eSuite provides access to invaluable data that can help better manage security applications.
Security and life safety systems are a critical need for today’s businesses no matter the business size or complexity of needs.
But in order to get the most out of your security and life safety investment, you need a comprehensive account management tool, especially as your number of locations grow. Imagine trying to manage hundreds or even thousands of locations’ security data without a robust exception-based data management solution. Protection 1’s eSuite and security data management portal gives the end-user the tools to manage, view and analyze site activity to help get the most from their security investment and improve the security program over time. eSuite allows customers to view data, including open/close schedules and reports, details of alarm tests, incidents and alarms, change open/close schedules or request a service call.
With the introduction of eSuite, the application also now has key new features that can be used with mobile devices such as view and edit location contacts, place burglar alarm panels on test and remove them from test and create temporary schedules for each site.
While eSuite provides access to invaluable data that can help better manage security applications as well help to improve overall business processes, it also is a warehouse for sensitive information. Cyber-attacks are one of the greatest threats facing businesses today. Hardly a day goes by that there is not a report of another company suffering at the hands of hackers breaching their networks and stealing sensitive customer or personal data.
So how does Protection 1 protect its customers who use the eSuite application to manage their security operations?
To begin with, all internal servers receive regular software updates and sit behind layers of security in Protection 1’s data center. The company uses third-party certified scanning vendors to scan web applications on a daily basis to ensure the site is secure and any vulnerabilities or identification of malware are eliminated and remedied immediately. As part of that process, Protection 1 uses the Qualys SECURE Seal application which allows it to continuously scan the eSuite website for the presence of malware, network and web application vulnerabilities, as well as SSL certificate validation. Passing these comprehensive security scans demonstrates that we maintain a rigorous and proactive security program.
Protection 1 also blocks direct access to the application servers and uses industry standards and best practices in the development of the application code. It also adheres to the process of scanning for the Open Web Application Security Project’s (OWASP) top risks to prevent SQL-injection, such as:
- Malicious SQL statements inserted into an entry field for execution.
- Cross-site scripting (XSS), a security breach that takes advantage of dynamically generated web pages.
- Cross-site request forgery (CSRF), also known as one-click attack, that constitutes a malicious exploit of a website where unauthorized commands are transmitted from a user that the website trusts.
Further safeguards that are built into eSuite include:
- The expiration of sessions after 30 minutes of inactivity, requiring the user to re-enter his or her credentials in order to access the data.
- Validating new eSuite users’ email addresses by clicking a link provided in an email that’s sent when the user account is first set up.
- A two-step authentication process that requires the user to set up three security questions, one of which is required along with a password whenever the user logs on. The user can choose to bypass the security question for a specific computer after it has been answered the first time.
- Locking out users after incorrectly entering their login, password, or security question answer three times. That user must then call Protection1 customer service to unlock the account.
- Passwords and security question answers that are securely encrypted before being stored, using a one- way algorithm that does not allow decryption.
These are just a few of the steps that Protection 1 takes to ensure that its eSuite data management tool and associated web portal are secure and protected. Providing peace of mind through the use of technology is one of the company’s primary missions, and extends to both products installed at customer sites and the services it offers.
QUALYS SECURE logo
Protection 1’s eSuite and security data management portal gives the end-user the tools to manage, view and analyze site activity to help get the most from their security investment and improve the security program over time.