we elevate your security

Comprehensive Security

Software applications are integral components of an organization’s success. Unfortunately, while applications are built to support faster growth and enhanced user experience, these are also prone to security incidents in the absence of appropriate security mechanisms. Knowing the basics of application security had never been so relevant.

Therefore, over the years UBS has adopted Secure SDLC model to adopt the proper practices and tools to ensure attack vectors do not exploit inherent application vulnerabilities. Below are few examples of security initiatives taken by UBS over the years.

TLS 1.2

Transport Layer Security (TLS), like Secure Sockets Layer (SSL), is an encryption protocol intended to keep data secure when being transferred over a network. TLS 1.2 is more secure than the previous cryptographic protocols such as SSL 2.0, SSL 3.0, TLS 1.0, and TLS 1.1. Essentially, TLS 1.2 keeps data being transferred across the network more secure.

HSTS

The HTTP Strict-Transport-Security response header (often abbreviated as HSTS) informs browsers that the site should only be accessed using HTTPS, and that any future attempts to access it using HTTP should automatically be converted to HTTPS. If a website accepts a connection through HTTP and redirects to HTTPS, visitors may initially communicate with the non-encrypted version of the site before being redirected. This creates an opportunity for a man-in-the-middle attack. The redirect could be exploited to direct visitors to a malicious site instead of the secure version of the original site. The HTTP Strict Transport Security header informs the browser that it should never load a site using HTTP and should automatically convert all attempts to access the site using HTTP to HTTPS requests instead.

Crowdstrike

CrowdStrike has redefined security with the world’s most advanced cloud-native platform that protects and enables the people, processes and technologies that drive modern enterprise. CrowdStrike secures the most critical areas of enterprise risk – endpoints and cloud workloads, identity, and data – to keep customers ahead of today’s adversaries and stop breaches. Powered by the CrowdStrike Security Cloud, the CrowdStrike Falcon Platform leverages real-time indicators of attack, threat intelligence on evolving adversary tradecraft and enriched telemetry from across the enterprise to deliver hyper-accurate detections, automated protection and remediation, elite threat hunting and prioritized observability of vulnerabilities – all through a single, lightweight agent. With CrowdStrike, customers benefit from superior protection, better performance, reduced complexity and immediate time-to-value.

Disaster Recovery

Organizations of all sizes generate and manage massive amounts of data, much of it mission critical. The impact of corruption or data loss from human error, hardware failure, malware, or hacking can be substantial. Therefore, it is essential to create a disaster recovery plan for the restoration of business data from a data backup image. RPO (Recovery Point Objective) and RTO (Recovery Time Objective) are two important aspects of IT resilience planning. A Recovery Point Objective (RPO) is the maximum targeted period during which transactional data is lost from an IT service due to a major incident. The Recovery Time Objective (RTO)[9][10] is the targeted duration of time and a service level within which a business process must be restored after a disaster (or disruption). UBS periodically performs DR drills with two fold objectives; to test the backup are in good-to-recover state and reassessing the RPO and RTO parameters.

Latest software versions (Java & .Net)

Data breaches, hacks, cyber attacks and identity theft have all been in the news. While threat actors continue to come up with new methods to steal information and gain access to systems, there are some simple, preventative measures to help stop them. Keeping your software on latest version is one such layer of protection. Here are some reasons to consider software updates as soon as possible.

  • Patch security flaws – Security is the No. 1 reason to update software immediately.
  • Get new features – Installing updates may add new features and remove old ones that are no longer necessary. Technology is constantly changing, and updates offer the latest features and improvements.
  • Improve performance – Not all patches are security related. Software vendors may find bugs in a program or need to make necessary enhancements to a program. These patches help improve the performance of the software.
  • Ensure compatibility – Software manufacturers send updates to ensure their software is compatible with the latest technology. Without updates, older software may not be able to work with newer technology.

Netsparker scans

Netsparker is an industry-leading web application security solution that automatically scans custom web applications for Cross-Site Scripting (XSS), SQL Injection, and other types of vulnerabilities. It features unique Proof-Based Scanning technology that automatically and safely exploits vulnerabilities and generates a proof of exploit to prove that they are not false positives.

CVE Remediations

Common Vulnerabilities and Exposures, is a list of publicly disclosed computer security flaws. UBS has been quick in response and very proactive in remediating CVEs like; log4j & WSO2

Deprecating older features

With ongoing improvements to the R2 platform, sometimes that means retiring outdated functionality or that provides low value to a limited number of customers. There are several motivations for why we deprecate features:

  • UBS’s Product and Engineering team continuously investigates and implements better ways of doing things. With a focus on innovation and our customers' evolving needs, some technologies and applications on our platform may no longer serve customers in the most effective way possible. Additionally, third-party software leveraged by the R2 platform may no longer support specific functionality.
  • UBS may be required to deprecate or retire functionality that does not meet the industry standards.
  • UBS deprecates features only when absolutely necessary. Usually, UBS upgrades features to provide enhanced functionality. However, it is sometimes necessary to deprecate and retire a feature completely.