How your event and engagement data gets encrypted?
webMOBI encrypts your data at rest, including event and engagement information, and other personally identifiable metadata. We use a 256-bit AES encryption in storage and a 256-bit SSL/TLS encryption in transit.
webMOBI is hosted in a Virtual Private Cloud with AWS. AWS follows top IT security standards, including SOC 2 Type II, SOC 3, PCI-DSS certification, and ISO 27001.
Does your organization have a transparent approach to deal with cyber threats?
From the network security perspective - we are hosted on AWS, and we have two firewalls - one Cloudflare WAF and AWS Firewall. Cloudflare is based on IP reputation and will challenge IPs that have shown problematic activity online. The web application firewall stops hack attempts on the site. We will also define rule sets based on the technology stack from the management console. And we are using Dome9 for access to the infrastructure hosted on AWS.
Does your organization have a documented security incident management process, including identification, response, and recovery from security incidents?
Protecting your data is of supreme importance and a relentless focus here at webMOBI.
We use https://aws.amazon.com/inspector/ for compliance of applications deployed on AWS After performing an assessment, and Amazon Inspector produces a detailed list of security findings prioritized by level of severity. These findings are available via the Amazon Inspector console, which is shared with the security administrators weekly. We have various tools, internal and external, that scan systems and reports.
Those reports are collated to identify patterns, and then weekly updates and patches are issued for threats and vulnerabilities. Those are all part of the reports generated via various tools for audited events, as listed in the previous responses, including Dome9, Cloudflare, AWS inspector, and other monitoring services.
We lock down all your administrative services so hackers can't brute force attack (or exploit a vulnerability of) SSH, RDP, and database.
We open those services on demand only for a specific user, service, and time-period and keep track of those via audit log reviews. We are using Amazon Guard Duty for SIEM. More information is available on the link below - https://aws.amazon.com/blogs/security/tag/siem/