In order to preserve the integrity of data that FlowTrack stores, processes, or transmits for Customers, FlowTrack implements strong intrusion detection tools and policies to proactively track and retroactively investigate unauthorized access. This include threat detection and prevention at both the network and host level, as well as threat intelligence monitoring.
FlowTrack policy requires that:
(a) All critical systems, assets and environments must implement realtime threat detection or prevention.
All end-user workstations and production systems must have antivirus running. The default anti-malware solution used is Carbon Black PSC. The anti-malware solution will include protection against malicious mobile code.
Detected malware is evaluated and removed following the established incident response process.
All systems are to only be used for FlowTrack business needs.
Firewall protection is implemented at the following layers
Network - including Network ACL and Segmented using Security Groups in the VPC's.
Host - local firewalls are enabled on the user endpoints. Compute and database instances in AWS are protected by Security Groups)
Application - web application firewall (WAF) and content distribution are configured at the application layer to protect against common web application attacks such as cross site scripting and injection and denial-of-service attacks.
FlowTrack implemented a real-time threat detection solution by monitoring AWS Cloudtrail events and/or VPC flow logs.
Additional monitoring is provided by our infrastructure service provider AWS.
Host based intrusion detection is supported via one of the following:
On Windows and macOS systems: AWS Inspector and TrendMicro Workload Security agents for malware detection and behavior-based endpoint threat detection.
On Linux servers: AWS Inspector and TrendMicro Workload Security agents for activity monitoring, vulnerability scanning, and threat detection. This includes all virtual instances running in the cloud environment.
leverages AWS Services to protect web applications against common attacks such as SQL injection, cross-site scripting, and denial-of-service (DoS/DDoS) attacks. The services used include AWS Shield, WAF, Cloudfront, and/or API Gateway.
Security events and alerts are aggregated to and correlated by one or both of the following solutions:
FlowTrack Security team is subscribed to recieve alerts on health industry Threat Intelligence from the National Health Information Sharing and Analysis Center (NH-ISAC).
FlowTrack recieves alerts about current security issues, vulnerabilities, and exploits from the Cybersecurity and Infrastructure Security Agency (CISA).
Additional intelligence feeds are received automatically through some of the 3rd party security solutions that have been implemented on the networks and/or endpoints. The data gathered through these external intel feeds is automatically used by the security solutions to analyze events and generate alerts.
Regulatory Requirements Updates
The Security and Privacy Officer actively monitors the regulatory compliance landscape for updates to regulations such as HIPAA, PCI and GDPR.
Fincosa LLC, 220 Calle Manuel Domenech #2012, San Juan, PR, 00918, USA