Skip to content

Security

Accops HySecure provides a secure way for clients to connect to the different resources of an organization. In order to do so HySecure itself needs to be secure. There is a set of inbuilt security features and various compliances which are adhered to. A comprehensive list of the same is described here.

However, if the customer has any specific requirements in terms of compliance which needs to be adhered to, these requirements can be taken up on a case-to-case basis, by connecting to the support team.

System Security

  1. For on-premise solutions, HySecure is delivered as a part of an ISO image of a security hardened Linux based distribution derived from CentOS. The hardening is based on bank grade security standards and industry best practices.

  2. All passwords are maintained in an encrypted form.

  3. Regular and stringent vulnerability assessments and penetration testing of HySecure is done based on OWASP Top 10 standards and industry best practices.

  4. External third-party VA/PT reviews are conducted frequently.

  5. Customizable TLS 1.2 cipher is set, which can be further hardened based on the organization's requirements and standards.

Audit Security

  1. Detailed activity logs to track changes made by priviledged users.

  2. Configuration of email notifications for sensitive events such as: - Users' First Login - User Login (For Critical Users) - User Logout - Account Lockout - Application Access - Access Control Expiry - New Device Registrations

  3. In-built SIEM product - Accops Reporting Server; to provide analysis, reporting and visualization of security anomalies.

  4. Integration with existing syslog servers to dump activity/event logs.

  5. Security Hotfixes & Patches released on the website and regular notifications are sent to the customers via email.

Authentication Support

  1. Wide range of authentication mechanisms, including support for Active Directory, LDAPS, Radius, SAML.

  2. Mandatory certificate-based login mechanism for privileged users for added security.

Additional Support

  1. Ability to screen a wide range of parameters like WAN IP, Geo Location, Device Details, etc. and create access policies to allow/disallow access to resources.

  2. Support for customized password policies (for local native users) to be in line with the organization's internal policy.

  3. Provision to automatically disable dormant accounts based on pre-configured rules.

  4. Merge users with similar access requirements to a specific user group. Ability to apply policies that affect the group instead of setting up individual policies for each user.

  5. Customize web access portal's key sections like logos, title and other potentially identifiable information with the aim to obfuscate such details.