Security and Compliance

Introduction

In an age where digital trust is paramount, we take pride in delivering a platform that adheres to the highest standards of security and compliance. Our commitment extends across every line of code, ensuring a robust and secure environment for your business-critical information.

Security Assessments: Fortifying Every Aspect

At VuNet, we conduct meticulous security assessments in various key areas to fortify our platform. From static code scans to comprehensive penetration testing, our commitment to proactive security measures ensures the integrity of your data at every step.

• Static Code Scan: Code Integrity from the Start
  • Rigorous code scans directly from developers’ Integrated Development Environments (IDEs).
  • Git configurations are set to block commits upon the detection of any security issues.
• Web Application Security: Continuous Vigilance
  • Regular vulnerability scans of Web applications and API URLs.
  • Integrated into our Continuous Integration/Continuous Deployment (CI/CD) pipeline, triggered with every push to development or staging environments.
• Network Scan: Staging Security Assurance
  • Initial and quarterly network scans in staging to detect and resolve network setup and configuration issues.
• Penetration Testing/ Red Team Testing: Real-World Simulation
  • The security team simulates real-world scenarios, exposing vulnerabilities.
  • Initial and quarterly testing, with additional assessments after major changes.
• Malware Scan: Weekly Vigilance
  • Weekly scans on production app URLs to promptly detect and eliminate malware threats.

Securing Our Intellectual Property: A Multi-Layered Approach

Our dedication to safeguarding intellectual property goes beyond the code. With regular scans for code leakage, static analysis tools, and GitHub hardening practices, we ensure the resilience of our proprietary information.

• Tools and Practices:
  • Scanning for code leakage into public repositories.
  • Utilizing open-source intelligence tools such as SpiderFoot.
  • Implementing CodeQL for static analysis, GitHub Secret Scanning, and Trivy for vulnerability scans in container images.
• GitHub Hardening Practices:
  • Mandatory Multi-Factor Authentication (MFA).
  • Hierarchical team-based access for enhanced security.

Security Considerations: Designing with Security in Mind

Every facet of our platform is designed with security considerations in mind. From secure telemetry collection to encrypted data at rest, we leave no stone unturned in providing a secure environment for your critical business operations.

• Secure Design Principles:
  • All telemetry interfaces use secure channels for communication.
  • vuSmartMaps provides HTTPS-based APIs for a secure graphical user interface and systems integrations.
  • Integration with LDAP/AD systems for authentication and authorization.
• Handling Sensitive Data:
  • Sensitive data is masked in the incoming data using our data streaming pipeline.
  • Disk-level encryption for stored analytics data.
  • User and external credentials are stored internally in an encrypted format.
• Internal Service Communications:
  • SSL-based secure channels for all data movement and API calls between internal microservices.

Security Tests and Compliances: Meeting Industry Standards

Our commitment to security is evident in the rigorous tests our vuSmartMaps platform undergoes. From web application vulnerability assessments to malware scans, we adhere to industry standards, ensuring the highest level of security and compliance.

Comprehensive Tests:

• Web Application Vulnerability Assessment
• Network Vulnerability Assessment
• Secured Code Review
• Penetration Testing
• Security Architecture, Configuration, and Controls Review
• Web Application Malware Scan

Additional Security Measures: Going Beyond Standards

At VuNet, we go the extra mile to fortify your data’s security with additional measures that surpass industry standards.

Employee Training and Awareness: Our Team, Your Assurance

At VuNet, security isn’t just a commitment—it’s ingrained in our team’s culture. Through ongoing training, our employees stay vigilant and updated on the latest threats and industry best practices. This proactive approach equips our team to handle evolving security challenges, ensuring the highest level of data integrity.

From developers crafting secure code to support staff implementing stringent access controls, every team member bears a sense of responsibility for your data’s security. This shared vigilance forms a robust foundation for a secure and trustworthy platform.

Disaster Recovery: Ensuring Continuity

Our platform is equipped with robust mechanisms to enable Disaster Recovery (DC/DR) in the customer’s environment. Your business continuity is our priority, and our disaster recovery features are designed to minimize downtime and ensure uninterrupted operations.

User Access Control: Tailoring Security to Your Needs

The platform utilizes Role-Based Access Control (RBAC), providing a tailored approach to user access management. This ensures that permissions are finely tuned to align with your organizational structure, granting access only where it’s needed and enhancing overall security.

ISO 27001 Compliance: Elevating Our Standards

As part of our relentless pursuit of excellence, VuNet is currently in the process of obtaining ISO 27001 compliance. This internationally recognized standard for information security management systems further underscores our commitment to providing a secure and compliant platform.