Unfortunately you're using an unsupported browser. Please update it and try again.

People working around a pc screen

Managed Embedded Security Controls

A single solution for cloud and network protection

Get 24/7 protection with our fully managed solution.

Get in touch

Thinking of joining us?

0800 345 7984

09:00 - 18:00 | Monday to Friday

Existing customers

0800 085 5957

09:00 - 18:00 | Monday to Friday

Existing customers

If we’re already working with you, please get in touch with your account team or account manager. We’re happy to talk through the technology solutions we can offer to support your business.

Chat with a UK-based sales specialist

09:00 - 17:00 | Monday - Friday

Existing customers

If we’re already working with you, please get in touch with your account team or account manager. We’re happy to talk through the technology solutions we can offer to support your business.

New sales enquiry

Please select your title
Please enter your first name
Please enter your last name
Please enter your company name
Please enter your contact number
Please enter your email address
Please enter your postcode

A complex challenge. A simple solution.

Cloud working, a remote workforce and fixed infrastructures. A complex mix of cloud and network services pose a significant security challenge. Protect your entire estate with our Managed Embedded Security Controls, a single solution that can scale and adapt to your changing needs. 

Managed Embedded Security Controls is a cloud-based solution offering Next-Generation Firewall capabilities embedded directly into our network and deployed in a multi-tenanted environment. It provides customers with a secure and flexible network, allowing them to safely embrace a hybrid workplace.

Accept cookies to view this content.

Discover the benefits of our Managed Embedded Security Controls

Full coverage and flexibility

Eliminate complexity. Secure all of your sites wherever they might be located whilst maintaining the ability to add or remove security features for individual sites.

24/7 protection

Get round the clock protection for your network with our fully managed security solution, 365 days a year.

Protection for all users

With our remote user access feature, we can protect all users, whether they are in the office or on the move.

Keep on top of your costs

There’s no need for expensive hardware or on-site equipment, with an OPEX based scalable solution, flexible to your needs. Pay a single monthly bill based on your usage requirements.

Why BT

World-leading security

We have in-depth experience of dynamic threat environments. Protecting our networks from more than 6,500 cyber attacks each day.

Solutions for all sizes

We work with customers of all sizes. And we’ll make sure they deliver for your business.

Specialist partners

We partner with best-in-class security vendors and have access to Europol and National Cyber Security Centre global intelligence. 

Useful downloads

Managed Embedded Security Controls


How do you protect users when they’re on the internet?

The Embedded Security Controls platform runs security policies that protect people accessing the internet from your sites. As part of the initial set-up, we’ll work with you to fine-tune these policies. The solution includes a remote access feature, which protects people using the internet when they’re away from your sites: mobile workers, home workers, and so on.

You can apply security policies at a site, which gives you flexibility when you’re setting the policies.

If you want to make tweaks to existing security policies or add new ones, you need to raise a Simple Service Request (SSR). We’ll then make the change for you.

How do you set up a new user or add a new site?

You don’t need to do anything to add a new user. One of the benefits of Embedded Security Controls is that there’s no need to change your service for new hires or leavers - as long as your aggregated bandwidth usage stays the same, you don’t need to make any changes.

Adding a new site is different.

As part of your solution requirements you’ll have told us the number of sites that require internet breakout via the Embedded Security Controls platform. During the initial set up, we’ll have configured the IPSec tunnel on our platform to accept your internet traffic. So when you add a new site, we’ll need to setup a new IPSec tunnel for this site.

As for the initial setup, you’re responsible for configuring the IPSec tunnel on your connectivity CPE.

If you want to add a new site, you’ll need to raise a Complex Service Request (CSR) by contacting your Account Manager.

Where are your datacentres located?

We have Embedded Security Controls platforms in London, Colindale and Guildford. Each location provides the same level of service and security.

As part of the initial set up process, we’ll provide you with the connection details to forward your internet traffic to the appropriate Embedded Security Controls platform.

Are feature releases and updates to the platform instantly available to all customers?

When we release a new feature within the feature bundle you’ve purchased, we’ll let you know. As soon as the feature’s available, we’ll help you set it up. Sometimes there may be an installation fee to set up the new feature.

We’ll make updates to the Embedded Security Controls platform available to you at our discretion. As we’re working with a multi-tenanted platform, we may be unable to agree a rollout plan that fits with every organisations ideal. We’ll let you know of any scheduled updates and what, if any, impact you may experience. 

Who provides your solution?

We host our Embedded Security Controls solution in BT datacentres. We underpin the solution with award-winning Palo Alto next-generation firewalls. Palo Alto provide firewall updates, which we roll out at our discretion. We manage and deliver the configuration of tunnels and the configuration of your security policies.

What is your release cycle for updates and bug fixes?

As the Managed Embedded Security Controls solution is a multi-tenanted platform, we may be unable to agree a release cycle for updates and bug fixes that best suits your organisation. If we have an urgent update or bug fix to deploy, we’ll update the platform as soon as possible.

If we deem an update to not be urgent, we will release the update or bug fix at our discretion. In both scenarios, we’ll let you know before the update takes place what, if any, impact you may face.

Can we customise the solution?

You can select as many of the security features as you would like for each of your sites. For example, you might choose to take five features for site A, and four features for site B.

You can also select the aggregated bandwidth that you need for your organisation.

We’ll roll out a base policy security configuration for each of the security features you select. This should help reduce the amount of customisation required as part of the initial set up. We’ll agree and sign off all of the security policies with you before we apply them. You have the option to change and tailor these to your organisation’s requirements.

When the solution’s in-life, you have the option to change all of your security policies through our SSR process.

You can’t do any customisation outside of the core product functionality.

Does the solution support Single Sign-On (SSO) for user and administrative access?

Yes. As an admin, you’ll be using two portals: BT My Account; and the Security Hub.

You access the Security Hub through My Account, which uses multi factor-authentication. Once logged in, you’ll be able to launch the Security Hub portal without needing to provide further user credentials

Is there a client portal for us to easily access reports?

Yes. We’ll give you access to the Security Hub portal (accessible via the My Account portal), where you’ll be able to access a number of reports.

For further information on what reports are available, please refer to the service description.

Can we access reports in real time?

Yes. Reports are available on the Security Hub portal in real time.

What support is included with the service?

Support is available 24/7/365 via phone call, the My Account portal, and through online content for all components of your Embedded Security Controls service.

What maintenance and repair options are available?

As your Embedded Security Controls solution is a cloud-based solution, there’s no equipment to maintain or repair.

If you experience any problems with your service, we’ll prioritise any incidents you report to our help desk according to their severity. We’ll aim to fix and resolve your incident within the target times for the priority level.