SAVANTURE offers service providers a complete portfolio of security solutions to drive revenue for your business. We also back our industry-leading security with a dedicated team of experts, a global presence, and can be flexible to meet your unique business model and can accommodate your specific business needs. Regardless of industry, SAVANTURE provides partner solutions for Service Providers in each of the following categories:
- Cable Operators
- Media, Satellite, and Broadcast
- Mobile Operators
- Wireline Carriers
- Value Added Resellers
Why are security services in your portfolio valuable to your customers? In today’s market, customers are looking for their existing partner relationships to bring more value.
Why are security services in your portfolio important to you? At the top of the list, it allows your business to increase profitable revenue by:
- selling security services or more security services
- increasing sales volume on your core services because of security
- breaking into new clients
- retaining and gaining more traction with existing clients
There are also many positive trends that are driving the necessity for Cloud Security Offerings to be in your portfolio. We’ve built our solutions to address those buying trends. The Cloud Managed Security Services portfolio includes:
Concerns regarding the security of Public, Private, and Hybrid Clouds is top of mind for IT and Business Executives
Offer your customers additional security from threats and data theft or compromise in cloud computing environments. This will also help you move your customers to your innovated cloud business services and also provide confidence that your core service provider capabilities are more secure than your competitors. We can help protect your network, help you demonstrate your confidence to customers, and help you integrate Managed Security Services and Cloud based services into your portfolio. As a global leader in cloud security, SAVANTURE gives you and your customers greater confidence about the security of their data in the cloud and gives you a competitive advantage over other service providers with less robust data security options.
Benefits of offering SAVANTURE security services
- Increase your peace of mind that you are providing secure services that provide high value to your clients
- Increase service adoption rates and market share of you core services by acquiring security-conscience buyers
- Higher customer satisfaction and retention through integrated solutions for stickiness and improved value proposition
- Differentiate yourself from rival providers by offering your services with a brand building approach while leveraging SAVANTURE’s brand with a “powered by”
- Collection of effective cloud security technologies proven to work as an integrated offering within your suite of services
- Accelerate revenue through application, server, network and data protection services both in the cloud and customer premise
- Leverage our In the Cloud (ITC) infrastructure to start for its economies and move to our carrier class on premise, or private managed system as you scale
SAVANTURE has the Managed Security Services (MSS) program you have dreamed of that allows you to introduce or expand security services into your portfolio without a significant financial and business execution risk. Our solutions will allow you to become more profitable by minimizing your costs (capital and operational), increasing your productivity, and growing your recurring revenue stream with a partner that will support you all along the way. If you are a reseller in transition or have transitioned to a managed services provider (MSP) business model, you will find that SAVANTURE offers an MSP program that fits your needs and will help facilitate your growth and increase profits.
TOP 10 REASONS A SERVICE PROVIDER SHOULD OFFER IN THE CLOUD SECURITY SERVICES AND MANAGED SECURITY SERVICES
- Your customers are asking for you to demonstrate your commitment to security
REASON #2: As a trusted partner, your customers are asking for IT Security Services to be part of your portfolio
REASON #3: Security Services will increase the stickiness and add-on revenue with your existing customers
REASON #4: Security Services is often a higher margin line of business than many other Service Provider lines of business
REASON #5: SAVANTURE provides the absolute lowest cost approach to expanding your product line or introducing MSS services into your portfolio
REASON #6: SAVANTURE is focused on Security and how it integrates into your customers Governance, Risk, and Compliance needs. This is complex. We do this so you can focus on your business.
REASON #7: SAVANTURE keeps track of evolving cyber threats, cyber security, compliance and regulatory changes, and trends that impact the risk level of your and your customers’ business
REASON #8: SAVANTURE allows you to approach the unique requirements of multiple vertical markets through one partner.
REASON #9: We want and need you to succeed. Having your name on our list of partners is great. If you succeed, we succeed. We are in this with you.
REASON #10: SAVANTURE is channel friendly. We provide a high degree of support throughout our engagement and during startup.
BONUS – #11: SAVANTURE will help you grow your business!
Overview of our Approach
SAVANTURE is the premier security services provider with a complete set of cloud security tools and solutions to support a variety of delivery options which can be integrated into your portfolio. This suite of services range from:
- Genesis5 for Enterprises is an in the cloud toolset platform that provides an integrated platform leveraging SAVANTURE’s In The Cloud Managed Security Services including Security Information Element Management Service (SIEM), Log Management Service (LMS), Vulnerability Management System (VMS), and Two Factor Authentication (2FA) service. When integrated with an experienced lead Savanture CISO whom acts as your services advocate and program manager with an assigned team of engineers and an analyst to continually tune the infrastructure to optimize your security posture and reduce the daily research and chasing down of events and threats.Genesis5 is a single security solution for your entire Enterprise regardless of your applications location, Cloud and On-Premise, combined with an expert security team continually tuning your system and reviewing your security posture.
- SAVANTURE in the Cloud security tools for your specific needs are also available individually. SAVANTURE can provide the same great tools used by our CISOs and staff standalone, or in any combination. The Cloud Managed Security Services include:
SAVANTURE delivers the industry’s most advanced cloud based Security-as-a-Service platform which allows you to dramatically simplify your businesses’ approach to governance and security management. Today’s enterprises understand the need to have a robust Governance, Risk and Compliance (GRC) and Security Program in place to protect their business processes and information assets. Often however, your company’s limited IT, network, and security staff are constantly dealing with today’s tactical problems rather than creating the IT innovations that your company needs to differentiate itself in this high tech world. Outsourcing security tools such as Security Information and Event Management (SIEM), Vulnerability Management System (VMS), Log Management Service (LMS) and associated tools to an In-The-Cloud (ITC) Managed Security Service Provider (MSSP) cuts costs for your business and allows your staff to perform more meaningful tasks.
Managed Security Service (MSS) monitors Intrusion Detection Systems (IDS), firewalls, servers and business application and alerts based on threats and security breaches. With MSS, your network is constantly under surveillance so that attacks and security breaches can be stopped in progress. We then combine this with a staff of security experts who routinely conduct traffic reviews, event analysis, and rule reviews, and analyze the accuracy of the correlation engines to ensure that you are seeing the optimal alerting value within our platform. This provides the assurance that your business maintains the highest level protection and you are exposed to the lowest level of risk.
Our strategy is not only about delivering the best services in the industry, but recognizing that every decision is scrutinized in today’s cost sensitive world, we must provide the highest value. At SAVANTURE our strategy is to provide you with efficient, effective and cost-compelling information risk management solutions by seamlessly integrating SAVANTURE’s people, process and technology with your unique business needs. We help your business identify, reduce, and manage information risk to revenue, reputation and regulatory compliance so that you can focus on managing and growing your business. That means we need to understand the regulatory requirements you are subject to today and monitor this ongoing as your business expands and regulations change.
Your customers have numerous regulatory and compliance requirements. These often include:
- Consumer and User Privacy Laws (US State, EU, and other country and geographies)
- Payment Card Industry (PCI) standards
- And of course vertical compliance requirements for Public Sector and Government, Healthcare and Hospitals, Banking and Financial Services, Power and Utilities and Retail and Consumer
Many businesses have a good understanding of their compliance needs. Many do not. We’ve provided a consolidated place to give businesses a quick review of each compliance area. Below is a summary of each of the major compliance areas that impact large enterprises, typically defined as businesses with more than 1,000 employees and having an international or global presence. The Global 500, Fortune 500 and Fortune 1000 certainly meet these criteria, as well as many publically traded companies. Let’s take a quick look at these sample compliance and regulatory requirements:
Does SOX still matter to IT Security?
The Sarbanes-Oxley Act (SOX) requires all publicly-held companies establish internal controls and procedures for maintaining the integrity of their financial reporting to reduce the possibility of corporate fraud. It has been clarified over time that being SOX compliant means that maintaining the integrity of you financial reporting includes ensuring the integrity of your entire IT infrastructure, including your business applications, servers and network, as well as IT practices and operations.
SAVANTURE solutions provide IT and IT Security with the tools necessary to manage Information Assurance within your overall SOX compliance program. Our tools also allow you to continually collect and protect the sensitive information needed to report evidence of SOX IT compliance during your normal reviews and of course any audits.
The Sarbanes–Oxley Act of 2002, also known by the US Senate as ‘Public Company Accounting Reform and Investor Protection Act’ and by the US House of Representatives as ‘Corporate and Auditing Accountability and Responsibility Act’ and more commonly called Sarbanes–Oxley, Sarbox or SOX, is a US Federal Law that
- requires top management of publically traded companies to certify the accuracy of financial information
- establishes penalties for fraudulent financial activity
- establishes the requirement for outside auditors who review the accuracy of corporate financial statements
- increases the requirements for the oversight role of boards of directors
- and provides that an enterprise must ensure the integrity of their financial reporting and supporting systems, network and obviously security
We all remember why SOX came along. Simply put, the bill was enacted as a reaction to a number of major corporate and accounting scandals including companies such as Enron, Tyco International, Adelphia, Peregrine Systems and WorldCom.
In response to the perception that stricter financial governance laws are needed, SOX-type laws have been subsequently enacted in Japan, Germany, France, Italy, Australia, Israel, India, South Africa, and Turkey.
How is your Business impacted by Consumer and User Privacy Laws?
Over the past 10 years the individual states within the USA, as well as member countries of the EU, and other countries have defined strict policies for protecting employee and consumer data. Most often this has a basic requirement that provides for some combination of user information that allows a third party to uniquely identify a user. This often includes the user‘s name, address, unique identifiers such as a credit card number, social security number, member number, or in some regions even the user’s IP address.
What most businesses don’t recognize is these laws are not limited to where your business maintains its headquarters, or even more broadly where your business physically operates. Rather, all these laws protect the users’ interest which is most commonly tied to where the user has a residence. As an example, if you’re a company with a HQ in the US state of North Carolina with physical offices in Maryland, Florida, and Washington, with sales made in 47 other states and any European Union country, you fall under privacy law for all 47 US states you have customers in as well as European Union. Most businesses do not have the resources to 1) properly evaluate each law and 2) apply the proper reporting and protective measures as outlined by the regulations. SAVANTURE can supplement your capabilities to comply with privacy laws through its CPO services as well as SIEM, LMS, and VMS … and of course Genesis5.
What does are the PCI-DSS Requirements?
The Payment Card Industry Data Security Standards (PCI-DSS) mandate that organizations who “hold, process, or pass cardholder information” meet a minimum level of security. PCI-DSS, first released in 2004, from policies developed by American Express, Visa, MasterCard, Discover, and JCB, is a comprehensive worldwide information security standard aimed at any organization that stores credit card data. Today, the standard has expanded requirements beyond the retailers to include banks and third-party processors. PCI-DSS is relatively comprehensive standard and includes requirements for security management, data protection at rest and in transit, and other critical protective measures that were developed to proactively secure cardholder data and transaction information for consumer privacy. Simply put, PCI-DSS was designed to protect the integrity of the credit card transaction from end-to-end in transit and when stored anywhere along the transaction path.
This is arguably one of the most important regulatory requirements for any business. Why? First, they require specific audits that vary based on your credit card transaction volume and the credit card companies are known to validate the audits. Non-compliance with the requirements can result in hefty fines from each of the payment card compliance programs, increased transaction processing fees, financial fines in the hundreds of thousands of dollars and ultimately to suspension of credit card transaction. Most businesses cannot operate without accepting credits cards for payment.
How SAVANTURE helps with PCI-DSS compliance.
The core goals of PCI, relative to IT security, are 1) decrease the risk of a compromise that results in the unauthorized disclosure of credit card details or impact to the transaction path, 2) be able to identify and rapidly close a weakness in your IT Infrastructure or processes that could compromise or result in the disclosure of an, or group of, individually credit card records, 3) have you fulfill PCI-DSS audit requirements and submit results for review, and 4) have your business establish reporting and documentation which demonstrates you have security and policy programs in place that meet the minimum requirements defined by PCI.
SAVANTURE helps in each of these as follows:
- Easy to Implement and Use Authentication SAVANTURE 2FA can be used to protect administrative access to internal systems, employee user access to the network via VPN or specific applications and we can provide extremely cost-effective integration with user-facing systems to provide the added level of security that modern day customers are demanding … and more and more commonly becoming a regulatory requirement.
PCI outlines protecting remote access logins with strong authentication. Specifically, section 8.3 says that organizations must:
Implement two-factor authentication for remote access to the network by employees, administrators, and third parties. Use technologies such as remote authentication and dial-in service (RADIUS) or terminal access controller access control system (TACACS) with tokens; or VPN (based on SSL/TLS or IPSEC) with individual certificates.
SAVANTURE allows organizations to easily deploy two-factor authentication using the users’ existing devices. Typically, purchasing and managing hardware tokens makes two-factor authentication prohibitively complicated and expensive. SAVANTURE removes this barrier, giving your company a solution that is manageable, inexpensive and easy-to-use.
SAVANTURE helps large enterprises domestically and globally protect their data and their customers with strong two-factor authentication (2FA). SAVANTURE integrates with your environment (applications, servers, VPNs, network devices and web applications) to provide the security needed to comply with your regulatory requirements. This same solution fulfills most of your IT compliance and security requirements.
- Real-time Collection, Management, and Alerting across your IT InfrastructureThe collection, management, and analysis of log and event data are integral elements of meeting multiple compliance and regulatory requirements. IT environments consist of heterogeneous devices, systems, and applications, all reporting log data. SAVANTURE provides compliance to these requirements through either or both SIEM and Log Management depending on the organizations IT Infrastructure. PCI does not explicitly require SIEM, rather it requires Log Management. Our SIEM however fulfills the log management requirements and provides the added advantages of fulfilling multiple compliance requirements and a high degree of real-time protection all in one platform. If you simply need Log Management Service (LMS), SAVANTURE’s LMS fulfills PCIs requirements.
However, the SAVANTURE SIEM ensures compliance with PCI requirements by not only collecting logs (meeting the monitoring information systems in real-time guidelines) but also provides real-time alerting enabling immediate investigation and compliance reporting. This is the difference between definition and intent. The intent of PCI is to protect credit card information and systems. Being aware of threats in real-time, you have a clear analysis of events that are impacting the integrity of the organization’s data. Areas of non-compliance can be identified in real-time and mitigated before HIPAA non-compliance occurs.
- Identification of Vulnerabilities and Weaknesses across your IT InfrastructureUnderstanding where your weaknesses are before they are compromised is a logical approach to decreasing risk. SAVANTURE’s Vulnerability Management Service (VMS) vigilantly probes your Internet-connected systems for vulnerabilities before the hackers can find and exploit them. The service identifies holes in your perimeter protection to any Internet-addressable host. In addition, we scan internally to identify vulnerabilities in the event the perimeter is ever breached or someone locally attempts to compromise a system. New vulnerabilities are discovered every day and hackers are becoming more adept at exploiting these security vulnerabilities.
SAVANTURE’s VMS allows us to identify vulnerabilities and weakness, target the fix or identify ways to reduce risk of compromise, and track progression of the organizations ability to maintain a lower risk vulnerability profile.
- Organizational AssessmentsIn addition to the immediate protection provided by SAVANTURE’s products and services, we provide self-driven tools like the SAVANTURE Self Risk Assessment for PCI, the means to uncover and address risks are more readily available than ever before. The assessment then provides recommendations to remedy identified risks through practical guidance and best practices. We recommend the assessment be taken annually so you can measure your progress and confirm that compliance controls are maintained through the natural and continuous changes that occur within any organization. For those companies that use SAVANTURE’s CISO services, we will lead up this effort and ensure the proper individuals in the organization take action and that the appropriate follow-up occurs.
Are you subject to HIPAA regulations?
Often overlooked, companies that handle their employee’s healthcare claims or equivalent encounter information, healthcare payment and remittance advice, healthcare claim status, enrollment and disenrollment in a health plan or perform Coordination of benefits, managing the informational exchange for the eligibility for a health plan, or manage health plan premium payments, among other activities are subject to HIPAA. The HIPAA Privacy Rule provides federal protections for individually identifiable health information held by covered entities, including employers, and their business associates and gives patients an array of rights with respect to that information. At the same time, the Privacy Rule attempts to be balanced as to provide a high level of effectiveness so that the disclosure of health information needed for patient care and other important purposes can be accomplished.
Generally, most healthcare organizations that fall under HIPAA regulatory requirements understand their classification. However, as noted above, HIPAA actually cast a very wide definition as to who is regulated by HIPAA. CFR-2007-Title 45- Volume 1-Section 1-Part 160 subchapter C defines, in hard to interpret legal ease, which we interpret to mean:
HIPAA defines a regulated entity as a “Business Associate” which includes businesses, organizations, agencies, entities, and individuals. For the purpose of easier conveyance of the data, we will refer to a Business Associate as a “HIPAA Regulated Entity.” Often overlooked, aHIPAA Regulated Entityincludes other businesses, organizations, entities, and individuals that on behalf of a HIPAA Regulated Entityperform activities or functions that subject them to HIPAA (as defined in § 164.501 of this subchapter). This includes, but not limited to, “functions or activities involving the use or disclosure of individually identifiable health information, including claims processing or administration, data analysis, processing or administration, utilization review, quality assurance, billing, benefit management, practice management, and repricing or any other function or activity”, it continues and list “legal, actuarial, accounting, consulting, data aggregation (as defined in § 164.501 of this subchapter), management, administrative, accreditation, or financial services.” Examples of Personal Identifiable Information are later provided and include:
- Healthcare claims or equivalent encounter information
- Healthcare payment and remittance advice
- Coordination of benefits
- Healthcare claim status
- Enrollment and disenrollment in a health plan
- Eligibility for a health plan
- Health plan premium payments
- Referral certification and authorization
- First report of injury
- Health claims attachments
- Other transactions that the Secretary may prescribe by regulation
This typically means most businesses, even small businesses, are subject to HIPAA requirements since they often collect, submit, and keep copies of one or more of items 1-7 above.
The Security Rule specifies a series of administrative, physical, and technical safeguards for covered entities and their business associates to use to assure the confidentiality, integrity, and availability of electronic protected health information.
The Administrative Simplification provisions of the Health Insurance Portability and Accountability Act of 1996 (HIPAA, Title II) required the Secretary of HHS to publish national standards for the security of electronic protected health information (e-PHI), electronic exchange, and the privacy and security of health information.
HIPAA called on the Secretary to issue security regulations regarding measures for protecting the integrity, confidentiality, and availability of e-PHI that is held or transmitted by covered entities. HHS developed a proposed rule and released it for public comment on August 12, 1998. The Department received approximately 2,350 public comments. The final regulation, the Security Rule, was published February 20, 2003.2 The Rule specifies a series of administrative, technical, and physical security procedures for covered entities to use to assure the confidentiality, integrity, and availability of e-PHI.
In addition, The National Institute of Standards and Technology (NIST) Special Publication 800-66 provides guidance for meeting HIPAA Standards.
How SAVANTURE helps with HIPAA compliance
- LOG MANAGEMENT AND SIEM
The core goals of HIPAA, relative to IT security, are 1) decrease the risk of a compromise that results in the unauthorized disclosure of individually identifiable health records, 2) be able to identify and rapidly close a weakness in your IT Infrastructure or processes that could compromise or result in the disclosure of an, or group of, individually identifiable health records, 3) ensure measurable standards are in place that allow organizations to be judged if they are following reasonable compliance with HIPAA standards, and 4) reports and documentation are generated that demonstrates an organization has a healthy security and policy program in place that supports HIPAA. SAVANTURE helps in each of these as follows:
- Easy to Implement and Use Authentication SAVANTURE can be used to protect administrative access to internal systems, employee access to the network via VPN or to specific applications and we can also provide extremely cost-effective integration with user-facing systems to provide the added level of security that modern day customers are demanding … and more and more commonly becoming a regulatory requirement.SAVANTURE helps healthcare organizations (hospitals, clinics, doctor offices, testing labs, and regulated equipment manufacturers) domestically and globally protect their data and their customers with strong two-factor authentication (2FA). SAVANTURE integrates with your environment (applications, servers, VPNs, network devices and web applications) to provide the security needed to comply with your regulatory requirements.
- Real-time Collection, Management, and Alerting across your IT InfrastructureThe collection, management, and analysis of log and event data are integral element of meeting HIPAA audit requirements. IT environments consist of heterogeneous devices, systems, and applications all reporting log data. SAVANTURE provides compliance to this requirement through both SIEM and/or Log Management depending on the organizations IT Infrastructure.
The SAVANTURE SIEM ensures compliance with HIPAA requirements by not only collecting logs (meeting the monitoring information systems in real-time guidelines) but also provides real-time alerting enabling immediate investigations and compliance reporting. This is the difference between definition and intent. The intent of HIPAA is to protect healthcare information and systems. By being aware of threats in real-time, you have a clear analysis of events that are impacting the integrity of the organization’s data. Areas of non-compliance can be identified in real-time and mitigated before HIPAA non-compliance occurs.
- Identification of Vulnerabilities and Weaknesses across your IT InfrastructureUnderstanding where your weaknesses are before they are compromised is a logical approach to decreasing risk and improving your ability to comply with HIPAA. SAVANTURE’s Vulnerability Management Service (VMS) vigilantly probes your Internet-connected systems for vulnerabilities before the hackers can find and exploit them. The service identifies holes in your perimeter protection to any Internet-addressable host. In addition, we scan internally to identify vulnerabilities in the event the perimeter is ever breached or someone locally attempts to compromise a system. New vulnerabilities are discovered every day and hackers are becoming more adept at exploiting these security vulnerabilities.
SAVANTURE’s VMS allows us to identify vulnerabilities and weakness, target the fix or identify ways to reduce risk of compromise, and track progression of the organizations ability to maintain a lower risk vulnerability profile.
- Organizational AssessmentsIn addition to the immediate protection provided by SAVANTURE’s products and services, we provide self-driven tools like the SAVANTURE Self Risk Assessment for HIPAA (TSRA-HIPAA), the means to uncover and address risks are more readily available than ever before. The assessment then provides recommendations to remedy identified risks through practical guidance and best practices. We recommend the assessment be taken annually so you can measure your progress and confirm that compliance controls are maintained through the natural and continuous changes that occur within any organization. For those companies that use SAVANTURE’s CISO services, we will lead up this effort and ensure the proper individuals in the organization take action and that the appropriate follow-up occurs.
We are here to earn your trust, and your business. We are SAVANTURE. We can help.
- SAVANTURE Services are best in class and provide the most optimal cost performance solution in the marketplace allowing you to focus on your business
- Best in class offerings allow us to protect your revenue, reputation and regulatory compliance better than any other solution in the marketplace
- Flexibility in deployment methods allow a low cost entry option, while breath of services allow you to increase your protection logically over time as threats change and regulatory requirements evolve
- SAVANTURE allows you to leverage best in class or take advantage of SAVANTURE’s Genesis5 platform
- Ease of deployment and ease of use while always being cost-effective, reliable, and secure
Contact us and we can answer any questions or get you started now.