SIEM in Sitefinity Cloud: Security as a Service
In all things digital, security is top of mind, but how do we make sure it’s always top of the agenda? How much security is enough security? Live on the edge or check out What’s New in Sitefinity Cloud? There you go…
Sitefinity Cloud delivers an integrated set of technologies and solutions to let you create, tailor and serve connected experiences and digital services to the audiences that matter most.
The thing about Sitefinity Cloud is you don’t have to worry about what’s going on under the hood. That’s our responsibility. You have complete control over your applications, source code, data, assets and configurations—while we take care of the infrastructure: Architecture, availability, performance, connectivity and upgrades. And security, of course. Sitefinity Cloud has got you covered. Manage Experiences, Not Infrastructure is more than just a tagline.
Security as a Service in the Cloud
Sitefinity Cloud offers multiple layers of risk mitigation features and security services built into both the application and the infrastructure.
On the Sitefinity side, the Web Security Module manages HTTP security headers, content security policies and cookie protection. The web security module lets you proof websites built on Sitefinity against a wide range of threats: Cross-site scripting (XSS), clickjacking, code injection, stealing or modifying data in transit (man-in-the-middle) and content sniffing.
With every new release, Sitefinity offers multiple performance benefits and a higher level of security. New releases get the latest versions of third-party libraries and plug-ins too.
Sitefinity Cloud is built on top of the Microsoft Azure infrastructure, which in turn provides another advanced set of security features:
- Single tenancy makes sure customer data is contained within their subscription, and no resources are shared between subscriptions.
- The Azure Active Directory uses multi-factor authentication for extra security.
- Access to any App Service, Storage Account, SQL Database, or Redis Cache service is restricted using a firewall whitelist.
- The connection between the Azure resources for each customer goes through Azure shared networking and is encrypted.
- Website files, databases, system logs and search indexes are all encrypted at rest.
- Sitefinity Cloud takes advantage of the automatically enabled DDoS protection at the Azure Services level.
- Cloudflare is the CDN of choice and integrates robust protection against Distributed Denial of Service (DDoS) attacks.
- On-demand database backups are enabled, with PII obfuscation on the production DB. Transparent Data Encryption protects databases, backups and logs at rest.
- Sitefinity Cloud is HIPAA, SOC2 and SOC TSP certified for secure governance of infrastructure, code, and data.
Going the Extra Mile with Security Information & Event Management
With many of the security features in Sitefinity Cloud already powered by the vast set of Azure Security solutions and capabilities, the platform has recently bolstered its defense suite with another smart tool.
Every Sitefinity Cloud subscription is now equipped with Microsoft Sentinel that inspects the vast logs collected across various parts of the infrastructure and stored in the Log Analytics Workspace. The Security Information and Event Management (SIEM) tool proactively sifts through large volumes of raw logs to extract valuable security information and flag security-sensitive events.
The Microsoft Sentinel is doing its threat intelligence magic behind the scenes and the alerts are sent to the Sitefinity Cloud Engineering Team to investigate and act as needed. That is to say, the SIEM tool is not exposed to the customer. Of course, every Sitefinity Cloud admin on the client side can access the logs and get a feel of the mind-boggling amount of data records that the Sentinel is processing.
The Sentinel is configured to analyze data in logs and detect threats affecting Sitefinity web applications and the relevant Sitefinity Cloud infrastructure. Threat investigation algorithms are augmented by AI to make detection smarter and faster. Alerts to the Sitefinity Cloud Engineering Team allow rapid and effective response to potential security incidents.
Alerts are graded by severity into Low, Medium and High. A high severity threat triggers a notification to the Sitefinity Cloud On-Duty Team for immediate investigation and/or action.
Advanced Security Add-on Tops Out-of-the-Box SIEM
The Microsoft Sentinel powered Security Information & Event Management is included in the subscription regardless of your license tier. For organizations that need to meet the most stringent government and industry requirements for application and data security, a premium Advanced Security add-on is available across tiers.
To recap, the Microsoft Sentinel sifts through the Log Analytics Workspace where all infrastructure components for the tenant meticulously store every activity. The SIEM solution is configured to investigate and detect potential malicious activity, logging the results in its own portal in 3 severity categories.
The Advanced Security add-on enhances the out-of-the-box solution with proactive threat analysis and response to a broader range of security events including false positives. It offers detailed HTTP request logging, CDN log analysis and advanced threat detection. Additional features include bot management, extended log retention of up to five years and support for exporting logs to third-party storage providers. Here is an overview of the key differences:
| Security Feature | Default SIEM Solution | Advanced Security Add-on |
|---|---|---|
| Monitoring and Logging | ||
| Real-time monitoring and analysis of event logs | ✔ | ✔ |
| Tracking and logging of security-sensitive events | ✔ | ✔ |
| Detailed Logging of HTTP Requests | ✘ | ✔ |
| CDN Logs analysis | ✘ | ✔ |
| HTTP traffic monitoring and threat detection | ✘ | ✔ |
| Detection and Intelligence | ||
| Proactive threat analysis | ✘ | ✔ |
| Bot management | ✘ | ✔ |
| Alerting and Response | ||
| Alerts to Sitefinity Cloud On-Duty Team | ✔ | ✔ |
| Response to High severity alerts | ✔ | ✔ |
| Response to Low and Medium severity alerts | ✘ | ✔ |
| Retention and Integration | ||
| Log Retention | 3 months | up to 5 years |
| Log export to third-party log storage providers | ✘ | ✔ |
Sitefinity Cloud has added an extra layer of security with data analysis of multiple application and infrastructure logs, threat investigation and AI-assisted threat detection. The Progress teams now have another high-value tool to help proactively respond to and resolve security incidents. And that’s one more reason for Sitefinity Cloud customers to feel safe and secure.
The SIEM solution is available for all license tiers by default, with a premium Advanced Security add-on available to bolster your defenses through extended monitoring and security incident management.
Check out the Sitefinity Cloud Security documentation for the full list of security features available. Or, take a closer look at the Security Information and Event Management (SIEM) solution.
Want to learn more about Sitefinity Cloud?
