AWN CyberSOC provides the highest level of SOC-as-a-service by optimizing the integration of machine and human intelligence. The service combines people, process and technology to deliver an enterprise-class CyberSOC in minutes. Each customer is assigned a security engineer, who becomes intimately familiar with the company’s business and operational requirements. The security engineer analyzes logs, weeds through alerts to eliminate false positives, and conducts necessary security forensics to definitively identify any breach or attack. The AWN cloud, with its proprietary SIEM, expedites the process using its advanced machine learning capabilities and automated user behavioral analytics, and integrates data from external threat feeds to proactively identify suspicious behavior.
We Obsess Over Data Protection
Protection of customer information is a crucial element of our business model. It is integrated into our culture in the form of policy and procedure formalizations and supporting controls. To enable our customers to comply with regulatory and standards requirements, we architect production environment and support systems using a secure cloud-computing model. To ensure our secure architecture operates according to performance and security specifications, we have implemented an Information Security and Compliance Program using ISO 27001 and Trust Services Principles as the foundation for our governance, risk and controls program.
How We Protect Your Data
Commitment to Competence
AWN management defines competence as the knowledge and skills necessary to accomplish tasks that define the individual’s job. Commitment to competence starts at the hiring process where potential candidate qualifications are assessed by management and subject matter experts to determine proper job fit, requiring individual training requirements to maintain knowledge relevant to the dynamics of the business, a culture of empowerment and collaboration and lastly, coaching/mentoring practices to ensure achievement of performance goals.
HR Policies and Practices
AWN’s worker (employees and contractors) onboarding program provides workers with education and resources to make informed business decisions and act on their decisions with integrity. Training and awareness is provided to full-time workers and third parties on a periodic basis to educate them on applicable policies, standards and information security practices.
AWN workers are accountable for understanding and adhering to the guidance contained in the Acceptable Use and Security Awareness policies.
For US and Canadian citizens, background checks are required before full-time workers are granted access to production systems and information. Background checks at AWN are performed at the time of joining as a condition of employment.
Assignment of Authority and Responsibility
A governance structure for information security within AWN is established and maintained. Key responsibility of the information security governance structure is to identify and manage risks (threats and vulnerabilities) to the organization, as administered and maintained by the Information Security Officer in partnership with the subject matter experts from various departments. Team members are assigned to implement and maintain the information security program and made aware of their duties and responsibilities. These employees have the appropriate skills and qualifications necessary to manage the information security program.
AWN follows an established approach to risk management and conducts an annual corporate-wide risk assessment, led by the ISO. The risk assessment is established to monitor, manage and mitigate strategic, operational, financial, legal and compliance risks, including those related to security and availability of the platform. The risk assessment process identifies and prioritizes risks based on impact, likelihood and vulnerability.
All AWN staff and contingent staff are accountable for understanding and adhering to the guidance contained in the AWN set of Information Security Policies. Policies address areas including asset classification, risk assessment, access control, change control and acceptance, incident response, exceptions, training, and where to go for additional information. Policies are available on the company intranet.
Security and Incident Communication
AWN uses its own product service—as such, several internal sensors are implemented in the production and internal environments—coupled with an established incident response procedure for comprehensive monitoring, analysis and reporting. Incidents are reported to IT where an incident ticket is opened. The ticket escalates to the Computer Security Incident Response Team so that events and incidents can be resolved in a timely manner.
Access and Identity Access Management
AWN utilizes primarily multi-factor identity access management tools used by IT and production support service teams to manage their respective infrastructure and services.
Okta is used for identity management for the majority of the software-as-a-service tools that support the AWN platform. Individuals are assigned application access using the tool based on their roles and responsibilities.
Access to the production is controlled via secure VPN tunnel, and an SSH to the bastion hosts is required to access nodes in the production environment. Further access to the production nodes are handled via AWS’s identity access management (IAM) tool. Within the tool, unique accounts are created for individuals, and shared / service accounts are created for recurring business purposes. Access within IAM is restricted using permissions or policies that are either internally managed or customized for the specific account.
Shared and Service Accounts
Shared and service accounts are managed using an enterprise security password generator service, and access to the service is restricted to authorized personnel. Passwords and other certificates are rotated on a periodic basis.
New User or Modification of User Access
The process to request and approve new access is initiated by HR (or any worker) via a Jira ticket, which is routed to the internal accounts management team. Access to the production environment is limited to authorized personnel only.
Termination Access Removal
When individuals leave the company, AWN HR initiates a Jira ticket to the internal account management team where the account is disabled without undue delay. The team follows a checklist in order to disable all accounts and access within the environment. Terminated accounts are deleted from the system after 45 days.
Periodic User Access Review
A manual user access review is performed by technology management on a periodic basis for access to the production environment. This review includes the assessment of custom AWS IAM policies and permissions. Periodic review of user access to Okta and in-scope applications is performed by the internal account management team.
R&D Access to Production
R&D has access to the production environment as part of the continuous deployment practice. Access is controlled via SSH login to the bastion host, which is monitored by an internal sensor. Login events are visible to the assigned internal CSE for detection of anomalous activities.
Employees can log into AWN internal systems using Okta and all cloud-based application are integrated with Okta. Password requirements are managed through both the LDAP and Okta tool.
AWN implements appropriate endpoint protection and technology management to administer security policies and configurations.
Data transmission (Encryption)
Based on the customer’s data connection request, the encrypted connection is configured through the AWN network between the customer and the desired AWN application and support platform. AWN uses Secure Sockets Layer (SSL) security protocols for transmitting data over unsecured networks.
Customer content is stored and processed on AWS databases, which are segregated via logical indices.
Data at rest (Encryption)
AWN has a data encryption policy that protects customer data at rest using AWS S3 encryption.
AWN’s production network is entirely run in Amazon Web Services. VPCs with private and public subnets are used, with the vast majority of EC2 instances running in the private subnets. NACLs are used where applicable, and restrictive Security Groups are applied to each EC2 instance and AWS resource (where applicable).
Sensors running in the customer’s network connect to the AWN production network using VPN tunnels. Further restrictions are placed on the VPN servers to ensure the sensors can only contact the required services in the AWN production network, using a combination of filter rules, NAT and non-routable networks.
Software development lifecycle (SDLC Process)
AWN follows an agile and continuous deployment model for software development. Sprints are performed on a regular basis, and project design documents that establish requirements for product releases are documented and retained.
Regulatory and Compliance Standards
AWN Is SOC 2 Type II Certified