaling

Scaling
Independence of resources Our platform utilises infrastructure provided by major Cloud providers. We have access to effectively unlimited infrastructure as we need it. Our allocated infrastructure is over-provisioned to ensure sufficient capacity is always available, even when faced with increased demand. We have monitoring in place to detect the need to further expand our capacity.

Analytics

Analytics
Service usage metrics Yes
Metrics types We keep track of the exact number of network elements of different types that are stored in the customer account.
Reporting types Real-time dashboards

Resellers

Resellers
Supplier type Not a reseller

Staff security

Staff security
Staff security clearance Conforms to BS7858:2012
Government security clearance None

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations EU-US Privacy Shield agreement locations
User control over data storage and processing locations Yes
Datacentre security standards Managed by a third party
Penetration testing frequency At least once a year
Penetration testing approach Another external penetration testing organisation
Protecting data at rest
  • Physical access control, complying with CSA CCM v3.0
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Physical access control, complying with another standard
  • Encryption of all physical media
  • Scale, obfuscating techniques, or data storage sharding
Data sanitisation process Yes
Data sanitisation type Explicit overwriting of storage before reallocation
Equipment disposal approach Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data importing and exporting
Data export approach Export function is available within the service.
Data export formats CSV
Data import formats CSV

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks TLS (version 1.2 or above)
Data protection within supplier network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

Availability and resilience
Guaranteed availability On request, we are happy to provide service level guarantees for all aspects of our operations. This option is available only to higher service tiers.
Approach to resilience We've built our platform in the data centres and on resources provided by major Cloud providers, which provide industry-best resilience. We've incorporated resilience requirements in our design, comprising of a variety of measures including over-provisioning, monitoring, scripted infrastructure, auto-scaling, and so on.
Outage reporting Our public status page shows our availability and key performance metrics. The monitoring is provided by a third-party so that it can be independent from our own infrastructure. The service includes email alerts as an option.

Identity and authentication

Identity and authentication
User authentication needed Yes
User authentication
  • 2-factor authentication
  • Username or password
Access restrictions in management interfaces and support channels Each user account is assigned only the privileges it requires. High-value management interfaces can be accessed only from privileged network locations.
Access restriction testing frequency At least once a year
Management access authentication
  • 2-factor authentication
  • Username or password
  • Other
Description of management access authentication Whitelisted IP address ranges.

Audit information for users

Audit information for users
Access to user activity audit information Users have access to real-time audit information
How long user audit data is stored for Between 1 month and 6 months
Access to supplier activity audit information Users have access to real-time audit information
How long supplier audit data is stored for Between 1 month and 6 months
How long system logs are stored for At least 12 months

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification No
ISO 28000:2007 certification No
CSA STAR certification No
PCI certification No
Other security certifications No

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance certified No
Security governance approach We're in the process of implementing CSA CCM version 3.0.
Information security policies and processes Our current security policies are modelled against CSA CCM version 3.0, adapted to suit our environment. We continuously monitor the security operations, and refine our policies, pursuing fill standard compliance.

Operational security

Operational security
Configuration and change management standard Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Configuration and change management approach We operate full version control and change management for all system components. Changes are assessed for potential security impact at design phase, and then at every step of the implementation and deployment.
Vulnerability management type Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Vulnerability management approach We have a small attack surface that we monitor for known problems via vendor mailing lists. We path all systems are on a monthly basis. High-severity security flaws are patched immediately after they are tested in our staging environment.
Protective monitoring type Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Protective monitoring approach We employ comprehensive and continuous monitoring of all our systems, with real-time notifications for faults and unusual behaviour. Logs are collected and retained to support forensics. Incidents are immediately investigated.
Incident management type Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
Incident management approach Our incident management process consists of preparation, detection, remediation, and recovery processes. Potential incidents are detected by our monitoring system and investigated. Our customers can report incidents by opening a support ticket or via the dedicated security email alias. Incident reports are published on our public status page portal.

Secure development

Secure development
Approach to secure software development best practice Conforms to a recognised standard, but self-assessed

Public sector networks

Public sector networks
Connection to public sector networks No

Pricing

Pricing
Price £99 to £999 per unit per month
Discount for educational organisations Yes
Free trial available Yes
Description of free trial Full functionality provided during a 30-day period. Longer trial periods can be arranged if needed. Our comprehensive single-host assessment is provided free of charge to everyone and without a time limit.
Link to free trial https://www.hardenize.com

Service documents

pdf document: Pricing document pdf document: Skills Framework for the Information Age rate card pdf document: Service definition document pdf document: Terms and conditions
Service documents
Return to top ↑