We enabled logging on all critical systems of various types. These logs are ingested by our observability and security platform to monitor operational status and for alerting capabilities
We reviewed every integration into our systems for legal and security purposes.
We performed thorough QA before every release to ensure everything was in order.
We hired reputable security consulting companies to perform penetration testing against our product annually and before every major release.
We reviewed every open-source software before integrating it into our systems.
We use SDLC methodologies to ensure code is written securely and with best practices.
We performed Threat & Vulnerability assessments on all infrastructure and services continuously to ensure issues were timely triaged and resolved.
We enforced branch protection rules to ensure requirements were met before any pushes.
We analyze our application’s dependencies for known vulnerabilities to ensure we maintain known-good versions of third-party usage.
We scan for misconfiguration during the deployment pipeline to ensure infrastructure is configured with best practices.
We automated backups daily and stored the backups encrypted with monitoring and alerting.
Data are encrypted at rest using AES-256 for all storage.
Data sent in transit is encrypted using TLS 1.2 or greater.
We deployed network firewalls in our environments for traffic filtering.
We deployed a mixture of both host and network IDS/IPS systems in our
environments and monitored suspicious traffic through signature-based and
behavioral detections.
We enforced segregation in the network layers according to the best practices to
ensure critical systems were segregated from the rest.
We integrated our VPN with SSO login with MFA requirements.
We monitored our operational status through the observability platform and have alerting capabilities for outages.
We host our infrastructure in Amazon Web Services.
We utilize AWS's DDoS prevention services.
We utilize AWS’s WAF to deter attempts to exploit known vulnerabilities.
We deployed Security Guardrails to prevent deviations from expected behavior.
We use AWS Landing Zones as a baseline to deploy workloads and applications.
We host all critical security logs in an isolated logging account.
We monitor security detections across all our environments through our SIEM platform.
We enforced mandatory disk encryption for all endpoints through our MDM platform.
We manage company devices through our MDM solution to enforce our security policy and ensure automatic updates/patching and remote wipe capability.
We deployed endpoint detection and response tooling across all endpoints to detect anomalous activity and provide telemetry to our SIEM.
We use Identity Providers to manage authentication and authorization for all our applications which enforces MFA logins.
We inventory all our assets through tracking systems to ensure all items or equipment are tracked.
We have an Incident Response process to ensure all investigation procedures are followed and handled properly.
We train our employees on security risks and awareness during onboarding and annually and conduct regular phishing simulations to prepare readiness.
We use a zero-trust access solution to manage access to our infrastructure and employ the principle of least privilege of granting access to employees.
Every activity or access event is logged and monitored through our SIEM platform.
We restricted all access to sensitive data using Security Guardrails and required management approvals for all access requests.
All our infrastructure and access management platforms are enabled with audit logging and these are stored in our isolated logging account and ingested through SIEM for monitoring purposes.