Security at Abusix
The world’s leading Security teams rely on Abusix to automate and support their mission-critical processes.
They trust Abusix to operate securely and to protect their data at all times. We take this trust seriously.
Here, you’ll find an overview of some measures we’ve implemented to ensure security and privacy are critical building stones of our culture and ingrained in our daily operations.
Table of Contents
Compliance
Our information security program is aligned with the industry-accepted framework, SOC2. SOC2 compliance means a company has established and follows strict information security policies and procedures. These policies cover customer data’s security, availability, processing, integrity, and confidentiality. We maintain SOC Type II compliance and are audited annually.
Our compliance stance is an essential part of how we protect customer data; however, we recognize that being compliant is not the same as being secure. As such, we have implemented (and will continue to) a range of additional security controls that provide our customers with further assurance that we prioritize security within the Abusix products and organization.
Security in the product
We provide a number of security features within the Abusix Platform, which help ensure the confidentiality, integrity, and availability of customer information.
SSO/SAML
Abusix supports SSO/SAML by default across all plans. We encourage customers to enable single sign-on in their Abusix tenant.
Granular control over data retention
We believe customer data is a liability and provide easy-to-use platform features that ensure it’s only retained in the platform for as long as is required.
Security in the organization
We place equal importance on security in the Abusix products and security within the Abusix organization. Below is a non-exhaustive list of security measures we’ve implemented at an organizational level.
Access to production systems
We restrict access to production systems to a handful of employees. No contractors or 3rd-parties have access to production. Customer data is prohibited from leaving our production environment. The list of employees with access to production is regularly reviewed.
Security and Privacy Council
We have established a cross-functional group, led by the company CEO, that meets regularly to discuss security and privacy matters. The agenda for Security and Privacy Council meetings typically includes a review of recent incidents, security implications of upcoming features, and ongoing compliance efforts.
Awareness training
Every Abusix employee undergoes security awareness training at least annually after joining.
Security automation
We leverage security automation extensively to alert on suspicious activity across prod and corp environments.
The Abusix Security Posture
You can check Abusix Security Posture at https://trust.abusix.com
If you have additional questions, please reach out to [email protected]
Due to the sensitivity of the information, we might require you to sign an NDA.
Reporting security vulnerabilities
Responsible Disclosure
As a security company, we commit to providing users a secure and trusted platform. We value security researchers and others who keep a watchful eye and responsibly disclose security issues. If you find any security vulnerabilities, please disclose them to us via [email protected].
We ask that you adhere to the following guidelines:
- Do not disclose the vulnerability to 3rd parties
- Do not violate any laws
- Do not disrupt services (DoS/DDoS)
- Do not access, modify, or destroy any accounts or data that do not belong to you.
Out of Scope
- HTTPS / TLS security header suggestions
- Direct testing of 3rd parties
- SPF / DMARC / DKIM / DNSSEC suggestions
- Banner/version disclosure
- Social engineering/phishing/spam