Our network security and monitoring techniques are designed to deliver multiple layers of protection and defence. We use firewalls to block our network from unapproved access and undesirable traffic. Our systems are segmented into separate networks to secure sensitive data. Systems supporting testing and development activities are hosted in a separate network from systems supporting Agenter books production infrastructure.
All the components of our platform are redundant. We utilize a distributed grid architecture to shield our system and services from the effects of possible server failures. If there's a server failure, users can carry on as usual because their data and Agenter books services will still be available to them. We additionally utilize multiple switches, routers, and security gateways to ensure device-level redundancy. This prevents single-point failures in the internal network.
We utilize technologies from well-established and trustworthy service donors to block DDoS attacks on our servers. These technologies offer multiple DDoS mitigation capabilities to block disruptions caused by bad traffic while allowing good traffic through. This retains our websites, applications, and APIs highly available and performing.
All servers provisioned for development and testing activities are hardened (by disabling new ports and accounts, deleting default passwords, etc.). The base Operating System (OS) image has server hardening built into it, and this OS image is provisioned in the servers, to make sure consistency across servers.
Our intrusion recognition mechanism takes note of host-based signals on individual devices and network-based signals from monitoring points within our servers. Administrative access, use of confidential commands, and system calls on all servers in our production network are logged. Rules and machine intelligence built on top of this data give security engineers warnings of probable incidents. At the application layer, we have our proprietary WAF which works on both whitelist and blacklist rules.
Every change and the new feature are governed by a change management policy to ensure all application changes are authorized before implementation into production. Our Software Development Life Cycle (SDLC) mandates adherence to highly secure coding guidelines, as well as the screening of code changes for potential security issues with our code analyser tools, vulnerability scanners, and manual review processes. Our robust security framework based on OWASP standards, applied in the application layer, gives functionalities to mitigate threats such as SQL injection, Cross-site scripting and application layer DOS attacks.
Our framework distributes and keeps up the cloud space for our customers. Each customer's service data is logically divided from other customers' data using a set of secure protocols in the framework. This ensures that no customer's service data becomes approachable to another customer. The service data is saved on our servers when you use our services. Your data is owned by you, and not by Agenter books. We will not reveal this data with any third party without your consent.
In transit: All customer data transmitted to our servers over public networks are secured using strong encryption protocols. We mandate all connections to our servers utilized Transport Layer Security (TLS 1.2/1.3) encryption with strong ciphers, for all connections including web access,API access,our mobile apps, and IMAP/POP/SMTP email client access. This make sure a secure connection by allowing the authentication of both parties involved in the connection, and by encrypting data to be transferred. furthermore, for email, our services leverage opportunistic TLS by default. TLS encrypts and delivers email securely, mitigating eavesdropping between mail servers where peer services support this protocol.
We hold the data in your account as long as you choose to use Agenter Books Services. Once you terminate your Agenter Books user account, your data will get removed from the active database during the next clean-up that occurs once every 6 months. The data removed from the active database will be deleted from backups after 3 months. In case of your unpaid account being inactive for a continuous period of 120 days, we will terminate it after giving you prior notice and the option to back-up your data.
AgenterBooks offers a single sign-on (SSO) that lets users access multiple services using the same sign-in page and authentication credentials. When you sign in to any Agenter Books service, it happens only through our integrated Identity and Access Management (IAM) service. We also support SAML for single sign-on that makes it possible for customers to integrate their company's identity provider like LDAP,ADFS when they login to Agenter Books services. SSO simplifies login process,ensures compliance, gives effective access control and reporting, and reduces the risk of password fatigue, and hence weak passwords.
It gives an extra layer of security by demanding an extra verification that the user must possess, in addition to the password. This can greatly reduce the risk of unapproved access if a user’s password is compromised. You can configure multi-factor authentication using Agenter Books One-Auth. Currently, various modes like biometric Touch ID or Face ID, Push Notification, QR code, and Time-based OTP are supported.
We employ technical access controls and internal policies to prohibit employees from randomly accessing user data. We adhere to the principles of least privilege and role-based permissions to decrease the risk of data exposure. Access to production environments is maintained by a central directory and verified using a combination of secure passwords, two-factor authentication, and passphrase-protected SSH keys. Moreover, we facilitate such access through a separate network with stricter rules and hardened devices. Furthermore, we log all the operations and audit them periodically.
We monitor and analyse information collected from services, internal traffic in our network, and usage of devices and terminals. We document this information in the form of event logs, audit logs, fault logs, administrator logs, and operator logs. These logs are automatically observed and analyzed to a reasonable extent that helps us identify anomalies such as unusual activity in employees’ accounts or attempts to access customer data. We store these logs in a protected server isolated from full system access, to manage access control centrally and make sure availability.
We have a dedicated vulnerability management process that actively scans for security risks utilizing a combination of certified third-party scanning tools and in-house tools, and with automated and manual penetration testing efforts. Moreover, our security team actively reviews inbound security reports and obsess public mailing lists, blog posts, and wikis to spot security incidents that may influence the company’s infrastructure.
We scan all user files utilizing our automated scanning system that’s designed to stop malware from being spread through Agenter Books ecosystem. Our custom anti-malware engine receives daily updates from external threat intelligence sources and scans files against blacklisted signatures and malicious patterns. Additionally, our proprietary detection engine bundled with machine learning techniques, Makes sure customer data is protected from malware.
We run incremental backups daily and weekly full backups of our databases using Agenter Books Admin Console (AC) for Agenter Books DCs. Backup data in DC is kept in the same location and encrypted using the AES-256 bit algorithm. We keep them in tar.gz format. All backed up data are retained for three months. If a customer asks for data recovery within the retention period, we will restore their data and allow secure access to it. The timeline for data restoration relies on the size of the data and the complexity involved.
We scan all user files using our automated scanning system that’s designed to stop malware from being spread through Agenter Books ecosystem. Our custom anti-malware engine receives daily updates from external threat intelligence sources and scans files against blacklisted signatures and malicious patterns. Additionally, our proprietary detection engine bundled with machine learning techniques, makes sure customer data is secured from malware.
We have a dedicated incident management team. We alert you of the incidents in our environment that apply to you, along with suitable actions that you may require to take. We track and close the incidents with proper corrective actions. Whenever applicable, we will identify, collect, acquire and deliver you with necessary evidence in the form of application and audit logs regarding incidents that apply to you. Furthermore, we implement controls to avoid the recurrence of similar situations.
It gives an additional layer of security by demanding an extra verification that the user must possess, in addition to the password. This can greatly decrease the risk of unauthorized access if a user’s password is compromised. You can configure multi-factor authentication using Agenter Books One-Auth. Currently, various modes like biometric Touch ID or Face ID, Push Notification, QR code, and Time-based OTP are supported.
A vulnerability reporting program in "Bug Bounty", to reach the community of researchers, is in place, which perceives and rewards the work of security researchers. We are committed to working with the community to verify, reproduce, respond to, legitimate, and execute appropriate solutions for the reported vulnerabilities.
If you happen to find any, please submit the issues at firstname.lastname@example.org .
We assess and qualify our vendors based on our vendor management policy. We onboard new vendors after understanding their processes for providing us servic and performing risk assessments. We take appropriate steps to make sure our security stance is kept up by establishing agreements that require the vendors to adhere to confidentiality, availability, and integrity commitments we have made to our customers. We find the effective operation of the organization’s process and security measures by conducting periodic reviews of their controls.
So far, we have discussed what we do to offer security on diverse fronts to our customers. Here are the things that you as a customer can do to make sure security from your end:
"AgenterBooks gives me the peace of mind that my bookkeeping is done correctly so that I can focus on growing my business."
"AgenterBooks was the missing piece of the puzzle. A reliable bookkeeper with a simple, elegant system, at a consistent monthly price. "
FARHAN UMER BUSINESS MAN
"AgenterBooks helps keep my business finances crystal clear. No more guessing, no more fumbling around in Excel sheets."
VEENA PRABHAKAR ENTREPRENEUR