APA Enterprise Security | Agentic App Store | Automation Anywhere

APA security is ingrained within every aspect of the Automation Anywhere platform, and is now extended to enhance trust in automations. With the application of our bot security framework, all automations including those built in-house, by partners, or procured from Agentic App Store, can now be deployed reliably with secure automation development practices in alignment with prevailing Confidentiality, Integrity, and Availability (CIA) cybersecurity principles and best practices.

Check out the Developer Portal for security related topics as well as discover new developer tools, tips and training.

INTEGRATED SECURITY PRACTICES

Essential Incorporation of best practices into every step of the development process.

MULTI-TIERED EVIDENCE-BASED CRITERIA

Evidence of security inclusion in automation development to suit the strictest requirements and validated by external security experts.

SECURE DEVELOPER TRAINING

Curriculum and testing based on our deep industry knowledge of security best practices.

Why Bot Security?

Reduce risk of internally and externally developed automations.
Meet the most rigorous governance, trust, and compliance requirements.
Speed expansion of your RPA practice by passing InfoSec reviews more quickly.

Bot Security Levels

In partnership with cyber security experts, Bot Security encompasses four (4) progressive levels of security designation.

Level 1: Malware Scan

Automation Anywhere scans the automation package for malware to ensure that the package is secure.
Every automation on Agentic App Store has a Level 1 certification, at a minimum.

Level 2: Self-Attestation & Developer Training

Includes Level 1 security certification requirements.
Automation developers must complete the Secure Bot Developer learning path.

Our learning path has three components: Secure Bot Design, Secure Bot Development, and Secure Bot Deployment.
Each component includes a test which developers must pass.
Agentic App Store reserves the right to verify training and successful testing.
Agentic App Store also reserves the right to perform a cybersecurity assessment in order to validate that an automation employs development best practices.

Automation developers must self-attest that their automation was developed with software security controls and best practices in place.
Self-attestation of best practices is designed to secure against the OWASP Top 10 and CVE Top 25 threats. Self-attestation establishes that:
- Authentication and authorization patterns are secure and well documented.
- Dependent libraries are disclosed and scanned.
- Cryptographic capabilities obey industry standards.
- Network access of all types is conducted via secure channels.
- All resource access is well documented and the least privilege principle is applied.
- Sensitive information and credentials are stored in the Credentials Vault.
- Exception handling does not compromise privileged information.

Level 3: Threat Model and Static Analysis

Includes all of Level 2 security certification requirements.
Security partner provides a Level 3 report which contains the following information:
- A completed Data Flow Diagram explaining the automation process and operation.
- A Threat Model outlining top threats to automation processes and assets.
- Automation Scan Results and Analysis Statements explaining mitigation strategies and compensating controls to prevent identified top threats.
- Clean results of malware scan of automation binary.
- Completed source code scan and proof of remediation of identified vulnerabilities.
- Evidence of dependency and third-party library security.

Level 4: Penetration Test

Includes all of Level 3 security certification requirements.
Security partner provides a Level 4 report which contains the following information:
- A detailed outline of the testing scope for the automation in an environment consistent with how it would be deployed in a real-life environment.
- A test plan with completed results as well as the completion of mandatory test cases.
- Evidence of remediation or remediation plan for any identified issues.

Business and IT can now rely on secure APA development with the only security framework for automations.

Featured Secure Automations

CoE Manager Activity Logs (On-Premise Control Room)

by Automation Anywhere Labs

RPA Development

AA Log Management

by Lets Automate

Customer Service & Support

Information Technology

Data Extraction with the Klippa OCR API Package

by Klippa App BV

Finance & Accounting

RPA Development

Language Translation and Text Utility

by Lets Automate

Customer Service & Support

Human Resources

Information Technology

COVID-19 Risk Detector

by Infinite Learning

Decimal Rounding Off Bot

by Lets Automate

Finance & Accounting

Language Translation and Text Utility Using IBM Watson

by Lets Automate

Customer Service & Support

Information Technology

Impact Analysis Using Correlation Model

by Nextgen Invent Corporation

Finance & Accounting

Information Technology

Sales Forecasting Model Using SARIMAX Algorithm

by Nextgen Invent Corporation

Finance & Accounting

Customer Segmentation Model

by Nextgen Invent Corporation

Customer Service & Support

Chrome Cache Cleaner

by IV2 Tecnologia e Sistemas

by Lets Automate

Human Resources