eSuite Security White Paper

eSuite^SM account management

Security and life safety systems are critical components for today’s businesses no matter the business size or complexity of needs.

But in order to get the most out of your security and life safety investment, you need a comprehensive account management tool, especially as your number of locations grow. Imagine trying to manage hundreds or even thousands of locations’ security data without a robust exception-based data management solution. ADT Commercial’s eSuite and security data management portal gives the end-user the tools to manage, view and analyze site activity to help get the most from their security investment and improve the security program over time. eSuite allows customers to view data, including open/close schedules and reports, details of alarm tests, incidents and alarms, change open/close schedules or request a service call.

eSuite also has features that can be used with mobile devices such as view and edit location contacts, place burglar alarm panels on test and remove them from test, and create temporary schedules for each site.

While eSuite provides access to invaluable data that can help better manage security applications as well help to improve overall business processes, it also is a warehouse for sensitive information. Cyberattacks are one of the greatest threats facing businesses today. Hardly a day goes by that there is not a report of another company suffering at the hands of hackers breaching their networks and stealing sensitive customer or personal data.

So how does ADT Commercial help protect its customers who use the eSuite application to manage their security operations?

To begin with, all internal servers receive regular software updates and sit behind layers of security in ADT Commercial’s data center. The company uses third-party certified scanning vendors to scan web applications on a daily basis to ensure the site is secure and any vulnerabilities or identification of malware are eliminated and remedied immediately. As part of that process, ADT Commercial engages the certified security provider to frequently perform penetration tests and scan the eSuite website for the presence of malware, network and web application vulnerabilities, as well as ensure proper encryption protocols, such as TLS, are in place. Passing these comprehensive security scans demonstrates that we maintain a rigorous and proactive security program.

ADT Commercial also blocks direct access to the application servers and uses industry standards and best practices in the development of the application code. The IT team undergoes annual OWASP (Open Web Application Security Project) training and employs other tools to scan the application code pre-deployment to ensure secure coding practices and prevent vulnerabilities such as:

Malicious SQL statements inserted into an entry field for execution.

Cross-site scripting (XSS), a security breach that takes advantage of dynamically generated web pages.

Cross-site request forgery (CSRF), also known as a one-click attack that constitutes a malicious exploit of a website where unauthorized commands are transmitted from a user that the website trusts.

Further safeguards that are built into eSuite include:

Session timeouts due to inactivity are in place requiring users to re-enter his or her credentials in order to access the data.

Validating new eSuite users’ email addresses by clicking a link provided in an email that’s sent when the user account is first set up.

A two-step authentication process that requires the user to set up three security questions, one of which is required along with a password whenever the user logs on. The user can choose to bypass the security question for a specific computer after it has been answered the first time. We also have SMS-based two-factor authentication.

Locking out users after incorrectly entering their login, password, or security question answer three times. That user must then call ADT Commercial customer service to unlock the account.

Passwords and security question answers that are securely encrypted before being stored, using a one-way algorithm/password hashing.

These are just a few of the steps that ADT Commercial takes to ensure that its eSuite data management tool and associated web portal are secure and protected. Providing peace of mind through the use of technology is one of the company’s primary missions, and extends to both products installed at customer sites and the services it offers.

This document, materials or presentation, whether offered online or presented in hard copy (“ADT Commercial Information Tools”) is for information purposes only. ADT COMMERCIAL PROVIDES THESE ADT COMMERCIAL INFORMATIONAL TOOLS “AS IS” WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS OR IMPLIED, INCLUDING, BUT NOT LIMITED TO THE IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.

The ADT Commercial Information Tools contain ADT Commercial proprietary and confidential materials. No part of the ADT Commercial Informational Tools may be modified, altered, reproduced, stored in or introduced into a retrieval system, or transmitted in any form or by any means (electronic, mechanical, photocopying, recording, or otherwise), without the prior written permission of ADT Commercial, except as otherwise permitted by law. Prior to publication, reasonable effort was made to validate this information. The ADT Commercial Information Tools may include technical inaccuracies or typographical errors. Actual savings or results achieved may be different from those outlined in the ADT Commercial Informational Tools. The recipient shall not alter or remove any part of this statement.

Statement of Good Security Practices: IT system security involves protecting systems and information through prevention, detection and response to improper access from within and outside your enterprise. No IT system or product should be considered completely secure and no single product or security measure can be completely effective in preventing improper access. ADT Commercial products and services are designed to be part of a comprehensive security approach, which will necessarily involve additional operational procedures, and may require other systems, products or services to be most effective in ensuring network security and regulatory compliance.