
Standard to our third-party support, Spinnaker Support delivers a Seven-Point Security Solution based around the core concepts of Discover, Harden, and Protect for your data and critical system security.
We treat every reported incident with the seriousness it deserves, and we respond to every ticket within minutes. Our global security team actively advises on security concerns and monitors and reports on actionable vulnerabilities.
That’s why, in a recent Satisfaction Survey, 98% of customers who cited security as an issue reported that their security level was the same or improved after moving to Spinnaker Support.
Nous proposons une approche de la sécurité fondée sur une défense en profondeur, avec plusieurs couches.
Ainsi nous ciblons la catégorie de vulnérabilités (Common Weakness Enumeration, CWE) au lieu de rechercher d’anciennes menaces individuelles ou des failles et vulnérabilités communes (Common Vulnerabilities and Exposures, CVE), ou de tenter de prévoir les CVE à venir. La gestion des vulnérabilités individuelles est contreproductive. Nombre d‘entre elles sont actives mais n‘ont pas encore été découvertes et les autres sont encore là car les correctifs n‘ont pas fonctionné.
Notre approche proactive garantit l‘avenir de la sécurité de nos environnements.
We use hardening techniques and compensating controls to ensure your systems can pass penetration testing and audits. This comes standard with our third-party support. Using CIS & STIG Benchmarks, we guarantee you a more secure environment.
- Discover & Harden
- Security Incident Response
- Threat Intelligence
-
1. Évaluation des risques personnalisée
An audit and risk review for your systems, including reports with recommendations on configurations, encryptions, access management, and best practices and guidelines. This feeds into Attack Surface Reduction.
-
2. Réduction de la surface d’attaque
We advise on how to properly configure and harden applications, operating systems, servers, databases, and networks.
-
3. Compliance Audit Support
Consultative services designed to adjust your audit controls in order to be in compliance with attestations such as SOC2, HIPAA, GDPR, and PCI.
-
4. Vulnerability Support
Submit a ticket at any time for security-related activities and to address vulnerabilities. We use compensating controls (external to application code) to mitigate security risk.
-
5. Bibliothèque de ressources de sécurité
Includes white papers and solution briefs on a wide range of topics related to security that we can share with any of our customers.
-
6. Proactive Security Tooling
A portfolio of security products designed to implement the Spinnaker Security Philosophy across a range of Oracle products.
-
7. Risk Assessment Bulletin
We monitor Oracle CVEs and publish periodic email bulletins for customers. These include CVE descriptions and offer best practice recommendations.
The Reality of Software Patching | Our Response on Patching | |
---|---|---|
CALENDRIER | Patches are not timely (can be months or years late). | Virtual patching tools and proactive monitoring provide near-immediate protection. |
SPECIFICITY | Les correctifs sont de type universel et peuvent s’avérer problématiques pour les personnalisations. | You should only have to receive the fixes you need. |
VERSIONS | Patches may not be available for older versions and applications. | By addressing issues at the infrastructure level, you protect the entire stack, regardless of app versions. |
TESTING | Les correctifs nécessitent un temps précieux pour les tests et l’installation. | For CVEs, methods such as virtual patching save valuable time by cutting short testing and installation. |
APPLICATION | Many organizations do not patch or patch regularly due to operational constraints. | Organizations must remain vigilant for CVEs and not rely on patches that may not actually solve the issue. |
