At Federos®, we have always taken security very seriously. Our customers run some of the largest networks on the planet and rely on Assure1® to provide safe and reliable monitoring and visibility to their entire network operations 24x7x365.
Assure1 follows an agile software development process that allows Federos to provide a continuous flow of software enhancements, incremental improvements, and defect fixes. The key to software distribution, however, lies in the multiple security layers instituted by our processes. This ensures that the code our customers receive is what we packaged, tested, and validated through our rigorous internal processes.
Assure1 Package Delivery: Two secure distribution channels.
Our agile methodology allows our customers to follow a quarterly stable release channel, which provides a fully-tested and QA-passed release that has had time to be matured in the field. These releases are composed of several field-tested edge releases and include additional quality assurance time in our labs to ensure the most stable of releases.
For those customers who want to have early access to Assure1’s newest features, fixes or enhancements, we provide the edge release channel, which updates about once each month. The edge channel includes fully-tested and QA-passed releases containing new features that have not yet been through significant field validation, allowing customers to provide early-adopter feedback to help further strengthen the quarterly releases.
Assure1 Package Management: Our secure delivery foundation.
Most critical to ensuring security in our release methodology is the focus on our release and package management capabilities. This is something that has come up in the news recently, so we wanted to take you through the 1-2-3s of how we secure our customers’ releases.
- Our build server is a highly-secured and fortified system that has been secure enclaved from human or system intervention. Every action and transaction on the server is meticulously tracked and logged so that we are proactively notified of any issues on the server.
2. The enclaved build server releases installer packages that are proprietary in design (inherently more complex and difficult to reverse engineer), self-signed with a key that matches the build signature, and then encrypted and keyed (against the checksum) so that any changes or tampering to the package will invalidate multiple checks in the package itself.
3. Assure1 knows how to find all available release channels and uses a secure connection to those channels to download update packages when requested. The packages are available for any customer or prospect to download and consume. The last key to our protection is in how Assure1 checks and validates that it has received a secure and trusted package. There are virtually no ways to override the validation checks, and if any of the checks fail the package will be refused and will not be allowed to be processed and installed.
These protections mean Assure1 customers are protected from packages with incomplete downloads, corruption, or nefarious tampering, resulting in a highly-secure delivery vehicle.
Assure1 customers’ packages are the exact same containers that follow our Six-Sigma based QA practices. Once our internal processes validate the quality and performance of a release, that package is then progressed into the release workflow (outlined above) so that customers get exactly what we built, tested, and released.
If you want further information, you can request to talk to an expert here.