Loading...
Security and Vulnerability Support2019-09-09T09:42:44+00:00

Through proven processes, security products, and a staff of industry experts, we continuously investigate issues, harden and protect your application environments, and deliver timely fixes, patches, and remediations.

Standard to our third-party support, Spinnaker Support delivers a Seven-Point Security Solution based around the core concepts of Discover, Harden, and Protect for your data and critical system security.

We treat every reported incident as a P1 ticket, and we respond to every ticket within minutes. Our global security team actively advises on security concerns and monitors and reports on actionable vulnerabilities.

That’s why, in our 2019 Satisfaction Survey, 98% of customers who cited security as an issue reported that their security level was the same or improved after moving to Spinnaker Support.

Spinnaker Support’s Seven-Point Security Solution 

Vulnerabilities and exposures now arise from a variety of external and internal sources, and effective security must address the full technology stack. At Spinnaker Support, we reject the one-size-fits-all patching approach of software publishers and focus instead on working collaboratively with every customer.

From Day 1, our team adheres to a Seven-Point Security Solution, shown below, an established framework that combines proven processes, security products, and a staff of industry experts. Using this, our experts resolve issues as they occur and put in place the tools and procedures you need to proactively maintain secure application environments.

Throughout the customer journey, we continue to discover, harden, and protect data and applications against security issues through the deployment of multiple services and security products. The individual points are as follows:

We investigate issues during customer onboarding and whenever a security concern arises. Discussions focus on a specific issue or explore general, security-related topics. The team advises when you log a security-related ticket and can expand the scope as needed to a full Security Assessment. 

As security topics develop, we author whitepapers and other reference materials for the benefit of all customers. We also develop position papers on specific areas of customer interest such as interoperability and virtualization. 

Our security team will assist with an audit and risk review for your systems. Reports include recommendations on configurations, encryptions, access management, and best practices and guidelines. 

We help reduce vulnerability and enhance security by helping our customers to properly configure and harden applications, operating systems, servers, databases, and networks through the review and recommendations.  

Customers submit a ticket at any time for assistance with security-related activities. These include detecting and preventing issues, identifying suspicious behavior, and fixing vulnerabilities. We use compensating controls (external to application code) to resolve security issues. 

Spinnaker Support offers additional products to enhance security, including: 

  1. Intrusion Detection Service (IDS) & Intrusion Prevention Service (IPS):  We address web and server-based threats through a combined cloud-based software and innovative analytics solution for IDS and IPS. Powered by Alert Logic, this solution features embedded human expert services to detect, assess, and block threats. 
  2. Virtual Patching: We offer Spinnaker Support Database Defender, powered by McAfee, that delivers the advantage of virtual database patching (details below).

We monitor Oracle and SAP CVEs and publish periodic email bulletins for customers. These curated bulletins for Oracle and SAP customers include CVE descriptions and offer best practice recommendations. 

Software Publisher Patches vs. Seven-Point Security

Certain enterprises considering third-party support are concerned about the loss of quarterly software patches for critical vulnerabilities and exposures (CVEs). While SAP supplies its customers with security patches even when they are not on SAP Support, Oracle does not offer customers access to security tools after they leave its support program.

While code patches do block vulnerabilities, the reality of the software patching process often does not meet its promise:

  1. Patches are not timely (in fact, they can be months or years late).
  2. Patches are one-size-fits-all and may be problematic for customizations.
  3. Patches may not be available for older product versions and applications.
  4. Patches require valuable time to test and install.
  5. Many organizations do not patch or patch regularly due to operational constraints.

Spinnaker Support’s Seven-Point Security Solution replaces a sole reliance on these patches with a stronger framework that covers a wider range of security issues. Vulnerability management is a critical point in our security solution, and our global security professionals continue to work until the security issue is properly addressed. Spinnaker Support security services are responsive, on-demand, and multilayered.

Virtual Patching: Spinnaker Support Database Defender

Available now, Database Defender, powered by McAfee, detects and prevents attempted attacks and intrusions in real time, shielding databases from the risks presented by unpatched vulnerabilities. With automatic updates and an intuitive Web-based dashboard, Database Defender is easy to use and add to your existing security toolset.

The Advantages of Database Defender:

  • Provides immediate protection for 100s of vulnerabilities and threats, even prior to public announcement.
  • Installs in a simple process with no disruption to production databases.
  • Facilitates compliance with standards such as PCI DSS, HIPAA, and others.
  • Continues to protect older databases that are no longer supported by the vendor.
  • Covers a comprehensive array of databases from Oracles and SAP.

Database Defender is an optional security product, with pricing that varies per your needs. To learn more about Database Defender, view the solution brief and reach out to Spinnaker Support to discuss this product.

Security Is a Standard of Our Operations

Spinnaker Support takes your data and application security seriously. This security philosophy is embedded in how we support our customers, and we deliver security solutions designed for your unique set of applications and systems.

We invest in your security and compliance measures with the same exacting standards we apply to our own operations. Spinnaker Support was the first third-party support provider to achieve both ISO/IEC 27001:2013 certification for managing sensitive company information and ISO 9001:2015 certification for quality management principles. We are Privacy Shield-certified, GDPR compliant, certified for both the EU-U.S. and Swiss-U.S. Privacy Shield Frameworks, and Cyber Essentials certified.

ISO 9001:2015
ISO 27001
Cyber Essentials

Also Included in Our Standard Support

3rd party support
Break / Fix
General Inquiry
Tax and regulatory compliance
Technology Advisory Services

Let's Talk

Our clients consistently rate our award-winning support at >98% satisfaction. Let’s talk about whether Spinnaker Support is right for you.

Contact Us