Cybereason is a cybersecurity technology company that provides a SaaS-based security platform and services. The security of our assets and customers is of the highest importance. We invest tremendous efforts in the security and protection of our information and product, and we comply with the highest standards of security and privacy.
Cybereason has a very strict access control policy. Access configuration is performed using a role-based approach where access is granted to roles rather than individuals, and on a per need basis.
Access management processes are set to make sure access is provisioned and de-provisioned accurately and promptly.
Both data in transit and data at rest are encrypted using common encryption mechanisms such as AES 256, TLS 1.2 and above.
Cybereason has a BCP (Business Continuity Program) including disaster recovery and backups to all customers’ environments. The BCP is tested annually. Backups are checked on a daily basis.
Cybereason’s SDLC process includes the Cybereason Security Team as a stakeholder. Our Security Team is involved in all R&D processes: setting security requirements, designing, code reviews and penetration tests based on OWASP guidelines
Cybereason’s Security Team performs monitoring on customers’ environments using an SIEM platform and Cybereason platform (EPP and EDR) to detect cyber threats. The Security Team manages security incidents according to best-in-class incident response processes.
Customers’ environments are built within a virtual private cloud (VPC). Within the VPC, customer’s environments and data are segmented, so customers can only access their own environment and data.
The service architecture is built according to best practices in layering, traffic management and use of cloud native security features.
Servers and cloud components are hardened according to best practices.
Cybereason is audited on a yearly basis by external auditors:
Cybereason complies with the CSA - Cloud Security Alliance standard and meets cloud security controls.
Cybereason is certified to the EU-U.S. and Swiss-U.S. Privacy Shield frameworks as administered by the U.S. Department of Commerce. To learn more about the Privacy Shield Frameworks, please visit privacyshield.gov.