On-Demand Webinar


Security

Cybereason is a cybersecurity technology company that provides a SaaS-based security platform and services. The security of our assets and customers is of the highest importance. We invest tremendous efforts in the security and protection of our information and product, and we comply with the highest standards of security and privacy.

Data Security

Cybereason takes data security seriously and invests in protecting our customers’ data. We implement security measures and maintain policies and procedures to comply with best-in-class data security standards and local and international regulations for data security and privacy. For more information regarding privacy, please see our Privacy Policy

Access Management

Cybereason has a very strict access control policy. Access configuration is performed using a role-based approach where access is granted to roles rather than individuals, and on a per need basis.

Access management processes are set to make sure access is provisioned and de-provisioned accurately and promptly.

Encryption

Both data in transit and data at rest are encrypted using common encryption mechanisms such as AES 256, TLS 1.2 and above.

Business Continuity & Backups

Cybereason has a BCP (Business Continuity Program) including disaster recovery and backups to all customers’ environments. The BCP is tested annually. Backups are checked on a daily basis.

Application Security

Cybereason’s SDLC process includes the Cybereason Security Team as a stakeholder. Our Security Team is involved in all R&D processes: setting security requirements, designing, code reviews and penetration tests based on OWASP guidelines

Security Incidents Management

Cybereason’s Security Team performs monitoring on customers’ environments using an SIEM platform and Cybereason platform (EPP and EDR) to detect cyber threats. The Security Team manages security incidents according to best-in-class incident response processes.

Cloud Security Architecture

Customers’ environments are built within a virtual private cloud (VPC). Within the VPC, customer’s environments and data are segmented, so customers can only access their own environment and data.

The service architecture is built according to best practices in layering, traffic management and use of cloud native security features.

Servers and cloud components are hardened according to best practices.

Audit and Compliance

Cybereason is audited on a yearly basis by external auditors:

  • IQC to comply with:
    • ISO-27001 Information Security Management standard
    • ISO-27017 Cloud Service Provider Security standard
    • ISO-27018 Privacy in Cloud Services standard
  • EY (Ernst and Young) to conduct SOC-2 audit

Cybereason complies with the CSA - Cloud Security Alliance standard and meets cloud security controls.

Cybereason complies with the General Data Protection Regulation ("GDPR") and all privacy laws applicable to Cybereason's business. Cybereason monitors GDPR and related privacy laws to support ongoing compliance. For more information regarding privacy, please see our Privacy Policy.

Cybereason is certified to the EU-U.S. and Swiss-U.S. Privacy Shield frameworks as administered by the U.S. Department of Commerce. To learn more about the Privacy Shield Frameworks, please visit privacyshield.gov.

Reporting security issues

Security is core to our values, and we value the input of security researchers acting in good-faith to help us maintain a high standard for the security and privacy for our users. This includes encouraging responsible vulnerability research and disclosure.

To report a vulnerability directly related to Cybereason products or services, please use this address: security@cybereason.com