PDQ Connect Security

Architecture Overview

Introduction to PDQ Connect 

PDQ Connect is a web-based device management tool. IT professionals and sysadmins use PDQ Connect to remotely manage the devices in their organization. IT professionals perform actions like scanning endpoints for device information, organizing devices, updating software, or running scripts on devices all remotely through the internet. 

To remotely manage devices, PDQ Connect uses a proprietary agent, developed by PDQ, that sysadmins install on the Windows devices that need to be managed. Once this agent software is installed locally on a device, device information is streamed in real time to the PDQ Connect administrator portal using a secure HTTPS WebSocket. An IT professional can use the online administrator portal to view, edit, organize, and manage their devices.  

Product Architecture

PDQ Connect works over the internet using installed agent software that can run on any Windows device. The agent software uses HTTPS and secure WebSockets to initiate a request from managed devices to PDQ’s server infrastructure over the device’s internet connection. 

When PDQ Connect is used to run device scans and deploy software using the Connect web interface, PDQ’s servers will securely save those requested tasks in the Connect database system. When a device running the PDQ Connect Agent is connected to the internet, it will make an outbound HTTP request to PDQ servers to get any pending tasks. 

Architecture.png

PDQ Connect Agent

To manage a Windows device using PDQ Connect, an administrator must first install the PDQ Connect Agent on the device. 

The agent software runs in the background on your Windows devices and is responsible for running period scans of device information, such as uptime, drive capacity, and installed software. It runs with administrator permissions so that it can perform admin-required package installations and other maintenance activities. 

When you use PDQ Connect to deploy software, the agent software running on the device reaches out to PDQ’s servers over a secure internet connection to receive the package installation instructions. It communicates using both industry-standard HTTPS and WebSocket protocols and certificates to keep scan and deployment information private, and cryptographic signatures are used to ensure that the deployment instructions have not been tampered with. 

PDQ Connect Admin Web Console

Administrators use the PDQ Connect Admin Web Console to configure computers, create packages, and update computers. The Admin Web Console is hosted and provided by PDQ as part of a paid subscription. 

When interacting with PDQ Connect through the web console in a browser, all communications to and from PDQ Connect are encrypted using industry standard HTTPS connections using valid certificates. 

The web console is where administrators can see information about the devices they manage, as well as create and observe package deployments. When packages are deployed to devices, the setup and configuration options of that deployment are sent over that secure connection to PDQ’s servers and saved into the PDQ Connect database. Then they are delivered to the devices as soon as possible.  

Data Security

Encryption

At Rest:

Your information and the information about your end users and devices is securely encrypted by Connect’s servers. That includes all device scan information, deployment logs and statistics information, and custom packages you upload to Connect using the web console, as well as any other data stored in PDQ’s database. All of this data is encrypted at rest. 

In Transit: 

All information travelling between your browser and the PDQ Admin Web Console is encrypted in transit using HTTPS TLS. We also use HTTPS TLS encryption for secure communication between the Connect Agent software and PDQ’s servers. 

Data Isolation

All data within the PDQ Connect databases and services are logically separated and isolated using unique company identities. When data is requested from a service or database, it is isolated to only data that the unique companyID is allowed to access. This means that customers only see their own data and never data from other PDQ Connect customers. 

Data Backups

All critical data is backed up at least daily. Annual tests are performed to ensure data backups can be restored successfully. 

Package Library

PDQ Connect offers an optional feature called the Package Library. This feature allows teams to pull packages for popular applications from PDQ, without having to manage the packages themselves. For example, PDQ keeps the latest version of Chrome available in the package library, making it easy for teams to deploy the latest version of Chrome to target devices.

This is an optional feature included with PDQ Connect, teams can choose to not use this feature and instead manually create packages.

Package Creation Process

To create a software package, a proprietary PDQ system periodically scans software providers for new updates and downloads them to the PDQ package repository. As available, PDQ submits the hashes for these products to a third-party site for reputation analysis, which leverages multiple antivirus engines.

All packages are built using a secured virtual machine that is dedicated for the creation of packages. Once a package has been built, it is manually tested with a group of virtual machines, each having a different version of Windows installed. Each machine is then analyzed to ensure a successful deployment. Furthermore, each package is tested on an additional device that utilizes both antivirus signatures and behavior-based scanning to ensure each package is secure and virus free.

This process is manually verified by a secondary engineer for quality assurance. Once this has occurred, the package is uploaded to the package library and made available in PDQ products.

The packages available in the PDQ Package Library may be found here: https://www.pdq.com/package-library/

Identity & Authentication

Identity & Authentication Overview

PDQ Connect utilizes Auth0, an industry-leading authentication & identity provider, for authentication and password management. PDQ Connect does not collect, process, or use passwords directly. Teams have the option to choose between using SSO or username/password for authentication. All accounts are required to use multi-factor authentication.

Single Sign-On (SSO)

Teams can optionally use Single Sign-On (SSO) to authenticate with and access their PDQ Connect account. By utilizing this method, teammates do not have a set username and password with PDQ and instead leverage their existing accounts to access PDQ Connect. Existing SSO options are Google, Microsoft Live, and Microsoft Azure AD. SSO authentication is the recommended option for managing authentication.

Password Requirements

For teams that authenticate with username and password, passwords must be a minimum of eight characters, and contain upper case, lower case, contain at least one number and at least one symbol. Passwords do not expire but can be reset as needed. 

Multi-Factor Authentication

All teams using PDQ Connect are required to use multi-factor authentication to access the product. This is not an optional security requirement and cannot be toggled off. 

Managing Product Access

Teams control and manage who has access to the PDQ Connect Admin Web Console. Administrators can invite teammates, edit permissions, or remove teammates from their team through the account management page at sales.pdq.com/members. Teammates may also be invited from the PDQ Connect console itself, and this is covered in the following article: Adding Teammates to PDQ Connect. PDQ does not manage permissions or access on-behalf of customers.

Password Reset

For teams who chose to use a username and password with PDQ, teammates can reset their password using a password reset link. When the password reset link is used, an email is sent to the teammate’s inbox with instructions. To reset a password, the teammate must have access to the inbox associated with their account. PDQ does not reset passwords on behalf of customers. 

Account Restoration

For security reasons, PDQ cannot restore access to an account where an administrator left a team, or an administrator forgot their username. In these instances, PDQ recommends that teams restore the inbox of administrators and use the password reset option.

Operational Security

System Access

PDQ.com employs the principle of least privilege across all internal systems to ensure that employees are only granted access necessary to accomplish assigned organizational tasks. 

PDQ ensures that, at minimum, the RBAC policy establishes and enforces RBAC on the following elements:

  • Core business suite
  • Software development system
  • Cloud service providers (CSP)
  • Other business critical systems

Vulnerability Prevention

PDQ has established a Vulnerability Monitoring and Scanning Program designed to monitor and scan for internal and external vulnerabilities in systems and hosted applications at least weekly (or more randomly) to identify, quantify, and prioritize vulnerabilities. PDQ also identifies and implements code analysis tools in the organization’s development pipeline to regularly scan both static and dynamic codebases to check for vulnerabilities. Processes ensure that the scope of any vulnerability is defined and documented prior to the initiation of a vulnerability assessment.  

PDQ also ensures that all findings from vulnerability scans are analyzed and documented on a weekly basis and are remediated in accordance with the organization's risk tolerance. PDQ shares information obtained from the vulnerability monitoring process and control assessments with key stakeholders to help eliminate similar vulnerabilities in other systems.  

Other Security Topics

Security Audits

PDQ performs annual human-based and weekly automated penetration tests to identify vulnerabilities that could be exploited to gain access to its production environment.  PDQ Corporation will ensure that in-scope assets are documented prior to the initiation of any penetration test. PDQ’s internal Connect team has committed to an internal SLA to remediate issues found by these tests. 

Additionally, PDQ has engaged a third-party bug bounty program that pays out for non-publicly disclosed vulnerabilities.

Certifications

PDQ takes security seriously and realizes the value of independently audited security certifications. We are undergoing an audit for SOC 2 Type 1 and will be directly undergoing a Type 2 audit following that. 

Third Party Vendors

PDQ Connect utilizes a handful of services that are required to provide product functionality. These third-party vendors process data for PDQ and include:

Provider Service Notes

Auth0

Authentication Used for managing user authentication and passwords. 
Mixpanel Usage tracking Used for tracking feature usage in PDQ Connect. 
Stripe Payments Used for managing subscriptions and storing payment information. 
LaunchDarkly Feature enabling Used for enabling or disabling certain product features. 
Mouseflow Usage tracking Used for tracking mouse locations and feature usage. 
Chargebee Payments Used for identity and account management. 
Sentry Logging Used for identifying and logging bugs or other product issues. 
Still have a question or want to share what you have learned? Visit our Community to get help and collaborate with others.