SOCRadar® Cyber Intelligence Inc. | Security
Home

Security

Security of Data Centers

Data Centers – SOCRadar stores its service data at physically secure data centers in the Netherlands. We use Google Cloud Platform (https://cloud.google.com/).

Data Center Compliance – Our data center has the relevant best practice compliance certificate.

Learn more about: https://cloud.google.com/compliance

Physical Security of Data Center – The data center’s security is safeguarded through various strategies, including the rigorous management of access for staff and third parties to the premises. Regular audits of access permissions are conducted alongside 24/7 surveillance of operations and incidents. Physical entry points to server areas are monitored via CCTV, complemented by sophisticated electronic systems to detect unauthorized intrusions.

Disaster Recovery – Data centers control the climate and temperature to avoid overheating and are outfitted with automated fire detection and extinguishing systems, alongside systems for detecting water leaks. Additionally, the monitoring of electrical and mechanical machinery is conducted. The data center operates with redundancy and is up kept around the clock. When SOCRadar electronically duplicates user data outside the data center, it ensures the physical security of the data and encrypts it continuously.

Uptime of the Service – Infrastructure providers commit to using commercially acceptable efforts to guarantee a minimum uptime of 99.9%. To ensure reliability, they uphold at least N+1 redundancy for power, network, and HVAC services.

Failover Protection – Backup and replication tactics are implemented to provide redundancy and failover safeguards in the event of a major processing breakdown. SOCRadar secures its data by storing it in several robust data repositories and replicating it across multiple availability zones. SOCRadar employs commercially viable efforts to produce regular, encrypted backup copies of user data in geographically diverse locations.

Redundancy – Where possible, production databases are configured to mirror data between at least one primary and one secondary database. All databases are preserved and backed up by employing methods that meet or exceed industry standards.

 

Office Security

Location – SOCRadar operates internationally, with multiple offices located around the globe, including in the USA, UK, India, Turkiye, among others. Given the widespread nature of our office locations, we place a high priority on security.

Physical Security of Offices – Our offices are outfitted with video monitoring and systems for detecting unauthorized entry. An access management system controls all office areas, permitting only registered employees and visitors with temporary access cards to enter. According to company policy, visitors are required to be escorted by designated employees at all times.

Fire Protection – Every office complies with fire safety standards and is furnished with fire alarm and firefighting systems.

 

HR Security

Confidentiality Agreement – Our employees and contractors must execute a non-disclosure agreement (NDA) before commencing their duties.

Security Awareness – Security awareness training is provided to all new hires, with annual refreshers for all staff. The training is delivered via an electronic platform, complemented by distributing materials and posters throughout our offices.

Developer Training – We offer our product developers training based on OWASP’s secure programming best practices. Additionally, an annual Capture the Flag (CTF) competition is organized for all employees.

 

Operational Security

Data in Transit – SOCRadar employs TLS 1.2 or superior encryption (also known as the HTTPS communication protocol) across its entire website. SOCRadar implements HTTPS by adhering to industry-standard algorithms and certificates.

Data at Rest – Information that is stored is safeguarded through encryption techniques. Data centers employ AES-256 encryption to ensure the secure storage of data. To securely store information on our endpoints, we utilize robust encryption practices.

Access to Personal Data – Personal data is safeguarded with adequate security measures to block unauthorized access. Access to personal data by staff is restricted based on their roles and is granted only to those who require it for their duties. During transmission, personal data is encrypted. All employees access company resources using a VPN. We employ reliable tools like Google IAP to manage access to certain resources, enhancing our control over access and bolstering information security.

Logging and Monitoring – All activities related to infrastructure and applications are recorded, with the most critical ones being sent to a SIEM tool for surveillance. Access to audit trails and logs is limited to authorized staff, determined by their roles and duties.

Patch Management – SOCRadar has set up a system for detecting security vulnerabilities, obtaining, evaluating, and consistently applying patches (software updates) or modifications in configurations to the relevant applications/systems throughout the company’s infrastructure. Additionally, we conduct regular vulnerability scans with the services of an approved QSA (Qualified Security Assessor).

Access Control – Access control systems for the network are in place to block unauthorized protocol traffic from accessing the SOCRadar service infrastructure. The specific technical solutions vary among infrastructure providers and encompass strategies such as Virtual Private Cloud (VPC) setups, assignments of security groups, and conventional firewall regulations. Moreover, all applications handling sensitive data employ Single Sign-On (SSO) and Two-Factor Authentication (2FA) for user verification.

Password Policy – SOCRadar has established a consistent password policy across its internal services, tools, and features. All passwords must meet specified minimum criteria and are kept in an encrypted format. Users engaging with these services are mandated to utilize a password manager for the secure storage of their passwords.

Change Management – SOCRadar has developed a change management strategy to minimize the risk of unauthorized or harmful modifications to applications/systems. Every alteration undergoes peer review, testing, and documentation by the SOCRadar Change Manager for auditing purposes before it is implemented in the production environment.

 

Privacy

Third-Parties – SOCRadar protects processed data by maintaining contractual relationships with third-party vendors. The organization depends on these contractual agreements, privacy policies, and vendor compliance practices to safeguard any data processed or stored by these suppliers.

Privacy Laws – In processing personal data, we employ suitable technical and organizational safeguards to comply with relevant privacy legislation. We have implemented various policies and procedures, both internally and externally, including the General Data Protection Policy, Privacy Policy, Subject Access Request Policy, procedures for employees to manage subject access requests, data breach protocols, and additional documents as mandated by applicable laws.

Supplier Security Verification – We conduct a security validation process for each of our suppliers and continuously oversee all third-party vendors through our cybersecurity assessment platform.

Personal Data Retention – Once a user’s personal data is no longer required for its original purposes, it is deleted. Nonetheless, we might keep copies of this data and information as allowed or mandated by law for archival reasons or if it is produced by automatic computer backups and stored as part of standard computerized archiving systems while implementing the requisite technical and organizational safeguards.

GDPR – Since January 06, 2018, SOCRadar’s offerings have complied with the GDPR. We have implemented the following steps to ensure adherence to GDPR mandates:

  • Gather only the essential information needed to deliver our services.
  • Ensure data processing is done legally.
  • Keep and provide customers with a directory of sub-processors, including their purpose.
  • Establish data processing agreements with our clients and suppliers that outline each party’s security duties and privacy obligations.
  • Promote our services to clients and potential clients in a way that honors their GDPR rights.
  • Implement a privacy policy that details our data collection methods.
  • Additionally, we keep track of and adhere to privacy laws from other nations, such as the CCPA, etc., to guarantee personal data protection.

 

Application Security

Separate Environment – Staging, testing, and development environments are kept distinct from one another logically. Neither personal nor service data is utilized within the testing or development settings.

SDLC – The Secure Software Development Lifecycle (SDLC) is a framework adopted by organizations for creating secure applications. It outlines the methods for embedding security throughout the software development lifecycle. A secure SDLC ensures that activities aimed at assuring security, including design reviews, architecture analysis, code assessments, and penetration testing, are fundamentally incorporated into the development process.

Release Management – SOCRadar employs a DevOps culture to deploy its product, blending cultural philosophies, practices, and tools to enhance the organization’s capacity for delivering applications and services rapidly. This approach allows for the continuous evolution and improvement of products at a quicker rate compared to organizations relying on conventional software development and infrastructure management methods.

External Threat Protection – Our quality assurance team is tasked with ongoing testing to ensure product quality, in addition to carrying out fundamental security assessments.

Code Review – The Security team conducts targeted inspections of the code within SOCRadar’s source code repositories, evaluating adherence to coding best practices and searching for recognizable software vulnerabilities.

Penetration Testes – SOCRadar carries out penetration testing biannually, additionally employing a PTaaS (Penetration Testing as a Service) provider to supply pen testing services in an agile manner to our teams. The purpose of these tests is to detect and address possible attack vectors and scenarios of misuse. Moreover, for new features, the Security team (known as the purple team) performs penetration testing in line with the release policy.

Bug Bounty Program – The Bug Bounty program encourages independent security researchers to ethically identify and report security vulnerabilities, offering them incentives for their discoveries. SOCRadar has established a Bug Bounty program as part of its strategy to expand engagement with the security community and enhance the service’s protection against complex attacks.

 

Incident Management

System Logging – SOCRadar’s infrastructure is structured to record details regarding system operations, incoming traffic, system logins, and various application inquiries. Log data is compiled by internal systems, which then notify relevant staff members about any suspicious, unexpected, or irregular activities. The SOCRadar team, security personnel included, is prepared to respond promptly to security incidents.

Notification in Case of Incident – Should SOCRadar detect unauthorized access to data housed in its services, we will inform the impacted users about the breach, detail the measures being undertaken to address the incident, and offer updates on the situation to the users as required.

Incident Response – SOCRadar keeps a log of recognized security incidents, detailing descriptions, timelines of significant actions, and the outcome of each incident. Both suspected and verified security breaches are scrutinized by our security, operations, and support teams. Steps for proper resolution are pinpointed and recorded. In the case of verified incidents, SOCRadar implements necessary actions to reduce harm to users and prevent unauthorized information leaks, as well as to avert similar future occurrences.

 

Security Management and Compliance

Security Policies and Procedures – We have established policies that are shared with all staff members. Additionally, certain policies are specifically communicated to the personnel they impact. These policies encompass the principal aspects of information security.

ISO 27001 and SOC2 Compliance – We have fully established and upheld all processes in line with ISO 27001 certification and SOC2 Type I and Type 2 reports. Annually, we verify our adherence by undergoing an independent audit. Consequently, we have secured ISO 27001 certification and completed SOC2 Type I and Type 2 reports. Moreover, we have broadened the application of specific standards to encompass the entire company, incorporating training for all staff members, developer training, data transmission, and storage practices.

Risk Management – SOCRadar has established and put into practice a risk management program, outlining the approach for identifying, analyzing, evaluating, addressing, and monitoring information security risks.

Specific teams conduct risk assessments at least once a year or whenever significant changes occur in the technology, organization, business, or legal frameworks.

The probability and consequences of risk events are utilized to determine the risk level and its importance according to the criteria set out in the Risk Assessment Methodology.

 

SOCRadar Public Vulnerability Disclosure Policy

Purpose
The purpose of this policy is to establish a clear process for reporting security vulnerabilities found in SOCRadar systems and services. It encourages responsible disclosure to improve the security and integrity of SOCRadar’s infrastructure, products, and data.

Scope
This policy applies to all individuals or organizations (researchers, security professionals, or any member of the public) who may discover a vulnerability related to SOCRadar’s infrastructure, applications, data, or services.

1. Reporting a Vulnerability

1.1 Identification and Reporting
If you identify a potential security vulnerability within SOCRadar’s infrastructure or services, please report it immediately by contacting us at [email protected].
Provide sufficient details to reproduce and analyze the vulnerability:

  • A detailed description of the vulnerability
  • Steps to reproduce the issue
  • The potential impact and any associated risks
  • Any related screenshots or supporting materials

1.2 Safe Harbor Clause
SOCRadar will not take legal action against anyone who discloses a vulnerability responsibly and in accordance with this policy, provided their actions are in good faith and in line with responsible disclosure practices. Activities such as exploitation or data extraction during research are not permitted.

2. Responsible Disclosure Guidelines

2.1 Confidentiality
Please keep the details of any discovered vulnerabilities confidential until SOCRadar has been able to investigate and address the issue. Avoid making any information about the vulnerability public until receiving approval from SOCRadar.

2.2 No Data Access or Disruption
While testing, ensure that you:

  • Do not exploit or utilize the vulnerability to access, modify, or delete data.
  • Avoid causing any form of disruption or degradation to our services.
  • Do not access other user’s data or compromise the privacy of any SOCRadar client.

2.3 Testing
You may only test vulnerabilities on your own accounts and resources without affecting other users’ privacy or systems. Vulnerability scans, penetration tests, or automated scripts should be done within the defined scope and must not target critical production systems unless permitted.

3. SOCRadar’s Commitment

3.1 Investigation and Remediation
SOCRadar will:

  • Acknowledge your report within 5 business days.
  • Conduct a thorough investigation to confirm the vulnerability.
  • Provide updates on the remediation progress.
  • Notify you once the issue has been resolved and provide guidance on responsible disclosure.

3.2 Public Recognition
We appreciate the efforts of security researchers in identifying vulnerabilities and helping us improve. Upon request, we are happy to acknowledge your contribution publicly after the issue is resolved.

4. Exclusions

Some types of findings do not fall within the scope of this policy:

  • Social engineering attacks.
  • Physical security vulnerabilities.
  • Denial of Service (DoS) or brute force attacks.
  • Spam or email-related vulnerabilities.

5. Legal Safe Harbor

By adhering to this policy, SOCRadar guarantees that:

  • No legal action will be taken against you for reporting vulnerabilities in good faith and following responsible disclosure.
  • Actions taken in violation of this policy (e.g., exploiting data) may result in legal consequences.

Contact Information
For any security-related inquiries or to report a vulnerability, contact us at [email protected].