Level-4 Software Security
Our applications run on myriad systems with myriad server software. Operating Systems include various flavors of Linux, BSD, Windows. Server Software includes versions and flavors of Apache, IIS, Resin, Tomcat, Postgres, MySQL, MSSQL, Qmail, Sendmail, Proftpd etc etc. We ensure security despite the diverse portfolio of software products we utilize by following a process-oriented approach.
Timely Application of Updates, Bug Fixes and Security Patches - All servers are registered for automatic updates to ensure that they always have the latest security patch installed and that any new vulnerabilities are rectified as soon as possible. The largest number of intrusions result from exploitation of known vulnerabilities, configuration errors, or virus attacks where countermeasures ARE already available. According to CERT, systems and networks are impacted by these events as they have "not consistently" deployed the patches that were released.
We fully understand the requirement for strong patch and update management processes. As operating systems and server software get more complex, each newer release is littered with security holes. Information and updates for new security threats are released on an almost daily basis. We have built consistent, repeatable processes and a reliable auditing and reporting framework which ensures that all our systems are always up-to-date.