G-Cloud 11 services are suspended on Digital Marketplace

If you have an ongoing procurement on G-Cloud 11, you must complete it by 18 December 2020. Existing contracts with Hardenize are still valid.
Hardenize

Network and Security Configuration Monitoring

Continuous discovery and monitoring of network infrastructure with comprehensive coverage of network and security standards. Special focus on certificate monitoring and Certificate Transparency. The standards include: DNS, DNSSEC, SMTP, SPF, DMARC, MTA-STS, SSL, TLS, PKI, HTTP, web application security, CSP, HSTS, CAA, security headers, and others.

Features

  • Automated discovery of organisation hosts and certificates
  • Continuous monitoring of network and security configuration
  • Detection of configuration problems affecting security, availability, and performance
  • Provides configuration and improvement guidance
  • Certificate compliance and correctness analysis
  • Monitoring of organisation certificates issued globally
  • Keyword monitoring of new hosts and domain names worldwide
  • Designed for ease of use and automated operation
  • Supports a modern REST-based API
  • Provided as a web-based service (SaaS); no installation required

Benefits

  • Maintain an up-to-date inventory of all organisation network assets
  • Detect internet infrastructure changes (e.g., new hosts or services)
  • Identify hosts and applications with configuration problems
  • Plan improvements and adoption of security defences
  • Track location of each installed certificate and prevent expiration
  • Monitor configuration history over time
  • Ensure compliance with security policies and standards
  • Build a complete inventory of organisation certificates
  • Understand third-party library and service dependencies in web applications

Pricing

£99 to £999 a unit a month

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at ivanr@hardenize.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 11

Service ID

8 5 3 8 3 4 0 2 6 6 7 0 1 6 9

Contact

Hardenize Ivan Ristic
Telephone: +44 7766508210
Email: ivanr@hardenize.com

Service scope

Software add-on or extension
No
Cloud deployment model
Public cloud
Service constraints
Not applicable
System requirements
Web browser access

User support

Email or online ticketing support
Email or online ticketing
Support response times
We respond within one business day.
User can manage status and priority of support tickets
Yes
Online ticketing support accessibility
WCAG 2.1 A
Phone support
No
Web chat support
No
Onsite support
No
Support levels
We provide a range of support levels depending on the purchased service tier. Lower tiers come with only email support, whereas higher tiers include a dedicated technical account manager as well as a support SLA.
Support available to third parties
No

Onboarding and offboarding

Getting started
Our focus is on making our platform user friendly so that no training is required to operate it. Further documentation is provided. Higher service tiers may include assisted onboarding and training.
Service documentation
Yes
Documentation formats
  • HTML
  • PDF
End-of-contract data extraction
Export features are provided within the service itself.
End-of-contract process
There are no end-of-contract costs.

Using the service

Web browser interface
Yes
Supported browsers
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
  • Opera
Application to install
No
Designed for use on mobile devices
No
Service interface
No
API
Yes
What users can and can't do using the API
We provide a modern REST-based API that enables our users to interact with our service as well as receive real-time notifications for integration purposes.
API documentation
Yes
API documentation formats
  • Open API (also known as Swagger)
  • HTML
API sandbox or test environment
Yes
Customisation available
Yes
Description of customisation
The software itself can be configured to suit a range of use-cases.

Scaling

Independence of resources
Our platform utilises infrastructure provided by major Cloud providers. We have access to effectively unlimited infrastructure as we need it. Our allocated infrastructure is over-provisioned to ensure sufficient capacity is always available, even when faced with increased demand. We have monitoring in place to detect the need to further expand our capacity.

Analytics

Service usage metrics
Yes
Metrics types
We keep track of the exact number of network elements of different types that are stored in the customer account.
Reporting types
Real-time dashboards

Resellers

Supplier type
Not a reseller

Staff security

Staff security clearance
Conforms to BS7858:2012
Government security clearance
None

Asset protection

Knowledge of data storage and processing locations
Yes
Data storage and processing locations
EU-US Privacy Shield agreement locations
User control over data storage and processing locations
Yes
Datacentre security standards
Managed by a third party
Penetration testing frequency
At least once a year
Penetration testing approach
Another external penetration testing organisation
Protecting data at rest
  • Physical access control, complying with CSA CCM v3.0
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Physical access control, complying with another standard
  • Encryption of all physical media
  • Scale, obfuscating techniques, or data storage sharding
Data sanitisation process
Yes
Data sanitisation type
Explicit overwriting of storage before reallocation
Equipment disposal approach
Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data export approach
Export function is available within the service.
Data export formats
CSV
Data import formats
CSV

Data-in-transit protection

Data protection between buyer and supplier networks
TLS (version 1.2 or above)
Data protection within supplier network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

Guaranteed availability
On request, we are happy to provide service level guarantees for all aspects of our operations. This option is available only to higher service tiers.
Approach to resilience
We've built our platform in the data centres and on resources provided by major Cloud providers, which provide industry-best resilience. We've incorporated resilience requirements in our design, comprising of a variety of measures including over-provisioning, monitoring, scripted infrastructure, auto-scaling, and so on.
Outage reporting
Our public status page shows our availability and key performance metrics. The monitoring is provided by a third-party so that it can be independent from our own infrastructure. The service includes email alerts as an option.

Identity and authentication

User authentication needed
Yes
User authentication
  • 2-factor authentication
  • Username or password
Access restrictions in management interfaces and support channels
Each user account is assigned only the privileges it requires. High-value management interfaces can be accessed only from privileged network locations.
Access restriction testing frequency
At least once a year
Management access authentication
  • 2-factor authentication
  • Username or password
  • Other
Description of management access authentication
Whitelisted IP address ranges.

Audit information for users

Access to user activity audit information
Users have access to real-time audit information
How long user audit data is stored for
Between 1 month and 6 months
Access to supplier activity audit information
Users have access to real-time audit information
How long supplier audit data is stored for
Between 1 month and 6 months
How long system logs are stored for
At least 12 months

Standards and certifications

ISO/IEC 27001 certification
No
ISO 28000:2007 certification
No
CSA STAR certification
No
PCI certification
No
Other security certifications
No

Security governance

Named board-level person responsible for service security
Yes
Security governance certified
No
Security governance approach
We're in the process of implementing CSA CCM version 3.0.
Information security policies and processes
Our current security policies are modelled against CSA CCM version 3.0, adapted to suit our environment. We continuously monitor the security operations, and refine our policies, pursuing fill standard compliance.

Operational security

Configuration and change management standard
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Configuration and change management approach
We operate full version control and change management for all system components. Changes are assessed for potential security impact at design phase, and then at every step of the implementation and deployment.
Vulnerability management type
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Vulnerability management approach
We have a small attack surface that we monitor for known problems via vendor mailing lists. We path all systems are on a monthly basis. High-severity security flaws are patched immediately after they are tested in our staging environment.
Protective monitoring type
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Protective monitoring approach
We employ comprehensive and continuous monitoring of all our systems, with real-time notifications for faults and unusual behaviour. Logs are collected and retained to support forensics. Incidents are immediately investigated.
Incident management type
Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
Incident management approach
Our incident management process consists of preparation, detection, remediation, and recovery processes. Potential incidents are detected by our monitoring system and investigated. Our customers can report incidents by opening a support ticket or via the dedicated security email alias. Incident reports are published on our public status page portal.

Secure development

Approach to secure software development best practice
Conforms to a recognised standard, but self-assessed

Public sector networks

Connection to public sector networks
No

Pricing

Price
£99 to £999 a unit a month
Discount for educational organisations
Yes
Free trial available
Yes
Description of free trial
Full functionality provided during a 30-day period. Longer trial periods can be arranged if needed. Our comprehensive single-host assessment is provided free of charge to everyone and without a time limit.
Link to free trial
https://www.hardenize.com

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at ivanr@hardenize.com. Tell them what format you need. It will help if you say what assistive technology you use.