FullProxy Ltd

F5 Silverline with Shape - Direct / AWS CPPO

Silverline Shape Defense managed by the F5 Silverline Security Operations Center (SOC), prevents large-scale fraud with account takeover protection and much more

Gain world-class application protection with the Shape network:

Advanced AI and Machine-Learning: mitigates fraudulent application requests in real time and allows requests from legitimate humans without additional friction.

Features

  • Account Takeover Protection
  • Built-In Compliance and Reporting Capabilities
  • Comprehensive Attack Protection
  • Hybrid Policy Management and Deployment
  • Receive Expert Policy Building and Monitoring
  • Account Takeover Protection
  • Mitigates Carding Fraud
  • Prevents Inventory Hoarding
  • Stops Scraping
  • Reduces Marketing Fraud

Benefits

  • Ensure application security and compliance
  • Get 24x7x365 expert service
  • Deploy flexibly across hybrid environments
  • Defend with proven security effectiveness
  • Drive operational and cost efficiencies
  • Gain attack insights and intelligence
  • Protects Loyalty Programs

Pricing

£1 a unit

  • Education pricing available
  • Free trial available

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at g-cloud@fullproxy.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 12

Service ID

8 7 8 1 4 5 1 7 4 1 2 6 8 1 0

Contact

FullProxy Ltd Chris Templeton / Ewan Ferguson / Steven Wallace
Telephone: 0141 291 5500
Email: g-cloud@fullproxy.com

Service scope

Software add-on or extension
No
Cloud deployment model
Public cloud
Service constraints
None
System requirements
As a cloud based service there are no system requirements

User support

Email or online ticketing support
Email or online ticketing
Support response times
Response time SLAs are negotiable with the client
User can manage status and priority of support tickets
Yes
Online ticketing support accessibility
None or don’t know
Phone support
Yes
Phone support availability
24 hours, 7 days a week
Web chat support
Yes, at an extra cost
Web chat support availability
24 hours, 7 days a week
Web chat support accessibility standard
None or don’t know
How the web chat support is accessible
N/A
Web chat accessibility testing
N/A
Onsite support
Yes, at extra cost
Support levels
F5 Security Operations Center experts are available 24x7, offering a 99.999% uptime SLA.
Support available to third parties
Yes

Onboarding and offboarding

Getting started
Pre-sales consultancy
Online training
User documentation
Service documentation
Yes
Documentation formats
  • HTML
  • PDF
End-of-contract data extraction
No user data is retained as part of the service.
End-of-contract process
Renewal notice issued 90 days prior to contract end date.

Using the service

Web browser interface
Yes
Supported browsers
  • Internet Explorer 10
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
  • Opera
Application to install
No
Designed for use on mobile devices
Yes
Differences between the mobile and desktop service
The service has been optimised for mobile devices.
Service interface
No
API
Yes
What users can and can't do using the API
Configuration
Analysis
API documentation
Yes
API documentation formats
  • Open API (also known as Swagger)
  • HTML
  • PDF
API sandbox or test environment
Yes
Customisation available
Yes
Description of customisation
User Interface customisation
Role Based Access Control

Scaling

Independence of resources
Unlike other BOT defence services that process traffic symmetrically, degrading the user experience with slow page load times or broken links, Silverline Shape Bot Protection has several asymmetric traffic return mechanisms. These include Layer 2 VPN (L2VPN) technology, allowing high-traffic sites to take advantage of protection without affecting the user experience. Only a fraction of the bandwidth is required to process inbound traffic, ensuring normal delivery of traffic back to your users with the lowest rate of false positives and with maximum performance.

Analytics

Service usage metrics
Yes
Metrics types
Attack volume, Clean bandwidth
Reporting types
  • API access
  • Real-time dashboards
  • Reports on request

Resellers

Supplier type
Reseller providing extra features and support
Organisation whose services are being resold
F5 Networks / NGINX / Shape

Staff security

Staff security clearance
Conforms to BS7858:2012
Government security clearance
Up to Security Clearance (SC)

Asset protection

Knowledge of data storage and processing locations
Yes
Data storage and processing locations
  • United Kingdom
  • European Economic Area (EEA)
  • EU-US Privacy Shield agreement locations
  • Other locations
User control over data storage and processing locations
Yes
Datacentre security standards
Managed by a third party
Penetration testing frequency
At least once a year
Penetration testing approach
Another external penetration testing organisation
Protecting data at rest
Encryption of all physical media
Data sanitisation process
Yes
Data sanitisation type
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
Equipment disposal approach
A third-party destruction service

Data importing and exporting

Data export approach
Download from the Silverline Portal
API
Data export formats
  • CSV
  • Other
Other data export formats
Syslog
Data import formats
Other

Data-in-transit protection

Data protection between buyer and supplier networks
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
Data protection within supplier network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

Guaranteed availability
F5 Silverline: 99.999% Uptime
F5 SOC Availability: 24x7x365
FullProxy Helpdesk Availability: 9am - 5pm, Monday to Friday (excluding Bank Holidays)
Approach to resilience
Available on request
Outage reporting
Email alerts

Identity and authentication

User authentication needed
Yes
User authentication
  • Identity federation with existing provider (for example Google Apps)
  • Username or password
Access restrictions in management interfaces and support channels
Role based access control
Access restriction testing frequency
At least every 6 months
Management access authentication
  • Identity federation with existing provider (for example Google Apps)
  • Username or password

Audit information for users

Access to user activity audit information
Users have access to real-time audit information
How long user audit data is stored for
User-defined
Access to supplier activity audit information
Users have access to real-time audit information
How long supplier audit data is stored for
User-defined
How long system logs are stored for
User-defined

Standards and certifications

ISO/IEC 27001 certification
No
ISO 28000:2007 certification
No
CSA STAR certification
No
PCI certification
No
Other security certifications
Yes
Any other security certifications
Cyber Essentials Plus

Security governance

Named board-level person responsible for service security
Yes
Security governance certified
Yes
Security governance standards
Other
Other security governance standards
Cyber Essentials Plus
Information security policies and processes
All staff comply with FullProxy's own Information Security Policy

Operational security

Configuration and change management standard
Supplier-defined controls
Configuration and change management approach
F5 Networks can provide documentation on their configuration and change management approach on request.
Vulnerability management type
Supplier-defined controls
Vulnerability management approach
F5 Networks can provide documentation on their vulnerability management approach on request.
Protective monitoring type
Supplier-defined controls
Protective monitoring approach
F5 Networks can provide documentation on their proactive monitoring approach on request.
Incident management type
Supplier-defined controls
Incident management approach
F5 Networks can provide documentation on their incident management approach on request.

Secure development

Approach to secure software development best practice
Supplier-defined process

Public sector networks

Connection to public sector networks
No

Pricing

Price
£1 a unit
Discount for educational organisations
Yes
Free trial available
Yes
Description of free trial
Full featured, time limited trial license

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at g-cloud@fullproxy.com. Tell them what format you need. It will help if you say what assistive technology you use.