At NETSCOUT, we take security very seriously. NETSCOUT follows a Secure Software Development Lifecycle (Secure SDLC) model which incorporates security by design as a fundamental requirement throughout all phases of product development, testing, release, and post-release support. We maintain a security assurance team to serve as expert advisors to product developers at NETSCOUT, providing the resources and advice needed to integrate security into our development process and enabling continuous improvement and consistency in our security practices.
NETSCOUT developers and testers are regularly trained on security issues, trends, defensive programming concepts, and attack surface reduction techniques. Before any product is released, we conduct thorough security scans to uncover and address vulnerabilities. Our product testers perform numerous automated and manual security vulnerability tests both prior to release and on an ongoing basis post-release in order to maintain a high level of product security.
In addition, NETSCOUT has well-defined processes to address vulnerabilities discovered in the field. Our rigorous program enables us to identify potential impact and respond in a timely manner by analyzing multiple sources for reported vulnerabilities, such as the Common Vulnerabilities and Exposures (CVEs) database. NETSCOUT responds to known vulnerabilities within published timeframes to help our customers stay informed and protect their technology environments.
Our program for Vulnerability Management includes:
Pre-Release security by design
- Built-in security through Secure SDLC model.
- Secure Build environment using best-in-class tools and processes.
- Products released with the latest available security patches for operating systems and third-party software.
- Vulnerability scans using industry-standard scanners – automatic and manual.
Post-Release updates
- Continuous monitoring of industry-standard reporting bodies, e.g., CVEs.
- Regular updates to components based on IAVA and CVE databases.
Vulnerability response mechanism
- Time-bound response mechanism
- Fix release through patch, MR, new major or minor release, third-party update patch.
Vulnerability communication mechanism
- Subscription-based customer notifications
- Announcements on Security page on MasterCare portal
Products Designed with Security at their Foundation
NETSCOUT product security measures include:
Hardened operating systems
Use of hardened operating systems that remove unnecessary services, implement port access restrictions, enable access auditing, etc.
SSL protocols
Ensuring information transfer between NETSCOUT products through secure encrypted protocols using SSL.
Encrypted disks
Making available appliances with encrypted disks.
Compliance standards
Compliance with industry standards.
Encrypted passwords
Secure encrypted password storage and management within the products.
Third-party software
Reduction in usage, and where possible, elimination of third-party software usage within our products.