Cyber Security Overview
Information Security Program Overview Wirepath Home Systems
Data center & network security
Facilites - SnapAV servers are hosted at Tier IV or III+, SSAE-16, PCI DSS, or ISO 27001 compliant facilities. Data center facilities are powered by redundant power, each with UPS and backup generators.
On-site Security - Our data center facilities feature a secured perimeter with multi-level security zones, CCTV video surveillance, physical locks, and security breach alarms.
Monitoring - Production network systems, networked devices, and circuits are continuously monitored and logically administered by staff. Physical security, power, and internet connectivity for cloud provided services are proactively managed and monitored by the managed services providers. On a routine basis, we evaluate cloud provider compliance and SOC compliance audits.
Dedicated Security Team - Our Security Team is on call 24/7 to respond to security alerts and events.
Protection - Our network is protected by redundant firewalls, secure HTTPS transport over public networks, regular audits, and network Intrusion Detection and/or Prevention technologies (IDS/IPS), which monitor and/or block malicious traffic and network attacks. For internal networks, we leverage IEEE standard 802.1x for wired and wireless network authentication methods.
Architecture - Our network security architecture consists of multiple security zones. More sensitive systems, like database servers, are protected in our most trusted zones. Other systems are housed in zones commensurate with their sensitivity, depending on function, information classification, and risk. Depending on the zone, additional security monitoring and access controls will apply. DMZs are utilized between the Internet, and internally between the different zones of trust.
Network Vulnerability Scanning - We leverage network security scanning that provides deep insight and quick identification of out-of-compliance or potentially vulnerable systems.
Threat Intelligence Program - SnapAV participates in threat intelligence sharing programs. We monitor threats posted to these threat intelligence networks and proactively take action based on our risk and exposure.
Security Incident Response - In case of a system alert, events are escalated to our 24/7 Incident Response Team, who are trained on security incident response processes, including communication channels and escalation paths.
Penetration Testing - We conduct annual third-party penetration tests along with quarterly internal penetration tests.
Encryption in Transit - Communications between you and SnapAV Support and Chat servers are encrypted via industry best-practices HTTPS and Transport Layer Security (TLS) over public networks. TLS is also supported for encryption of emails.
Encryption at Rest - All customers of SnapAV Support and Chat benefit from the protections of encryption at rest for offsite storage of attachments and full daily backups. Should Support customers desire to have their primary and secondary Disaster Recovery (DR) data-stores encrypted at rest, this is available for purchase via the Advanced Security add-on. Guarantees of encryption of Chat Service Data at rest are also available for purchase.
Availability & Continuity
Uptime - SnapAV maintains a system-status log which includes system availability details, scheduled maintenance, service incident history, and relevant security events.
Redundancy - SnapAV employs service clustering and network redundancies to eliminate single points of failure. Our strict backup regime ensures Service Data is actively replicated across primary and secondary DR systems and facilities. Our co-location databases are stored on efficient Flash Memory devices with multiple servers per database cluster.
Disaster Recovery - Our Disaster Recovery (DR) program ensures that services remain available, and in the event of a disaster are recoverable to ensure smooth operations with minimal downtime. We have formal disaster recovery plans that are maintained and kept current as our environments expand and grow.
Email & End-point Protection
Email Protection - We leverage next generation email protection. Our solution is AI and machine learning based and has an event detection and response team that provides oversight 24/7/365. Our solution ensures that embedded links and attachments are valid and secure. In addition, our solution guards against impersonation and phishing attempts. We also leverage data loss prevention methods to ensure private information is blocked or striped from email correspondence.
End-Point Protection - We leverage next generation end-point protection on laptops, Mac, and servers. This next-gen solution is cloud-based and operates 24/7/365 to protect against malware and other threats. Our solution proactively identifies unauthorized systems and applications, and alerts in real-time on the use of privileged credentials. The platform identifies attacks and stops breaches 24/7 with a team of experts that proactively hunt, investigate, and advise on threat activity in our environment.
Software Scanning/External Reviews - Static code scans are routinely performed, and external source code reviews are conducted on a regular basis to look for and remediate potential vulnerabilities.
IP-Based Products - We conduct periodic cybersecurity-based vulnerability tests of our IP-based products. These are performed by an independent third-party cybersecurity company.
Employee Awareness & Training
Awareness Program - Our cybersecurity team conducts routine awareness communications to all employees throughout the year. Updates on cybersecurity programs and employee best practices are shared via employee communication programs sponsored by our cybersecurity team.
Information Security Policy - Our cybersecurity and risk management teams maintain a comprehensive set of cyber and information risk management policies that are communicated, monitored, and audited routinely. We also require employee attestation regarding the information security policy on an annual basis.
Learning Program - Our cybersecurity team put together a comprehensive information risk management learning program. This online training program is available to employees 24/7. Employees are required to take key modules each year. Our cybersecurity team spotlights modules throughout the year in company newsletters and shares current insights into the world of cybersecurity, to focus on what each employee can do to protect our company and our customers.