<img height="1" width="1" style="display:none" src="https://www.facebook.com/tr?id=116645602292181&amp;ev=PageView&amp;noscript=1">

Security

Cybereason is a cybersecurity technology company that provides a SaaS-based security platform and services. The security of our assets and customers is of the highest importance. We invest tremendous efforts in the security and protection of our information and product, and we comply with the highest standards of security and privacy.

Data Security

Cybereason takes data security seriously and invests in protecting our customers’ data. We implement security measures and maintain policies and procedures to comply with best-in-class data security standards and local and international regulations for data security and privacy. For more information regarding privacy, please see our privacy policy: https://www.cybereason.com/privacy-policy

Access Management

  • Cybereason has a very strict access control policy. Access configuration is performed using a role-based approach where access is granted to roles rather than individuals, and on a per need basis.
  • Access management processes are set to make sure access is provisioned and de-provisioned accurately and promptly.

Encryption

Both data in transit and data at rest are encrypted using common encryption mechanisms such as AES 256, TLS 1.2 and above.

Business Continuity and Backups

Cybereason has a BCP (Business Continuity Program) including disaster recovery and backups to all customers’ environments. The BCP is tested annually. Backups are checked on a daily basis.

Application Security

Cybereason’s SDLC process includes the Cybereason Security Team as a stakeholder. Our Security Team is involved in all R&D processes: setting security requirements, designing, code reviews and penetration tests based on OWASP guidelines

Security Incidents Management

Cybereason’s Security Team performs monitoring on customers’ environments using an SIEM platform and Cybereason platform (EPP and EDR) to detect cyber threats. The Security Team manages security incidents according to best-in-class incident response processes.

Cloud Security Architecture

  • Customers’ environments are built within a virtual private cloud (VPC). Within the VPC, customer’s environments and data are segmented, so customers can only access their own environment and data.
  • The service architecture is built according to best practices in layering, traffic management and use of cloud native security features.
  • Servers and cloud components are hardened according to best practices.

Audit and Compliance

Cybereason is audited on a yearly basis by external auditors:

  • IQC to comply with ISO-27001 security standard
  • Ernst and Young to conduct SOC-2 audit

Cybereason complies with the CSA - Cloud Security Alliance standard and meets cloud security controls.

Cybereason complies with the General Data Protection Regulation ("GDPR") and all privacy laws applicable to Cybereason's business. Cybereason monitors GDPR and related privacy laws to support ongoing compliance. For more information regarding privacy, please see our privacy policy: https://www.cybereason.com/privacy-policy.

Cybereason is certified to the EU-U.S. and Swiss-U.S. Privacy Shield frameworks as administered by the U.S. Department of Commerce. To learn more about the Privacy Shield Frameworks, please visit https://www.privacyshield.gov/.

CERTIFICATIONS

Star Access (Cloud Security Alliance)

E.U. -U.S. Privacy Shield

SOC2 Type 2

ISO 27001