Careful planning and well-designed controls and policies need to be in place to safeguard that information flow and protect the systems from malicious data or actors. Endpoints not only need to be secured but the data needs to be sufficiently encrypted to protect it while in transit and at rest. Prevention is the first line of defense while detection and response are essential to minimize any breaches of defense. Finexio has implemented these frameworks and policies to achieve the highest level of network security and monitoring:
Firewalls are utilized to restrict access to systems from external networks and between systems internally. By default, all access is denied, and only explicitly allowed ports and protocols are allowed based on business needs. Each system is assigned to a firewall security group based on the system’s function. Security groups restrict access to only the ports and protocols required for a system’s specific function to mitigate risk.
- Required encrypted HTTPS communication from clients to platform using:
- Military Grade Encryption: RSA 2048 bits keys - Supports TLS 1.2 or 1.3 - SHA-256 - HTTP Strict Transport Security (HSTS)
- Routine monitoring of firewall and IDS logs and configurations
- Routine review of user access to the production environment
- Regular Vulnerability Scanning - provides comprehensive and accurate results to proactively identify and remediate potential areas of attack and reduce risk
- Incident Response - for security event logging, orchestration, and response along with Intrusion Detection and Prevention
Our infrastructure guards us against common exploits done by common attacks, such as DDoS, Spoofing and Sniffing, and Port Scanning. Finexio utilizes application isolation, operating system hardening restrictions, and encrypted connections to further ensure risk is mitigated at all levels.