Threat Stack has successfully completed a Type 2 SOC 2 examination for the Security and Availability Trust Services Principles for the intrusion detection platform and Oversight service offerings. See our announcement here.
The SOC 2 report provides assurance to our customers and our own team that the organization has designed and implemented effective security controls as defined in the SOC 2 standards set forth by the American Institute of Certified Public Accountants (AICPA).
A copy of our SOC 2 report is available upon request. Please contact your sales representative or account team.
Security, compliance, and privacy are first class citizens at Threat Stack, no more or less important than any of our other operating principles. Here are some popular features in the Threat Stack intrusion detection platform that our customers leverage to use the product more securely.
- Single Sign On (SSO) with SAML
Tested against market-leading solutions, allows teams to bring their own access control policies and access auditing capabilities. See our support documentation for more information.
- Multi Factor Authentication (MFA, 2FA)
For teams that do not want to bring their own SSO solution, our authentication system supports MFA natively. You may use your preferred mobile app to manage these codes.
- Secure Agent Repositories
The Threat Stack Agent is one of the most critical pieces of our infrastructure because it’s installed software on customer systems. Once an Agent has successfully completed our rigorous security checks and SDLC for release, it is made available through standard Operating System package managers with verifiable keys. See our support documentation for more information.
- AWS Integrations are Read-Only
Whenever the Threat Stack intrusion detection platform integrates with your AWS account, the principle of least privilege is applied. We request read only access to only the services we need access to, nothing else. See our support documentation for more information.
- Data Portability via APIs & Webhooks
Common use cases include e-Discovery and archival on top of our existing data retention. Additionally customers will use these features to enhance their SIEM, internal chat and email, and page dispatching tools with our data. It doesn’t matter the use case, we believe in data portability. See our support documentation for more information.
- Data Integrity via Insert Only Storage
The technology behind the intrusion detection platform is designed to store critical Customer Data in an insert only manner, ensuring that we can preserve the integrity and availability of your data over time. Data collection via the Agent and AWS integrations has no notion of updating data. You don’t need to do anything extra to leverage this feature; it just happens.
- Analysis of Associated Activities
The agent collects and transmits user, process, network, and file activities to the Threat Stack Cloud Security Platform where data is aggregated and analyzed. However, it does not collect any data from within those activities. For example, although we may see that a network connection was made, we will not see the data that was transmitted. Similarly, we may see a file was touched, but not what was in the file.
All of our products and services are hosted in Amazon Web Services (AWS). None of Threat Stack’s facilities have any special peering or relationship with our AWS infrastructure, requiring multiple layers of access controls regardless of where they are performing their job from.
Amazon Web Services is responsible for the security and compliance programs of the cloud infrastructure that Threat Stack builds on top of. More information can be found on their portal.
All private data exchanged with Threat Stack over the internet is encrypted in transit. Insecure communication is automatically redirected to use secure TLS endpoints, except for the endpoints that the Threat Stack Agent connects to, which only accepts secure communication.
Known vulnerable protocols, such as SSL and some versions of TLS, are disabled on our endpoints.
All network attached storage (AWS EBS, RDS, and S3) is provisioned with encryption enabled.
Credit Card & Payment Information
Threat Stack never stores or receives credit card and payment information on its systems. We’ve partnered with a third-party, PCI-certified vendor for credit card processing.
Reporting Security Issues
At Threat Stack we take any reports of vulnerabilities seriously. If you encounter a security issue with any of our software or services, please report it to [email protected] We have an internal SLA for responding to such issues, and are committed to responding and fixing any issues promptly.
Please note that it is against our Terms of Service to run automated security scanning tools against our system without prior approval.
If you feel it is necessary due to the sensitivity of your message, PGP encrypt the contents of e-mails to [email protected] with the Key ID 523A9C07, which is available on the standard key servers. Doing so will likely delay our response as only certain team members are able to decrypt that key.