Our commitment to security

Identifies and prevents security flaws during CI/CD with code security scanning tools.

Prevents any chance of an accidental code merge with Credential Checking.

Trains on secure code development (OWASP Top 10 Secure Coding Practices, etc.).

Block the latest threats with our Web Application Firewall (WAF).

Mitigate attacks with robust Content Security Policy headers.

Peer review code changes before being merged to a protected main.

Run-time monitoring and detection for application exploits.

DDoS mitigation at both the application layer (CDN provider) and the network layer (cloud service provider).

Data is encrypted at rest and in transit using known strong protocols and ciphers.

Access to data is reviewed and authorized.

Authentication uses 2FA with phishing-resistant hardware.

Hosted on reputable cloud services provider, Amazon Web Services (AWS).

Peer reviews of infrastructure changes, Infrastructure as Code vulnerability security scans, Compliance as Code compliance scans, and quick recovery for failover with Infrastructure as Code.

Anomaly detection supported by GuardDuty as well as third-party security services from trusted vendors.

Cloud Security Posture Management deployed and informs on vulnerabilities and misconfigurations.

Vulnerability management process to mitigate vulnerabilities in a timely manner.

DNSSEC to help prevent domain spoofing.

Deployed security tooling to detect and protect.

Devices centrally managed with MDM with known hardened security configurations, such as firewalls, patching, and encryption.

Endpoints protected with endpoint detection and response capabilities to monitor for malicious activity and associated chain of events.

Filter malicious requests that could harm employees (or our company) with Advanced DNS Filtering on endpoints and endpoint network protections.