Network and Security Configuration Monitoring
Continuous discovery and monitoring of network infrastructure with comprehensive coverage of network and security standards. Special focus on certificate monitoring and Certificate Transparency. The standards include: DNS, DNSSEC, SMTP, SPF, DMARC, MTA-STS, SSL, TLS, PKI, HTTP, web application security, CSP, HSTS, CAA, security headers, and others.
Features
- Automated discovery of organisation hosts and certificates
- Continuous monitoring of network and security configuration
- Detection of configuration problems affecting security, availability, and performance
- Provides configuration and improvement guidance
- Certificate compliance and correctness analysis
- Monitoring of organisation certificates issued globally
- Keyword monitoring of new hosts and domain names worldwide
- Designed for ease of use and automated operation
- Supports a modern REST-based API
- Provided as a web-based service (SaaS); no installation required
Benefits
- Maintain an up-to-date inventory of all organisation network assets
- Detect internet infrastructure changes (e.g., new hosts or services)
- Identify hosts and applications with configuration problems
- Plan improvements and adoption of security defences
- Track location of each installed certificate and prevent expiration
- Monitor configuration history over time
- Ensure compliance with security policies and standards
- Build a complete inventory of organisation certificates
- Understand third-party library and service dependencies in web applications
Pricing
£99 to £999 a unit a month
- Education pricing available
- Free trial available
Service documents
Request an accessible format
Framework
G-Cloud 11
Service ID
8 5 3 8 3 4 0 2 6 6 7 0 1 6 9
Contact
Hardenize
Ivan Ristic
Telephone: +44 7766508210
Email: ivanr@hardenize.com
Service scope
- Software add-on or extension
- No
- Cloud deployment model
- Public cloud
- Service constraints
- Not applicable
- System requirements
- Web browser access
User support
- Email or online ticketing support
- Email or online ticketing
- Support response times
- We respond within one business day.
- User can manage status and priority of support tickets
- Yes
- Online ticketing support accessibility
- WCAG 2.1 A
- Phone support
- No
- Web chat support
- No
- Onsite support
- No
- Support levels
- We provide a range of support levels depending on the purchased service tier. Lower tiers come with only email support, whereas higher tiers include a dedicated technical account manager as well as a support SLA.
- Support available to third parties
- No
Onboarding and offboarding
- Getting started
- Our focus is on making our platform user friendly so that no training is required to operate it. Further documentation is provided. Higher service tiers may include assisted onboarding and training.
- Service documentation
- Yes
- Documentation formats
-
- HTML
- End-of-contract data extraction
- Export features are provided within the service itself.
- End-of-contract process
- There are no end-of-contract costs.
Using the service
- Web browser interface
- Yes
- Supported browsers
-
- Internet Explorer 11
- Microsoft Edge
- Firefox
- Chrome
- Safari 9+
- Opera
- Application to install
- No
- Designed for use on mobile devices
- No
- Service interface
- No
- API
- Yes
- What users can and can't do using the API
- We provide a modern REST-based API that enables our users to interact with our service as well as receive real-time notifications for integration purposes.
- API documentation
- Yes
- API documentation formats
-
- Open API (also known as Swagger)
- HTML
- API sandbox or test environment
- Yes
- Customisation available
- Yes
- Description of customisation
- The software itself can be configured to suit a range of use-cases.
Scaling
- Independence of resources
- Our platform utilises infrastructure provided by major Cloud providers. We have access to effectively unlimited infrastructure as we need it. Our allocated infrastructure is over-provisioned to ensure sufficient capacity is always available, even when faced with increased demand. We have monitoring in place to detect the need to further expand our capacity.
Analytics
- Service usage metrics
- Yes
- Metrics types
- We keep track of the exact number of network elements of different types that are stored in the customer account.
- Reporting types
- Real-time dashboards
Resellers
- Supplier type
- Not a reseller
Staff security
- Staff security clearance
- Conforms to BS7858:2012
- Government security clearance
- None
Asset protection
- Knowledge of data storage and processing locations
- Yes
- Data storage and processing locations
- EU-US Privacy Shield agreement locations
- User control over data storage and processing locations
- Yes
- Datacentre security standards
- Managed by a third party
- Penetration testing frequency
- At least once a year
- Penetration testing approach
- Another external penetration testing organisation
- Protecting data at rest
-
- Physical access control, complying with CSA CCM v3.0
- Physical access control, complying with SSAE-16 / ISAE 3402
- Physical access control, complying with another standard
- Encryption of all physical media
- Scale, obfuscating techniques, or data storage sharding
- Data sanitisation process
- Yes
- Data sanitisation type
- Explicit overwriting of storage before reallocation
- Equipment disposal approach
- Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001
Data importing and exporting
- Data export approach
- Export function is available within the service.
- Data export formats
- CSV
- Data import formats
- CSV
Data-in-transit protection
- Data protection between buyer and supplier networks
- TLS (version 1.2 or above)
- Data protection within supplier network
-
- TLS (version 1.2 or above)
- IPsec or TLS VPN gateway
Availability and resilience
- Guaranteed availability
- On request, we are happy to provide service level guarantees for all aspects of our operations. This option is available only to higher service tiers.
- Approach to resilience
- We've built our platform in the data centres and on resources provided by major Cloud providers, which provide industry-best resilience. We've incorporated resilience requirements in our design, comprising of a variety of measures including over-provisioning, monitoring, scripted infrastructure, auto-scaling, and so on.
- Outage reporting
- Our public status page shows our availability and key performance metrics. The monitoring is provided by a third-party so that it can be independent from our own infrastructure. The service includes email alerts as an option.
Identity and authentication
- User authentication needed
- Yes
- User authentication
-
- 2-factor authentication
- Username or password
- Access restrictions in management interfaces and support channels
- Each user account is assigned only the privileges it requires. High-value management interfaces can be accessed only from privileged network locations.
- Access restriction testing frequency
- At least once a year
- Management access authentication
-
- 2-factor authentication
- Username or password
- Other
- Description of management access authentication
- Whitelisted IP address ranges.
Audit information for users
- Access to user activity audit information
- Users have access to real-time audit information
- How long user audit data is stored for
- Between 1 month and 6 months
- Access to supplier activity audit information
- Users have access to real-time audit information
- How long supplier audit data is stored for
- Between 1 month and 6 months
- How long system logs are stored for
- At least 12 months
Standards and certifications
- ISO/IEC 27001 certification
- No
- ISO 28000:2007 certification
- No
- CSA STAR certification
- No
- PCI certification
- No
- Other security certifications
- No
Security governance
- Named board-level person responsible for service security
- Yes
- Security governance certified
- No
- Security governance approach
- We're in the process of implementing CSA CCM version 3.0.
- Information security policies and processes
- Our current security policies are modelled against CSA CCM version 3.0, adapted to suit our environment. We continuously monitor the security operations, and refine our policies, pursuing fill standard compliance.
Operational security
- Configuration and change management standard
- Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
- Configuration and change management approach
- We operate full version control and change management for all system components. Changes are assessed for potential security impact at design phase, and then at every step of the implementation and deployment.
- Vulnerability management type
- Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
- Vulnerability management approach
- We have a small attack surface that we monitor for known problems via vendor mailing lists. We path all systems are on a monthly basis. High-severity security flaws are patched immediately after they are tested in our staging environment.
- Protective monitoring type
- Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
- Protective monitoring approach
- We employ comprehensive and continuous monitoring of all our systems, with real-time notifications for faults and unusual behaviour. Logs are collected and retained to support forensics. Incidents are immediately investigated.
- Incident management type
- Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
- Incident management approach
- Our incident management process consists of preparation, detection, remediation, and recovery processes. Potential incidents are detected by our monitoring system and investigated. Our customers can report incidents by opening a support ticket or via the dedicated security email alias. Incident reports are published on our public status page portal.
Secure development
- Approach to secure software development best practice
- Conforms to a recognised standard, but self-assessed
Public sector networks
- Connection to public sector networks
- No
Pricing
- Price
- £99 to £999 a unit a month
- Discount for educational organisations
- Yes
- Free trial available
- Yes
- Description of free trial
- Full functionality provided during a 30-day period. Longer trial periods can be arranged if needed. Our comprehensive single-host assessment is provided free of charge to everyone and without a time limit.
- Link to free trial
- https://www.hardenize.com