APPLICATION VULNERABILITIES Dynamic Vulnerability Scanning No actual customer data is used in the development or test environments. Separate Environments Testing and staging environments are separated physically and logically from the production environment. Several dedicated application security engineers on staff identify, test, and triage security vulnerabilities in code.
F SECURE CUSTOMER SUPPORT CODE
QA Our QA department reviews and tests our code base.
These include inherent controls that reduce our exposure to Cross Site Scripting (XSS), Cross Site Request Forgery (CSRF), and SQL Injection (SQLi), among others. We utilise PHP framework security controls to limit exposure to OWASP Top 10 security flaws. Faveo Helpdesk Framework Security Controls This training covers OWASP Top 10 security flaws, common attack vectors, and Faveo Helpdesk security controls. Security Training At least annually, engineers participate in secure code training. we take various steps to secure Faveo Helpdesk at application level.
F SECURE CUSTOMER SUPPORT SOFTWARE
*Only available with Advanced Security Add-on APPLICATION SECURITYĪchieving 100% Secure Customer Service Software is impossible without having the security measures applied at the application level. ENCRYPTIONĮncryption in Transit Communications between you and Faveo Helpdesk servers are encrypted via industry best-practices HTTPS and Transport Layer Security (TLS).Įncryption at Rest Faveo Helpdesk supports encryption of customer data at rest.
Employees are trained on security incident response processes, including communication channels and escalation paths. In case of a system alert, events are escalated to our 24/7 teams providing Operations, Network Engineering, and Security coverage. Employees accessing the Faveo Helpdesk Production Network are required to use multiple factors of authentication. Logical access to the Faveo Helpdesk Production Network is restricted by an explicit need-to-know basis, utilises least privilege, is frequently audited and monitored, and is controlled by our Operations Team. We monitor threats posted to these threat intelligence networks and take action based on our risk and exposure.ĭDoS Mitigation In addition to our own capabilities and tools, we contract with on-demand DDoS scrubbing providers to mitigate Distributed Denial of Service (DDoS) attacks. Threat Intelligence Programįaveo Helpdesk participates in several threat intelligence sharing programs. The systems are configured to generate alerts when incidents and values exceed predetermined thresholds and uses regularly updated signatures based on new threats. Major application data flow ingress and egress points are monitored with Intrusion Detection Systems (IDS) or Intrusion Prevention Systems (IPS). The Security team responds to these events. The SIEM creates triggers that notify the Security team based on correlated events. Security Incident Event Management (SIEM)Ī security incident event management (SIEM) system gathers extensive logs from important network devices and hosts systems. Network security scanning gives us deep insight for quick identification of out-of-compliance or potentially vulnerable systems. Depending on the zone, additional security monitoring and access controls will apply.ĭMZs are utilised between the Internet, and internally, between the different zones of trust. Other systems are housed in zones commensurate with their sensitivity, depending on function, information classification, and risk. More sensitive systems, like our database servers, are protected in our most trusted zones. Our network security architecture consists of multiple security zones of trust. Our network is protected by redundant layer 7 firewalls, best-in-class router technology, secure HTTPS transport over public networks, regular audits, and network intrusion detection/prevention technologies (IDS/IPS) that monitor and block malicious traffic and network attacks. Our Security Team is on call to respond to security alerts and events. Faveo Helpdesk’s Security Policy handles network security with below listed methods.
In order to deliver Secure Customer Service Software over internet – The network security needs to be paid special attention. On-site Security Our data center facilities feature a secured perimeter with multi-level security zones, 24/7 manned security, CCTV video surveillance, multi-factor identification with bio-metric access control, physical locks, and security breach alarms.Ĭustomers can choose to locate their data in the EU data center. In order to offer Secure Customer Service Software it starts with physical security first – The Facilities at which Faveo Helpdesk servers are located in EU, Tier III Data centers each one are powered by redundant power, with UPS and backup generators.
0 kommentar(er)
