Adaptive Shield - Security Overview

Last updated: October, 2021

In addition to creating the world’s most advanced  SaaS Security Posture Management offering, we are also dedicated to protecting our solution, in accordance with industry best standards and practices. Our customers demand the highest levels of data security, and we are committed to ensuring that it meets their standards. We have surpassed expectations of some of the most sophisticated, security-minded organizations in the world. Below is Adaptive Shield’s security overview:

Data Collected and Retained through Adaptive Shield’s platform

Adaptive Shield’s platform collects metadata such as security settings and configurations, user permissions, profiles, audit logs, etc. Adaptive Shield does not collect user or enterprise data such as contents of Email boxes, or business data stored in the SaaS solutions it monitors.

Procedures

Adaptive Shield is ISO 27001 compliant as well as GDPR compliant. Adaptive Shield maintains a Written Information Security Policy (WISP), and follows common best practices such as Environment Separation (Dev, Staging, Production), and Patch management. 

Application Security

Adaptive Shield uses its own permission platform to ensure that customer data is only accessed by the relevant customer’s users. 

Adaptive Shield performs code review and uses Static code analysis scans on its proprietary and 3rd party code packages and libraries as part of its CI/CD pipeline. Adaptive Shield complements this with Dynamic web vulnerability scanning on the application while running, using a Web security scanner both in an authenticated and unauthenticated state.

Infrastructure Security

Adaptive Shield’s infrastructure is protected using multiple tools, including:

  • Servers and databases are kept within private subnets that are closed off to the internet.
  • Web Application Firewall is in place.
  • Output encoding is performed in order to prevent XSS attacks.
  • Input validation is conducted on all of the APIs exposed to the customer side.
  • Penetration tests and IT risk assessment are conducted annually by a 3rd party.

The infrastructure and its protections are reviewed and monitored regularly to verify its integrity.

Data Encryption

Adaptive Shield only collects metadata, and its security is a top priority. Traffic is encrypted using TLS 1.2 at minimum with modern cipher suites, and when at rest data is encrypted using AES-256 or similar encryption. Field encryption is performed as needed using an HSM based KMS. Keys are rotated regularly and alerts are in place for access events. Credentials are hashed and salted using modern hash functions according to industry best practices. 

Access Security

The Adaptive Shield platform fully supports access control:

  • SSO Support (with Big Bang SSO).
  • Native MFA support. 
  • Self Service Password Reset. 
  • Account Lockout and Session Duration are configurable by the customer. 

Adaptive Shield offers an IP Allow Listing from the platform side and from the customer side. The platform supports an option for the customer to create an IP Allowlist of the account’s trusted IPs, for limiting and controlling access to the platform. Adaptive Shield maintains a pool of static IP addresses from which it monitors the different SaaS integrations; these IP addresses can be added to the Allow List on the customer's end in order to increase security and tighten monitoring. 

Customer Access Control

Customers have full access to Audit Logs of the Adaptive Shield platform. This allows full monitoring of User Activity as well as API Activity. Customers also have access to the System Activity, allowing visibility into the platform’s activity as it communicates with the connected SaaS applications. 

Customers can use four types of user roles in order to limit access to the Adaptive Shield platform. Also, customers can use the scope role to limit permissions of users to specific connected SaaS.

Adaptive Shield Access Control

Security starts at home, and we at Adaptive Shield practice what we preach. Employees are granted access rights in accordance with the least privilege principle. 

Management traffic is conducted out-of-band and is encrypted using VPN, which requires personal client side certificates.

Access rights and Access policies are regularly reviewed. Suspicious events, abnormalities, unexpected behavior, and sensitive activity are centrally monitored and alerts are in place.

Security Awareness and Training

Security at Adaptive Shield is dependent on its employees, therefore Adaptive Shield makes sure they are fully trained. All employees undergo information security awareness training during onboarding. Further security training is provided on a yearly basis. When new threats are discovered, all employees are fully briefed on the matter and trained to avoid and mitigate such threats. 

Disaster Recovery and Backups 

Full Point in Time backups are conducted daily and are retained an adequate amount of time. The backups are automatically tested on a daily basis to make sure they can be used to restore.

Production databases are clustered in a Primary-Secondary architecture, allowing a fast switch between them in case of a node failure. 

Privacy

Adaptive Shield is compliant with GDPR, and will share Personal Information with third parties only as detailed in the Adaptive Shield Policy, available here: https://www.adaptive-shield.com/privacy