The security technologies at Teleperformance include technologies from Cisco and CA. We use PIX firewalls and IDS and IPS technologies from Cisco. Token based 2 factor authentication from RSA. From CA we use AntiVirus, PestPatrol, Vulnerability Manager, Security Content Manager, Access Control, Network Forensics and Security Command Center. Below is a brief summary of function each of these solutions provides:
Cisco Pix firewalls, IDS and IPS technologies are utilized at Teleperformance to protect the perimeter of our networks and client connections. Cisco Works is also used in the management of these technologies and provides integration into our security logging system and Security Command Center from CA. Perimeter firewalls are configured in a high availability model.
RSA 2 factor authentication tokens are used in the authentication process by IT system administrators, network administrators and any individual who remotely accesses confidential data. The authentication challenge is 2 factor and includes username and password and RSA authentication tokens. CA eTrust Anti-Virus is used at all desktops and servers. This technology is centrally managed, contains two different scanning engines. The signatures are updated on a daily basis. All viruses are cured and removed upon detection. CA eTrust PestPatrol spyware technology is used on all desktops and servers. This technology is managed centrally using the same console as eTrust Anti-Virus. The spyware signatures are updated on a daily basis. All detected spyware is removed upon detection. CA eTrust Secure Content Manager provides content protection at our network edge. This technology is used for multiple purposes included SMTP SPAM prevention, SMTP anti-virus prevention, SMTP inbound and outbound content confidentiality protection, HTTP web filtering and HTTP mobile code download protection. CA eTrust Vulnerability Manager is used in our risk management program. Vulnerability Manager is an asset centric solution that correlates all assets in our organization with know published vulnerabilities. This technology enables us to discover vulnerable systems and remediate the risk prior to the vulnerability becoming compromised. CA eTrust Access Control is used to provide host based Intrusion Prevention, Operating System Hardening, and Host based Firewall protection on our servers. We utilize Access Control on our systems that store confidential information. The capabilities of Access Control extend beyond the functionality of the native operating system and allow us to further harden the access controls of the confidential data and applications. CA eTrust Network Forensics provides us the ability to capture, analyze and investigate any data source traversing the network. We leverage Network Forensics to identify root cause of performance issues, fraudulent activity and to identify abnormalities in traffic patters before they present a problem. CA eTrust Security Command Center is our central command and control for all security activity. The Security Command Center is our “SOC” or Security Command Center. We leverage the Security Command Center to adhere to the ISO 27001 process of managing security events. The Security Command Center is the log parsing and correlation engine for all of security technologies and logging sources including all Cisco security and network equipment, all eTrust technology, all operating systems and various other logging sources. The Security Command Center provides us geographic representation of our entire organization with drill down capabilities into regions, customers environment etc. The security status condition is represented by color indicating the severity of item. This solution provides real time correlation, event notification and service desk ticket generation capabilities.
|