SlideShare a Scribd company logo

https://spotintelligence.com

N
NeriVanOtten1

security whitepaper from <a href="https://spotintelligence.com">Spot Intelligence </a> https://spotintelligence.com

Business
1 of 4
Download to read offline
Spot Intelligence Security White Paper 1 Data Center & Network Security Physical Security Facilities Spot Intelligence service providers physical infrastructure is hosted and managed within Amazon’s secure data centers and utilizes the Amazon Web Service (AWS) technology. Amazon continually manages risk and undergoes recurring assessments to ensure compliance according to the industry’s standards. Amazon’s data center operations have been accredited under: • ISO 27001 • SOC 1 and SOC 2/SSAE 16/ISAE 3402 (Previously SAS 70 Type II) • PCI Level 1 • FISMA Moderate • Sarbanes-Oxley (SOX) On-site Security Spot Intelligence utilizes ISO 27001 and FISMA certified data centers managed by Amazon. AWS data centers are housed in nondescript facilities, and critical facilities have extensive setback and military grade perimeter control berms as well as other natural boundary protection. Physical access is strictly controlled both at the perimeter and at building ingress points by professional security staff utilizing video surveillance, state of the art intrusion detection systems, and other electronic means. Authorized staff must pass two-factor authentication no fewer than three times to access data center floors. All visitors and contractors are required to present identification and are signed in and continually escorted by authorized staff. Location Spot Intelligence service providers data centers are located in the United States. Network Security Security Response Team Our Security Response Team is on call to respond to security alerts and events and can be reached at security@spotintelligence.com. Protection All firewalls infrastructure and management is provided by our service providers: Amazon AWS. Firewalls are utilized to restrict access to systems from external networks and between systems internally. By default, all access is denied and only explicitly allowed ports and protocols are allowed based on business need. Each system is assigned to a firewall security group based on system’s function. Security groups restrict access to the ports and protocols required for a system’s specific function in order to mitigate risk. Host-based firewalls also provide the ability to further limit inbound and outbound connections as needed. Vulnerability Scanning Our service provider managed firewalls prevent IP, MAC, and ARP spoofing on the network and between virtual hosts to ensure spoofing is not possible. Packet sniffing is prevented by infrastructure including the hypervisor which will not deliver traffic to an interface which it is not addressed to. Our service provider utilizes application isolation, operating system restrictions, and encrypted connections to further ensure risk is mitigated at all levels.
Spot Intelligence Security White Paper 2 Port scanning is prohibited and every reported instance is investigated by our infrastructure provider. When port scans are detected, they are stopped and access is blocked. Penetration Testing and Vulnerability Assessments Third party security testing of our service provider is performed by independent and reputable security consulting firms. Findings from each assessment are reviewed with the assessors, risk ranked, and assigned to the responsible team. Security Incident Event and Response In the event of a security incident, our engineers are called in to gather extensive logs from critical host systems and analyze them to respond to the incident in the most appropriately way possible. Gathering and analyzing log information is critical for troubleshooting and investigating issues. Our service provider allows us to analyze three main log types: system, application, and API logs. DDoS Mitigation Our service providers infrastructure provides DDoS mitigation techniques including TCP Syn cookies and connection rate limiting in addition to maintaining multiple backbone connections and internal bandwidth capacity that exceeds the Internet carrier supplied bandwidth. We work closely with our providers to quickly respond to events and enable advanced DDoS mitigation controls when needed. Logical Access Access to the Spot Intelligence Production Network is restricted by an explicit need to-know basis. It utilizes least privilege, is frequently audited, and is closely controlled by our Engineering Team. Employees accessing the Spot Intelligence Production Network are required to use multiple factors of authentication. Encryption Encryption in Transit Communications between you and Spot Intelligence servers are encrypted via industry best-practices (HTTPS). Encryption at Rest Spot Intelligence supports encryption of customer data at rest. Availability & Continuity Uptime Spot Intelligence’s availability has been 100% for the first trimester of 2018 and is continuously monitored. The availability reports are not available on our website but can be provided upon request. Redundancy Spot Intelligence’s service provider clustering and network redundancies eliminate single point of failure. Disaster Recovery Our service provider’s platform automatically restores customer applications and databases in the case of an outage. The provider’s platform is designed to dynamically deploy applications within its cloud, monitor for failures, and recover failed platform components including customer applications and databases. Application Security Secure Development (SDLC) Python Security We utilize Python Security to limit exposure to OWASP Top 10 security flaws. These include inherent controls that reduce our exposure to Cross Site Scripting (XSS), Cross Site Request Forgery (CSRF), and SQL Injection (SQLi), among others.
Spot Intelligence Security White Paper 3 QA Our QA department reviews and tests our code base. Dedicated application engineers on staff identify, test, and triage security vulnerabilities in code. Separate Environments Testing and staging environments are separated from the production environment. No actual customer data is used in the development or test environments. Application Vulnerabilities Static Code Analysis Our source code repositories are continuously scanned for security issues via our integrated static analysis tooling. Product Security Features Secure Development (SDLC) Authentication Options Spot Intelligence supports sign-in, SSO and Google Authentication Single sign-on (SSO) Single sign-on (SSO) allows you to authenticate users in your own systems without requiring them to enter additional login credentials for Spot Intelligence access. Secure Credential Storage Spot Intelligence follows secure credential storage best practices by never storing passwords in human readable format. API Security & Authentication Spot Intelligence API is SSL-only and you must be a verified user to make API requests. You can authorize against the API using API token Additional Product Security Features Access Privileges & Roles Access to data within your Spot Intelligence is governed by access rights, and can be configured to define access privileges. Spot Intelligence has various permission levels for organization (member and admin) and pipe users (start form only, member and admin). Transmission Security All communications with Spot Intelligence service provider servers are encrypted using industry standard HTTPS. This ensures that all traffic between you and Spot Intelligence secure during transit. Additional Security Methodologies Security Awareness Policies Spot Intelligence has developed a comprehensive set of security policies covering a range of topics. These policies are shared with, and made available to, all employees and contractors with access to Spot Intelligence information assets. Training All new employees attend a Security Awareness Training, and the Engineering Team provides security awareness updates via e-mail, blog posts, and in presentations during internal events. Employee Vetting Background Checks Spot Intelligence performs background checks on all new employees in accordance with local laws. The background check includes
Spot Intelligence Security White Paper 4 Criminal, Education, and Employment verification. Cleaning crews are included. Confidentiality Agreements All new hires are screened through the hiring process and required to sign Non-Disclosure and Confidentiality agreements.

Recommended

tibbr Security Overview
tibbr Security Overviewtibbr Security Overview
tibbr Security Overviewtibbr
 
Cortana Analytics Workshop: Cortana Analytics -- Security, Privacy & Compliance
Cortana Analytics Workshop: Cortana Analytics -- Security, Privacy & ComplianceCortana Analytics Workshop: Cortana Analytics -- Security, Privacy & Compliance
Cortana Analytics Workshop: Cortana Analytics -- Security, Privacy & ComplianceMSAdvAnalytics
 
AL_PCI-Cheatsheet_web
AL_PCI-Cheatsheet_webAL_PCI-Cheatsheet_web
AL_PCI-Cheatsheet_webDerrick McBreairty
 
Soteria Cybersecurity Healthcheck-FB01
Soteria Cybersecurity Healthcheck-FB01Soteria Cybersecurity Healthcheck-FB01
Soteria Cybersecurity Healthcheck-FB01Richard Sullivan
 
Security and Compliance In Microsoft Office 365 Whitepaper
Security and Compliance In Microsoft Office 365 WhitepaperSecurity and Compliance In Microsoft Office 365 Whitepaper
Security and Compliance In Microsoft Office 365 WhitepaperDavid J Rosenthal
 
Information Security Whitepaper
Information Security WhitepaperInformation Security Whitepaper
Information Security Whitepaperrun_frictionless
 
Security Best Practices for Your Ignition System
Security Best Practices for Your Ignition SystemSecurity Best Practices for Your Ignition System
Security Best Practices for Your Ignition SystemInductive Automation
 
Datasheet app vulnerability_assess
Datasheet app vulnerability_assessDatasheet app vulnerability_assess
Datasheet app vulnerability_assessBirodh Rijal
 

Recommended

tibbr Security Overview
tibbr Security Overviewtibbr Security Overview
tibbr Security Overviewtibbr
 
Cortana Analytics Workshop: Cortana Analytics -- Security, Privacy & Compliance
Cortana Analytics Workshop: Cortana Analytics -- Security, Privacy & ComplianceCortana Analytics Workshop: Cortana Analytics -- Security, Privacy & Compliance
Cortana Analytics Workshop: Cortana Analytics -- Security, Privacy & ComplianceMSAdvAnalytics
 
AL_PCI-Cheatsheet_web
AL_PCI-Cheatsheet_webAL_PCI-Cheatsheet_web
AL_PCI-Cheatsheet_webDerrick McBreairty
 
Soteria Cybersecurity Healthcheck-FB01
Soteria Cybersecurity Healthcheck-FB01Soteria Cybersecurity Healthcheck-FB01
Soteria Cybersecurity Healthcheck-FB01Richard Sullivan
 
Security and Compliance In Microsoft Office 365 Whitepaper
Security and Compliance In Microsoft Office 365 WhitepaperSecurity and Compliance In Microsoft Office 365 Whitepaper
Security and Compliance In Microsoft Office 365 WhitepaperDavid J Rosenthal
 
Information Security Whitepaper
Information Security WhitepaperInformation Security Whitepaper
Information Security Whitepaperrun_frictionless
 
Security Best Practices for Your Ignition System
Security Best Practices for Your Ignition SystemSecurity Best Practices for Your Ignition System
Security Best Practices for Your Ignition SystemInductive Automation
 
Datasheet app vulnerability_assess
Datasheet app vulnerability_assessDatasheet app vulnerability_assess
Datasheet app vulnerability_assessBirodh Rijal
 
CyberKnight capabilties
CyberKnight capabiltiesCyberKnight capabilties
CyberKnight capabiltiesSneha .
 
ICC Networking Data Security
ICC Networking Data SecurityICC Networking Data Security
ICC Networking Data SecurityInternational Communications Corporation
 
ICC Networking Data Security
ICC Networking Data SecurityICC Networking Data Security
ICC Networking Data SecurityInternational Communications Corporation
 
Removing Security Roadblocks to IoT Deployment Success
Removing Security Roadblocks to IoT Deployment SuccessRemoving Security Roadblocks to IoT Deployment Success
Removing Security Roadblocks to IoT Deployment SuccessMicrosoft Tech Community
 
Importance of Identity Management in Security - Microsoft Tech Tour @Towson
Importance of Identity Management in Security - Microsoft Tech Tour @TowsonImportance of Identity Management in Security - Microsoft Tech Tour @Towson
Importance of Identity Management in Security - Microsoft Tech Tour @TowsonAdam Levithan
 
Security and Compliance
Security and ComplianceSecurity and Compliance
Security and Compliancerun_frictionless
 
ITrust Security Operating Center (SOC) - Datasheet EN
ITrust Security Operating Center (SOC) - Datasheet ENITrust Security Operating Center (SOC) - Datasheet EN
ITrust Security Operating Center (SOC) - Datasheet ENITrust - Cybersecurity as a Service
 
Implementing an improved security for collin’s database and telecommuters
Implementing an improved security for collin’s database and telecommutersImplementing an improved security for collin’s database and telecommuters
Implementing an improved security for collin’s database and telecommutersRishabh Gupta
 
Cisco Connect 2018 Thailand - Security automation and programmability mr. kho...
Cisco Connect 2018 Thailand - Security automation and programmability mr. kho...Cisco Connect 2018 Thailand - Security automation and programmability mr. kho...
Cisco Connect 2018 Thailand - Security automation and programmability mr. kho...NetworkCollaborators
 
Cisco Connect 2018 Thailand - Telco service provider network analytics
Cisco Connect 2018 Thailand - Telco service provider network analytics Cisco Connect 2018 Thailand - Telco service provider network analytics
Cisco Connect 2018 Thailand - Telco service provider network analytics NetworkCollaborators
 
An Overview of OPC UA Security
An Overview of OPC UA SecurityAn Overview of OPC UA Security
An Overview of OPC UA SecuritySadatulla Zishan
 
Ooredoo%20Security%20Managed%20Services
Ooredoo%20Security%20Managed%20ServicesOoredoo%20Security%20Managed%20Services
Ooredoo%20Security%20Managed%20ServicesMuhammad Mudassar
 
Cyber securityppt
Cyber securitypptCyber securityppt
Cyber securitypptSachin Roy
 
SSL VPN Evaluation Guide
SSL VPN Evaluation GuideSSL VPN Evaluation Guide
SSL VPN Evaluation Guide Array Networks
 
Operational Technology Security Solution for Utilities
Operational Technology Security Solution for UtilitiesOperational Technology Security Solution for Utilities
Operational Technology Security Solution for UtilitiesKrishna Chennareddy
 
SOC OEM - Datasheet EN
SOC OEM - Datasheet ENSOC OEM - Datasheet EN
SOC OEM - Datasheet ENITrust - Cybersecurity as a Service
 
Circuit security
Circuit securityCircuit security
Circuit securityPaperjam_redaction
 
Why Penetration Testing Services Cyber51
Why Penetration Testing Services Cyber51Why Penetration Testing Services Cyber51
Why Penetration Testing Services Cyber51martinvoelk
 
Palo Alto Networks: Protection for Security & Compliance
Palo Alto Networks: Protection for Security & CompliancePalo Alto Networks: Protection for Security & Compliance
Palo Alto Networks: Protection for Security & ComplianceAmazon Web Services
 
NetExplorer security leaflet
NetExplorer security leafletNetExplorer security leaflet
NetExplorer security leafletNetExplorer
 
Call Girls Jp Nagar Just Call 👗 7737669865 👗 Top Class Call Girl Service Bang...
Call Girls Jp Nagar Just Call 👗 7737669865 👗 Top Class Call Girl Service Bang...Call Girls Jp Nagar Just Call 👗 7737669865 👗 Top Class Call Girl Service Bang...
Call Girls Jp Nagar Just Call 👗 7737669865 👗 Top Class Call Girl Service Bang...amitlee9823
 
0183760ssssssssssssssssssssssssssss00101011 (27).pdf
0183760ssssssssssssssssssssssssssss00101011 (27).pdf0183760ssssssssssssssssssssssssssss00101011 (27).pdf
0183760ssssssssssssssssssssssssssss00101011 (27).pdfRenandantas16
 

More Related Content

Similar to https://spotintelligence.com

CyberKnight capabilties
CyberKnight capabiltiesCyberKnight capabilties
CyberKnight capabiltiesSneha .
 
Removing Security Roadblocks to IoT Deployment Success
Removing Security Roadblocks to IoT Deployment SuccessRemoving Security Roadblocks to IoT Deployment Success
Removing Security Roadblocks to IoT Deployment SuccessMicrosoft Tech Community
 
Importance of Identity Management in Security - Microsoft Tech Tour @Towson
Importance of Identity Management in Security - Microsoft Tech Tour @TowsonImportance of Identity Management in Security - Microsoft Tech Tour @Towson
Importance of Identity Management in Security - Microsoft Tech Tour @TowsonAdam Levithan
 
Implementing an improved security for collin’s database and telecommuters
Implementing an improved security for collin’s database and telecommutersImplementing an improved security for collin’s database and telecommuters
Implementing an improved security for collin’s database and telecommutersRishabh Gupta
 
Cisco Connect 2018 Thailand - Security automation and programmability mr. kho...
Cisco Connect 2018 Thailand - Security automation and programmability mr. kho...Cisco Connect 2018 Thailand - Security automation and programmability mr. kho...
Cisco Connect 2018 Thailand - Security automation and programmability mr. kho...NetworkCollaborators
 
Cisco Connect 2018 Thailand - Telco service provider network analytics
Cisco Connect 2018 Thailand - Telco service provider network analytics Cisco Connect 2018 Thailand - Telco service provider network analytics
Cisco Connect 2018 Thailand - Telco service provider network analytics NetworkCollaborators
 
An Overview of OPC UA Security
An Overview of OPC UA SecurityAn Overview of OPC UA Security
An Overview of OPC UA SecuritySadatulla Zishan
 
Ooredoo%20Security%20Managed%20Services
Ooredoo%20Security%20Managed%20ServicesOoredoo%20Security%20Managed%20Services
Ooredoo%20Security%20Managed%20ServicesMuhammad Mudassar
 
Cyber securityppt
Cyber securitypptCyber securityppt
Cyber securitypptSachin Roy
 
SSL VPN Evaluation Guide
SSL VPN Evaluation GuideSSL VPN Evaluation Guide
SSL VPN Evaluation Guide Array Networks
 
Operational Technology Security Solution for Utilities
Operational Technology Security Solution for UtilitiesOperational Technology Security Solution for Utilities
Operational Technology Security Solution for UtilitiesKrishna Chennareddy
 
Why Penetration Testing Services Cyber51
Why Penetration Testing Services Cyber51Why Penetration Testing Services Cyber51
Why Penetration Testing Services Cyber51martinvoelk
 
Palo Alto Networks: Protection for Security & Compliance
Palo Alto Networks: Protection for Security & CompliancePalo Alto Networks: Protection for Security & Compliance
Palo Alto Networks: Protection for Security & ComplianceAmazon Web Services
 
NetExplorer security leaflet
NetExplorer security leafletNetExplorer security leaflet
NetExplorer security leafletNetExplorer
 

Similar to https://spotintelligence.com (20)

CyberKnight capabilties
CyberKnight capabiltiesCyberKnight capabilties
CyberKnight capabilties
 
ICC Networking Data Security
ICC Networking Data SecurityICC Networking Data Security
ICC Networking Data Security
 
ICC Networking Data Security
ICC Networking Data SecurityICC Networking Data Security
ICC Networking Data Security
 
Removing Security Roadblocks to IoT Deployment Success
Removing Security Roadblocks to IoT Deployment SuccessRemoving Security Roadblocks to IoT Deployment Success
Removing Security Roadblocks to IoT Deployment Success
 
Importance of Identity Management in Security - Microsoft Tech Tour @Towson
Importance of Identity Management in Security - Microsoft Tech Tour @TowsonImportance of Identity Management in Security - Microsoft Tech Tour @Towson
Importance of Identity Management in Security - Microsoft Tech Tour @Towson
 
Security and Compliance
Security and ComplianceSecurity and Compliance
Security and Compliance
 
ITrust Security Operating Center (SOC) - Datasheet EN
ITrust Security Operating Center (SOC) - Datasheet ENITrust Security Operating Center (SOC) - Datasheet EN
ITrust Security Operating Center (SOC) - Datasheet EN
 
Implementing an improved security for collin’s database and telecommuters
Implementing an improved security for collin’s database and telecommutersImplementing an improved security for collin’s database and telecommuters
Implementing an improved security for collin’s database and telecommuters
 
Cisco Connect 2018 Thailand - Security automation and programmability mr. kho...
Cisco Connect 2018 Thailand - Security automation and programmability mr. kho...Cisco Connect 2018 Thailand - Security automation and programmability mr. kho...
Cisco Connect 2018 Thailand - Security automation and programmability mr. kho...
 
Cisco Connect 2018 Thailand - Telco service provider network analytics
Cisco Connect 2018 Thailand - Telco service provider network analytics Cisco Connect 2018 Thailand - Telco service provider network analytics
Cisco Connect 2018 Thailand - Telco service provider network analytics
 
An Overview of OPC UA Security
An Overview of OPC UA SecurityAn Overview of OPC UA Security
An Overview of OPC UA Security
 
Ooredoo%20Security%20Managed%20Services
Ooredoo%20Security%20Managed%20ServicesOoredoo%20Security%20Managed%20Services
Ooredoo%20Security%20Managed%20Services
 
Cyber securityppt
Cyber securitypptCyber securityppt
Cyber securityppt
 
SSL VPN Evaluation Guide
SSL VPN Evaluation GuideSSL VPN Evaluation Guide
SSL VPN Evaluation Guide
 
Operational Technology Security Solution for Utilities
Operational Technology Security Solution for UtilitiesOperational Technology Security Solution for Utilities
Operational Technology Security Solution for Utilities
 
SOC OEM - Datasheet EN
SOC OEM - Datasheet ENSOC OEM - Datasheet EN
SOC OEM - Datasheet EN
 
Circuit security
Circuit securityCircuit security
Circuit security
 
Why Penetration Testing Services Cyber51
Why Penetration Testing Services Cyber51Why Penetration Testing Services Cyber51
Why Penetration Testing Services Cyber51
 
Palo Alto Networks: Protection for Security & Compliance
Palo Alto Networks: Protection for Security & CompliancePalo Alto Networks: Protection for Security & Compliance
Palo Alto Networks: Protection for Security & Compliance
 
NetExplorer security leaflet
NetExplorer security leafletNetExplorer security leaflet
NetExplorer security leaflet
 

Recently uploaded

Call Girls Jp Nagar Just Call 👗 7737669865 👗 Top Class Call Girl Service Bang...
Call Girls Jp Nagar Just Call 👗 7737669865 👗 Top Class Call Girl Service Bang...Call Girls Jp Nagar Just Call 👗 7737669865 👗 Top Class Call Girl Service Bang...
Call Girls Jp Nagar Just Call 👗 7737669865 👗 Top Class Call Girl Service Bang...amitlee9823
 
0183760ssssssssssssssssssssssssssss00101011 (27).pdf
0183760ssssssssssssssssssssssssssss00101011 (27).pdf0183760ssssssssssssssssssssssssssss00101011 (27).pdf
0183760ssssssssssssssssssssssssssss00101011 (27).pdfRenandantas16
 
7.pdf This presentation captures many uses and the significance of the number...
7.pdf This presentation captures many uses and the significance of the number...7.pdf This presentation captures many uses and the significance of the number...
7.pdf This presentation captures many uses and the significance of the number...Paul Menig
 
MONA 98765-12871 CALL GIRLS IN LUDHIANA LUDHIANA CALL GIRL
MONA 98765-12871 CALL GIRLS IN LUDHIANA LUDHIANA CALL GIRLMONA 98765-12871 CALL GIRLS IN LUDHIANA LUDHIANA CALL GIRL
MONA 98765-12871 CALL GIRLS IN LUDHIANA LUDHIANA CALL GIRLSeo
 
Yaroslav Rozhankivskyy: Три складові і три передумови максимальної продуктивн...
Yaroslav Rozhankivskyy: Три складові і три передумови максимальної продуктивн...Yaroslav Rozhankivskyy: Три складові і три передумови максимальної продуктивн...
Yaroslav Rozhankivskyy: Три складові і три передумови максимальної продуктивн...Lviv Startup Club
 
Mysore Call Girls 8617370543 WhatsApp Number 24x7 Best Services
Mysore Call Girls 8617370543 WhatsApp Number 24x7 Best ServicesMysore Call Girls 8617370543 WhatsApp Number 24x7 Best Services
Mysore Call Girls 8617370543 WhatsApp Number 24x7 Best ServicesDipal Arora
 
Famous Olympic Siblings from the 21st Century
Famous Olympic Siblings from the 21st CenturyFamous Olympic Siblings from the 21st Century
Famous Olympic Siblings from the 21st Centuryrwgiffor
 
Grateful 7 speech thanking everyone that has helped.pdf
Grateful 7 speech thanking everyone that has helped.pdfGrateful 7 speech thanking everyone that has helped.pdf
Grateful 7 speech thanking everyone that has helped.pdfPaul Menig
 
A305_A2_file_Batkhuu progress report.pdf
A305_A2_file_Batkhuu progress report.pdfA305_A2_file_Batkhuu progress report.pdf
A305_A2_file_Batkhuu progress report.pdftbatkhuu1
 
Best Basmati Rice Manufacturers in India
Best Basmati Rice Manufacturers in IndiaBest Basmati Rice Manufacturers in India
Best Basmati Rice Manufacturers in IndiaShree Krishna Exports
 
Ensure the security of your HCL environment by applying the Zero Trust princi...
Ensure the security of your HCL environment by applying the Zero Trust princi...Ensure the security of your HCL environment by applying the Zero Trust princi...
Ensure the security of your HCL environment by applying the Zero Trust princi...Roland Driesen
 
Best VIP Call Girls Noida Sector 40 Call Me: 8448380779
Best VIP Call Girls Noida Sector 40 Call Me: 8448380779Best VIP Call Girls Noida Sector 40 Call Me: 8448380779
Best VIP Call Girls Noida Sector 40 Call Me: 8448380779Delhi Call girls
 
Boost the utilization of your HCL environment by reevaluating use cases and f...
Boost the utilization of your HCL environment by reevaluating use cases and f...Boost the utilization of your HCL environment by reevaluating use cases and f...
Boost the utilization of your HCL environment by reevaluating use cases and f...Roland Driesen
 
Creating Low-Code Loan Applications using the Trisotech Mortgage Feature Set
Creating Low-Code Loan Applications using the Trisotech Mortgage Feature SetCreating Low-Code Loan Applications using the Trisotech Mortgage Feature Set
Creating Low-Code Loan Applications using the Trisotech Mortgage Feature SetDenis Gagné
 
Call Girls Pune Just Call 9907093804 Top Class Call Girl Service Available
Call Girls Pune Just Call 9907093804 Top Class Call Girl Service AvailableCall Girls Pune Just Call 9907093804 Top Class Call Girl Service Available
Call Girls Pune Just Call 9907093804 Top Class Call Girl Service AvailableDipal Arora
 
Regression analysis: Simple Linear Regression Multiple Linear Regression
Regression analysis: Simple Linear Regression Multiple Linear RegressionRegression analysis: Simple Linear Regression Multiple Linear Regression
Regression analysis: Simple Linear Regression Multiple Linear RegressionRavindra Nath Shukla
 
Call Girls in Delhi, Escort Service Available 24x7 in Delhi 959961-/-3876
Call Girls in Delhi, Escort Service Available 24x7 in Delhi 959961-/-3876Call Girls in Delhi, Escort Service Available 24x7 in Delhi 959961-/-3876
Call Girls in Delhi, Escort Service Available 24x7 in Delhi 959961-/-3876dlhescort
 
The Path to Product Excellence: Avoiding Common Pitfalls and Enhancing Commun...
The Path to Product Excellence: Avoiding Common Pitfalls and Enhancing Commun...The Path to Product Excellence: Avoiding Common Pitfalls and Enhancing Commun...
The Path to Product Excellence: Avoiding Common Pitfalls and Enhancing Commun...Aggregage
 

Recently uploaded (20)

Call Girls Jp Nagar Just Call 👗 7737669865 👗 Top Class Call Girl Service Bang...
Call Girls Jp Nagar Just Call 👗 7737669865 👗 Top Class Call Girl Service Bang...Call Girls Jp Nagar Just Call 👗 7737669865 👗 Top Class Call Girl Service Bang...
Call Girls Jp Nagar Just Call 👗 7737669865 👗 Top Class Call Girl Service Bang...
 
0183760ssssssssssssssssssssssssssss00101011 (27).pdf
0183760ssssssssssssssssssssssssssss00101011 (27).pdf0183760ssssssssssssssssssssssssssss00101011 (27).pdf
0183760ssssssssssssssssssssssssssss00101011 (27).pdf
 
7.pdf This presentation captures many uses and the significance of the number...
7.pdf This presentation captures many uses and the significance of the number...7.pdf This presentation captures many uses and the significance of the number...
7.pdf This presentation captures many uses and the significance of the number...
 
MONA 98765-12871 CALL GIRLS IN LUDHIANA LUDHIANA CALL GIRL
MONA 98765-12871 CALL GIRLS IN LUDHIANA LUDHIANA CALL GIRLMONA 98765-12871 CALL GIRLS IN LUDHIANA LUDHIANA CALL GIRL
MONA 98765-12871 CALL GIRLS IN LUDHIANA LUDHIANA CALL GIRL
 
Yaroslav Rozhankivskyy: Три складові і три передумови максимальної продуктивн...
Yaroslav Rozhankivskyy: Три складові і три передумови максимальної продуктивн...Yaroslav Rozhankivskyy: Три складові і три передумови максимальної продуктивн...
Yaroslav Rozhankivskyy: Три складові і три передумови максимальної продуктивн...
 
Mysore Call Girls 8617370543 WhatsApp Number 24x7 Best Services
Mysore Call Girls 8617370543 WhatsApp Number 24x7 Best ServicesMysore Call Girls 8617370543 WhatsApp Number 24x7 Best Services
Mysore Call Girls 8617370543 WhatsApp Number 24x7 Best Services
 
Famous Olympic Siblings from the 21st Century
Famous Olympic Siblings from the 21st CenturyFamous Olympic Siblings from the 21st Century
Famous Olympic Siblings from the 21st Century
 
VVVIP Call Girls In Greater Kailash ➡️ Delhi ➡️ 9999965857 🚀 No Advance 24HRS...
VVVIP Call Girls In Greater Kailash ➡️ Delhi ➡️ 9999965857 🚀 No Advance 24HRS...VVVIP Call Girls In Greater Kailash ➡️ Delhi ➡️ 9999965857 🚀 No Advance 24HRS...
VVVIP Call Girls In Greater Kailash ➡️ Delhi ➡️ 9999965857 🚀 No Advance 24HRS...
 
unwanted pregnancy Kit [+918133066128] Abortion Pills IN Dubai UAE Abudhabi
unwanted pregnancy Kit [+918133066128] Abortion Pills IN Dubai UAE Abudhabiunwanted pregnancy Kit [+918133066128] Abortion Pills IN Dubai UAE Abudhabi
unwanted pregnancy Kit [+918133066128] Abortion Pills IN Dubai UAE Abudhabi
 
Grateful 7 speech thanking everyone that has helped.pdf
Grateful 7 speech thanking everyone that has helped.pdfGrateful 7 speech thanking everyone that has helped.pdf
Grateful 7 speech thanking everyone that has helped.pdf
 
A305_A2_file_Batkhuu progress report.pdf
A305_A2_file_Batkhuu progress report.pdfA305_A2_file_Batkhuu progress report.pdf
A305_A2_file_Batkhuu progress report.pdf
 
Best Basmati Rice Manufacturers in India
Best Basmati Rice Manufacturers in IndiaBest Basmati Rice Manufacturers in India
Best Basmati Rice Manufacturers in India
 
Ensure the security of your HCL environment by applying the Zero Trust princi...
Ensure the security of your HCL environment by applying the Zero Trust princi...Ensure the security of your HCL environment by applying the Zero Trust princi...
Ensure the security of your HCL environment by applying the Zero Trust princi...
 
Best VIP Call Girls Noida Sector 40 Call Me: 8448380779
Best VIP Call Girls Noida Sector 40 Call Me: 8448380779Best VIP Call Girls Noida Sector 40 Call Me: 8448380779
Best VIP Call Girls Noida Sector 40 Call Me: 8448380779
 
Boost the utilization of your HCL environment by reevaluating use cases and f...
Boost the utilization of your HCL environment by reevaluating use cases and f...Boost the utilization of your HCL environment by reevaluating use cases and f...
Boost the utilization of your HCL environment by reevaluating use cases and f...
 
Creating Low-Code Loan Applications using the Trisotech Mortgage Feature Set
Creating Low-Code Loan Applications using the Trisotech Mortgage Feature SetCreating Low-Code Loan Applications using the Trisotech Mortgage Feature Set
Creating Low-Code Loan Applications using the Trisotech Mortgage Feature Set
 
Call Girls Pune Just Call 9907093804 Top Class Call Girl Service Available
Call Girls Pune Just Call 9907093804 Top Class Call Girl Service AvailableCall Girls Pune Just Call 9907093804 Top Class Call Girl Service Available
Call Girls Pune Just Call 9907093804 Top Class Call Girl Service Available
 
Regression analysis: Simple Linear Regression Multiple Linear Regression
Regression analysis: Simple Linear Regression Multiple Linear RegressionRegression analysis: Simple Linear Regression Multiple Linear Regression
Regression analysis: Simple Linear Regression Multiple Linear Regression
 
Call Girls in Delhi, Escort Service Available 24x7 in Delhi 959961-/-3876
Call Girls in Delhi, Escort Service Available 24x7 in Delhi 959961-/-3876Call Girls in Delhi, Escort Service Available 24x7 in Delhi 959961-/-3876
Call Girls in Delhi, Escort Service Available 24x7 in Delhi 959961-/-3876
 
The Path to Product Excellence: Avoiding Common Pitfalls and Enhancing Commun...
The Path to Product Excellence: Avoiding Common Pitfalls and Enhancing Commun...The Path to Product Excellence: Avoiding Common Pitfalls and Enhancing Commun...
The Path to Product Excellence: Avoiding Common Pitfalls and Enhancing Commun...
 

https://spotintelligence.com

  • 1. Spot Intelligence Security White Paper 1 Data Center & Network Security Physical Security Facilities Spot Intelligence service providers physical infrastructure is hosted and managed within Amazon’s secure data centers and utilizes the Amazon Web Service (AWS) technology. Amazon continually manages risk and undergoes recurring assessments to ensure compliance according to the industry’s standards. Amazon’s data center operations have been accredited under: • ISO 27001 • SOC 1 and SOC 2/SSAE 16/ISAE 3402 (Previously SAS 70 Type II) • PCI Level 1 • FISMA Moderate • Sarbanes-Oxley (SOX) On-site Security Spot Intelligence utilizes ISO 27001 and FISMA certified data centers managed by Amazon. AWS data centers are housed in nondescript facilities, and critical facilities have extensive setback and military grade perimeter control berms as well as other natural boundary protection. Physical access is strictly controlled both at the perimeter and at building ingress points by professional security staff utilizing video surveillance, state of the art intrusion detection systems, and other electronic means. Authorized staff must pass two-factor authentication no fewer than three times to access data center floors. All visitors and contractors are required to present identification and are signed in and continually escorted by authorized staff. Location Spot Intelligence service providers data centers are located in the United States. Network Security Security Response Team Our Security Response Team is on call to respond to security alerts and events and can be reached at security@spotintelligence.com. Protection All firewalls infrastructure and management is provided by our service providers: Amazon AWS. Firewalls are utilized to restrict access to systems from external networks and between systems internally. By default, all access is denied and only explicitly allowed ports and protocols are allowed based on business need. Each system is assigned to a firewall security group based on system’s function. Security groups restrict access to the ports and protocols required for a system’s specific function in order to mitigate risk. Host-based firewalls also provide the ability to further limit inbound and outbound connections as needed. Vulnerability Scanning Our service provider managed firewalls prevent IP, MAC, and ARP spoofing on the network and between virtual hosts to ensure spoofing is not possible. Packet sniffing is prevented by infrastructure including the hypervisor which will not deliver traffic to an interface which it is not addressed to. Our service provider utilizes application isolation, operating system restrictions, and encrypted connections to further ensure risk is mitigated at all levels.
  • 2. Spot Intelligence Security White Paper 2 Port scanning is prohibited and every reported instance is investigated by our infrastructure provider. When port scans are detected, they are stopped and access is blocked. Penetration Testing and Vulnerability Assessments Third party security testing of our service provider is performed by independent and reputable security consulting firms. Findings from each assessment are reviewed with the assessors, risk ranked, and assigned to the responsible team. Security Incident Event and Response In the event of a security incident, our engineers are called in to gather extensive logs from critical host systems and analyze them to respond to the incident in the most appropriately way possible. Gathering and analyzing log information is critical for troubleshooting and investigating issues. Our service provider allows us to analyze three main log types: system, application, and API logs. DDoS Mitigation Our service providers infrastructure provides DDoS mitigation techniques including TCP Syn cookies and connection rate limiting in addition to maintaining multiple backbone connections and internal bandwidth capacity that exceeds the Internet carrier supplied bandwidth. We work closely with our providers to quickly respond to events and enable advanced DDoS mitigation controls when needed. Logical Access Access to the Spot Intelligence Production Network is restricted by an explicit need to-know basis. It utilizes least privilege, is frequently audited, and is closely controlled by our Engineering Team. Employees accessing the Spot Intelligence Production Network are required to use multiple factors of authentication. Encryption Encryption in Transit Communications between you and Spot Intelligence servers are encrypted via industry best-practices (HTTPS). Encryption at Rest Spot Intelligence supports encryption of customer data at rest. Availability & Continuity Uptime Spot Intelligence’s availability has been 100% for the first trimester of 2018 and is continuously monitored. The availability reports are not available on our website but can be provided upon request. Redundancy Spot Intelligence’s service provider clustering and network redundancies eliminate single point of failure. Disaster Recovery Our service provider’s platform automatically restores customer applications and databases in the case of an outage. The provider’s platform is designed to dynamically deploy applications within its cloud, monitor for failures, and recover failed platform components including customer applications and databases. Application Security Secure Development (SDLC) Python Security We utilize Python Security to limit exposure to OWASP Top 10 security flaws. These include inherent controls that reduce our exposure to Cross Site Scripting (XSS), Cross Site Request Forgery (CSRF), and SQL Injection (SQLi), among others.
  • 3. Spot Intelligence Security White Paper 3 QA Our QA department reviews and tests our code base. Dedicated application engineers on staff identify, test, and triage security vulnerabilities in code. Separate Environments Testing and staging environments are separated from the production environment. No actual customer data is used in the development or test environments. Application Vulnerabilities Static Code Analysis Our source code repositories are continuously scanned for security issues via our integrated static analysis tooling. Product Security Features Secure Development (SDLC) Authentication Options Spot Intelligence supports sign-in, SSO and Google Authentication Single sign-on (SSO) Single sign-on (SSO) allows you to authenticate users in your own systems without requiring them to enter additional login credentials for Spot Intelligence access. Secure Credential Storage Spot Intelligence follows secure credential storage best practices by never storing passwords in human readable format. API Security & Authentication Spot Intelligence API is SSL-only and you must be a verified user to make API requests. You can authorize against the API using API token Additional Product Security Features Access Privileges & Roles Access to data within your Spot Intelligence is governed by access rights, and can be configured to define access privileges. Spot Intelligence has various permission levels for organization (member and admin) and pipe users (start form only, member and admin). Transmission Security All communications with Spot Intelligence service provider servers are encrypted using industry standard HTTPS. This ensures that all traffic between you and Spot Intelligence secure during transit. Additional Security Methodologies Security Awareness Policies Spot Intelligence has developed a comprehensive set of security policies covering a range of topics. These policies are shared with, and made available to, all employees and contractors with access to Spot Intelligence information assets. Training All new employees attend a Security Awareness Training, and the Engineering Team provides security awareness updates via e-mail, blog posts, and in presentations during internal events. Employee Vetting Background Checks Spot Intelligence performs background checks on all new employees in accordance with local laws. The background check includes
  • 4. Spot Intelligence Security White Paper 4 Criminal, Education, and Employment verification. Cleaning crews are included. Confidentiality Agreements All new hires are screened through the hiring process and required to sign Non-Disclosure and Confidentiality agreements.