Security & Compliance

The WHOA.com Firewall is a standard security feature included on all of our cloud solutions.

To provide our clients a secure cloud, we offer two network firewall options as part of our layered approach to security to provide protection for our networks against all threats. Edge is our standard firewall and we offer a Premium Firewall option as well.  With both, exploits are easily detected and prevented using a combination of antivirus, anti-spyware, and vulnerability protection – all provided by WHOA Perimeter Firewall.

Our Firewalls use advanced detection mechanisms including a signature-based approach, which is an Intrusion prevention and Antivirus approach, and also a Layer 7 protocol analysis-based approach, we also provide proactive 24 x 7 updates on threats to enable a safe cloud environment and protect your mission critical applications.

Web-application firewalls (WAF) filter and block nonessential traffic at the application layer.

Used in conjunction with a network-based firewall, a properly configured web-application firewall prevents application-layer attacks if applications are improperly coded or configured. This can be achieved through a combination of technology and process. Process-based solutions must have mechanisms that facilitate timely responses to alerts in order to meet the intent of this requirement, which is to prevent attacks.

Accelerate Compliance with File Integrity Monitoring.

The increasing incidence of data breaches has led to the creation of numerous regulatory standards such as PCI-DSS. These standards call for companies to adopt security best practices, including the need to monitor all types of changes made to server configurations.  Although some of these configuration changes have no significant impact on systems, a few unexpected changes could turn out to be a security risk. This could also lead to non-compliance.  This is where the requirement of a File Integrity Monitoring tool, also known as change audit, monitors files of all types and identifies changes in these files that can potentially put your sensitive data at risk. Files monitored include configuration files, executables, registry files, file and directory indexes, permissions, and tables.

File integrity monitoring (FIM) is an internal control or process that performs the act of validating the integrity of operating system and application software files using a verification method between the current file state and a known, good baseline. This comparison method often involves calculating a known cryptographic checksum of the file’s original baseline and comparing with the calculated checksum of the current state of the file.

WHOA.com’s ASV Scan Solution allows companies of all sizes to quickly and pragmatically steer their organization towards PCI compliance.

WHOA.com’s fully featured and highly configurable vulnerability scanning solution provides ASV (Approved Scanning Vendor) scans as recognized by PCI Council that helps enterprises, payment gateways, and e-commerce merchants quickly achieve PCI scan compliance. Whoa will provide through a monthly report on the selected amount of vulnerability scans (By default up to 5 IPs). After every PCI scan you’ll receive detailed executive and technical audit reports summarizing security holes that were found on the target network. These areas of non-compliance are accompanied by expert, cross-referenced, remediation advice that help resolve the specific issue in the most effective manner possible. After a successful PCI scan (no vulnerabilities with a CVSS base score greater than 4.0), compliance managers are provided with an official PCI Scan Compliant report that can be submitted to acquiring institutions to meet ongoing compliance requirements.

The WHOA.com Threat Observation Platform^TM

A one-of-a-kind tool designed for our Secure Cloud customers providing you with visibility and transparency into your cloud security.

We start at the top of your cloud, with an added layer of dynamic, in-depth intrusion detection… and more importantly… intrusion prevention services.

Our intuitive platform monitors threat severity, displays the total number of threats blocked, and shows you where threats originated, by country and IP address.

Fortify your cybersecurity today with WHOA.com’s advanced security features.

Password Management is the Key to a Compliant Solution.

One of the great challenges that companies face are managing passwords, especially when there is the growing business need to have remote users as well as use SaaS applications to run a business that’s setup on the cloud used to maintain sensitive confidential information.

Although passwords are used as a safety measure to protect access to accounts, they can be mismanaged and thereby needing extra security to protect against cyberattacks. Password-related breaches are the leading cause of data loss for organizations. While passwords may not disappear, it’s clear that companies of all sizes need to go beyond passwords to secure their end users’ access to business applications and systems. This need is only getting more urgent as companies increasingly adopt cloud applications and have to manage more user-identities logging in from multiple devices.

What is Network Penetration Testing?

Penetration testing, or pen-test, is an attempt to evaluate the security of an IT infrastructure by safely trying to exploit vulnerabilities. These vulnerabilities may exist in operating systems, services and application flaws, improper configurations or risky end-user behavior. Such assessments are also useful in validating the efficacy of defensive mechanisms, as well as, end-user adherence to security policies.

Penetration tests are typically performed using manual or automated technologies to systematically compromise servers, endpoints, web applications, wireless networks, network devices, mobile devices and other potential points of exposure. Once vulnerabilities have been successfully exploited on a particular system, testers may attempt to use the compromised system to launch subsequent exploits at other internal resources – specifically by trying to incrementally achieve higher levels of security clearance and deeper access to electronic assets and information via privilege escalation.