In all things digital, security is top of mind, but how do we make sure it’s always top of the agenda? How much security is enough security? Live on the edge or check out What’s New in Sitefinity Cloud? There you go…
Sitefinity Cloud is the Progress PaaS offering (platform-as-a-service) in digital experience management. It delivers an integrated set of technologies and solutions to let you create, tailor and serve connected experiences and digital services to the audiences that matter most.
The thing about PaaS is you don’t have to worry about what’s going on under the hood. That’s our responsibility. You have complete control over your applications, source code, data, assets and configurations—while we take care of the infrastructure: Architecture, availability, performance, connectivity and upgrades. And security, of course. Sitefinity Cloud has got you covered. Manage Experiences, Not Infrastructure is more than just a tagline.
Sitefinity Cloud offers multiple layers of risk mitigation features and security services built into both the application and the infrastructure.
On the Sitefinity side, the Web Security Module manages HTTP security headers, content security policies and cookie protection. The web security module lets you proof websites built on Sitefinity against a wide range of threats: Cross-site scripting (XSS), clickjacking, code injection, stealing or modifying data in transit (man-in-the-middle) and content sniffing.
With every new release, Sitefinity offers multiple performance benefits and a higher level of security. New releases get the latest versions of third-party libraries and plug-ins too.
Sitefinity Cloud is built on top of the Microsoft Azure infrastructure, which in turn provides another advanced set of security features:
With many of the security features in Sitefinity Cloud already powered by the vast set of Azure Security solutions and capabilities, the platform has recently bolstered its defense suite with another smart tool.
Every Sitefinity Cloud subscription is now equipped with Microsoft Sentinel that inspects the vast logs collected across various parts of the infrastructure and stored in the Log Analytics Workspace. The Security Information and Event Management (SIEM) tool proactively sifts through large volumes of raw logs to extract valuable security information and flag security-sensitive events.
The Microsoft Sentinel is doing its threat intelligence magic behind the scenes and the alerts are sent to the Sitefinity Cloud Engineering Team to investigate and act as needed. That is to say, the SIEM tool is not exposed to the customer. Of course, every Sitefinity Cloud admin on the client side can access the logs and get a feel of the mind-boggling amount of data records that the Sentinel is processing.
The Sentinel is configured to analyze data in logs and detect threats affecting Sitefinity web applications and the relevant Sitefinity Cloud infrastructure. Threat investigation algorithms are augmented by AI to make detection smarter and faster. Alerts to the Sitefinity Cloud Engineering Team allow rapid and effective response to potential security incidents.
Alerts are graded by severity into Low, Medium and High. A high severity threat triggers a notification to the Sitefinity Cloud On-Duty Team for immediate investigation and/or action.
The Microsoft Sentinel powered Security Information & Event Management is included in the subscription regardless of your license tier. For organizations that need to meet the most stringent government and industry requirements for application and data security, a premium Advanced Security add-on is available across tiers.
To recap, the Microsoft Sentinel sifts through the Log Analytics Workspace where all infrastructure components for the tenant meticulously store every activity. The SIEM solution is configured to investigate and detect potential malicious activity, logging the results in its own portal in 3 severity categories.
What the Advanced Security add-on offers over the out-of-the-box solution, is the daily security triage and proactive threat analysis, which covers Low and Medium severity events too, including false-positive alerts. All HTTP traffic from Cloudflare is logged and additional rules are in place to detect Hight, Medium or Low security incidents.
Security Features | Default SIEM Solution (all tiers) | Advanced Security Add-on (all tiers) |
---|---|---|
Real-time monitoring and analysis of event logs | ✔ | ✔ |
Tracking and logging of security-sensitive events | ✔ | ✔ |
Alerts to Sitefinity Cloud On-Duty Team | ✔ | ✔ |
Response to High severity alerts | ✔ | ✔ |
Daily security triage and proactive threat analysis | ❌ | ✔ |
Response to Low and Medium severity alerts | ❌ | ✔ |
HTTP traffic monitoring and threat detection | ❌ | ✔ |
Sitefinity Cloud has added an extra layer of security with data analysis of multiple application and infrastructure logs, threat investigation and AI-assisted threat detection. The Progress teams now have another high-value tool to help proactively respond to and resolve security incidents. And that’s one more reason for Sitefinity Cloud customers to feel safe and secure.
The SIEM solution is available for all license tiers by default, with a premium Advanced Security add-on available to bolster your defenses through extended monitoring and security incident management.
Check out the Sitefinity Cloud Security documentation for the full list of security features available. Or, take a closer look at the Security Information and Event Management (SIEM) solution.
Want to learn more about Sitefinity Cloud?
A Sitefinity Product Marketer, Anton has a mixed background of software and writing for the web. He has spent the last 10 years in software development, on the project management and product ownership side, all the while writing about technology, gadgets and their use and usability. He is always trying to get to the bottom of things without missing the bigger picture.
Let our experts teach you how to use Sitefinity's best-in-class features to deliver compelling digital experiences.
Learn MoreSubscribe to get all the news, info and tutorials you need to build better business apps and sites