Security Guardian Current - Security Guide

Introduction About Security Guardian Architecture Overview Azure Datacenter Security Overview of Data Handled by Security Guardian

Artificial Intelligence in Security Guardian Enabling and Disabling Security Guardian Intelligence AI Safety in Security Guardian

Admin Consent and Service Principals Location of Customer Data Privacy and Protection of Customer Data Network Communications Authentication of Users Role Based Access Control FIPS 140-2 Compliance SDLC and SDL Third Party Assessments and Certifications

Penetration Testing Certification

Operational Security

Access to Data Permissions Required to Configure and Operate Security Guardian Operational Monitoring Production Incident Response Management

Customer Measures

Access to Data

Access to Security Guardian data is restricted to:

Quest Operations team members
Specific Quest Support team members working closely with Security Guardian product issues
The Security Guardian development team, providing support for the product

Access to Security Guardian data is restricted through the dedicated Quest Entra ID security groups. For different types of data (e.g., product logs, customer data, and sensitive data), different access levels, and lists of allowed people are assigned.

Permissions Required to Configure and Operate Security Guardian

Quest Operations team members have access to Quest’s production Azure Subscription and monitor this as part of normal day to day operations. Security Guardian developers have no access to Quest’s production Azure Subscription.

To access Security Guardian, a customer representative goes to the On Demand website, and signs in using their Microsoft Entra ID account. As part of the sign-up process, they must provide a valid email address to receive and respond to a verification email from Quest Software.

An organization is automatically created once the new account is created.

Prerequisites:

Microsoft Entra ID Global Administrator must give the Admin Consent to provision On Demand for the customer's Microsoft Entra ID with the following permissions:

Microsoft Graph

Read all audit log data
Read all identity risk event information

Azure Active Directory Graph

Read directory data
Office 365 Management APIs
Read activity data for your organization
Read service health information for your organization

Microsoft Graph permissions reference - Microsoft Graph | Microsoft Docs

Operational Monitoring

Security Guardian internal logging is available to Quest Operations and Security Guardian development teams during the normal operation of the platform. Some customer or Personally Identifiable Information (PII) data can become a part of internal logging for troubleshooting purposes.

Production Incident Response Management

Quest Operations and Quest Support have procedures in place to monitor the health of the system and ensure any degradation of the service is promptly identified and resolved. Security Guardian relies on Azure infrastructure, and as such, is subject to the possible disruption of these services.

Quest On Demand services status page is available at https://status.quest-on-demand.com/.
Azure services status page is available at https://azure.microsoft.com/en-ca/status/.
AWS services status page is available at https://status.aws.amazon.com/

Seleziona il prodotto:

Per una maggiore efficacia, compilare l'Obiettivo della chat:

Soluzioni consigliate per il problema