Orgvue Application Security

Owned by Paul Coleman
Last updated: 11 Nov 2022

Is an Intrusion Detection service in place for Orgvue?

At the network level, the AWS GuardDuty service is active within the AWS Orgvue environment. AWS GuardDuty is a threat detection service which uses machine learning, anomaly detection and integrated threat intelligence to identify potential threats. GuardDuty spans the entire VPC.

GuardDuty, operates within the AWS cloud analyzing DNS requests, VPC traffic flow and CloudTrail events.

GuardDuty’s functionality is similar to that of a Network IDS and uses a hybrid approach to detection, meaning it analyses traffic for signature matches as well as monitors for deviations from baseline activity.

Is anti-malware / endpoint protection in place on Orgvue employee workstations and company servers?

Orgvue employee workstations and company servers run full antivirus and endpoint protection solutions. These are updated daily with daily scans in place for all workstations.

Are Web Application Firewalls (WAF) implemented?

AWS WAF (Web Application Firewalls) are active for Orgvue.

Does Orgvue support IP Allow-listing / IP Whitelisting?

Orgvue supports the implementation of IP allow-listing to restrict the IP address ranges from which users are able to connect to the application.

How is egress and ingress traffic segmented and protected?

Only Port 443 for HTTPS is open for ingress traffic from the public internet. All Orgvue data is transit is encrypted via (at least) TLS 1.2. TLS 1.3 is also supported and will be automatically selected assuming customer browser support. Several ALB TLS policies are in place carefully mapping the most secure ciphers available.

AWS Security Groups are used to segment egress traffic from Elastic Container Service tasks to the AWS ALB (Application Load Balancer). The same tunnelling strategy is in effect from the ALB upwards to a public security group granting access to Port 443 only.