Adaptive Shield's Trust Center

Adaptive Shield uses a combination of enterprise-class security features and comprehensive audits of our applications, systems, and networks to ensure that your data is always protected.

Compliance Certifications and Memberships

Adaptive Shield uses best practices and industry standards to achieve compliance with industry-accepted general security and privacy frameworks, which in turn helps our customers meet their own compliance standards.

Artifacts
For direct download:
The following resources may require an NDA on file. Click to request reports:

Cloud Security

Data Center Physical Security

Facilities

Adaptive Shield hosts Service Data primarily in GCP data centers that have been certified as ISO 27001 and/or SOC 2 compliant.

GCP infrastructure services include backup power, HVAC systems, and fire suppression equipment to help protect servers and ultimately your data.

On-Site Security

GCP on-site security includes features such as security guards, fencing, security feeds, intrusion detection technology, and other security measures.

Data Hosting Location

Adaptive Shield leverages GCP data centers in the United States and Europe.

Adaptive Shield offers multiple data locality choices including the United States (US) or European Economic Area (EEA).

Network Security

Security Team

Our Security Team is on call 24/7 to respond to security alerts and events.

Security Mechanisms

Our network is protected through the use of GCP security services and mechanisms, integration with our Adaptive Shield platform, regular audits, and network intelligence technologies, which monitor and/or block known malicious traffic and network attacks.

Architecture

Our network security architecture consists of multiple security zones. More sensitive systems like database servers are protected in our most trusted zones. Other systems are housed in zones commensurate with their sensitivity, depending on function, information classification, and risk. Depending on the zone, additional security monitoring and access controls will apply. DMZs are utilized between the Internet, and internally between the different zones of trust.

Security Scanning

Network security scanning gives us deep insight for quick identification of out-of-compliance or potentially vulnerable systems.

Penetration Tests

In addition to our extensive internal scanning and testing program, each year Adaptive Shield employs third-party security experts to perform a broad penetration test across the Adaptive Shield Production and Corporate Networks.

DDoS Mitigation

Adaptive Shield relies on GCP anti-DDoS mechanisms, as well as scaling and redundancy tools.

Logical Access

Access to the Adaptive Shield Production Network is restricted on an explicit need-to-know basis, utilizes the least privilege, is frequently audited and monitored, and is controlled by our Operations Team. Employees accessing the Adaptive Shield Production Network are required to use VPN and MFA.

Incident Response

In case of a suspected incident, response activities are escalated to our 24/7 teams providing Operations, Network Engineering, and Security coverage. Employees are trained on security incident response processes, including communication channels and escalation paths.

Encryption

Encryption in Transit

All communications with Adaptive Shield UI and APIs are encrypted via industry standard HTTPS/TLS (TLS 1.2 or higher) over public networks. This ensures that all traffic between the customer and Adaptive Shield is secure during transit.

Encryption at rest
Data is encrypted at rest in GCP using AES-256.

Availability & Continuity

Redundancy

Adaptive Shield employs network redundancies to eliminate single points of failure. Our strict backup process allows us to deliver a high level of service availability, as data and operations are replicated across availability zones.

Disaster Recovery

Our Business Continuity and Disaster Recovery (BCP and DR) ensures that our services remain available and are easily recoverable in the case of a disaster. This is accomplished through building a robust technical environment, creating Disaster Recovery plans, and testing activities.

Application Security

Security Development (SDLC)

Secure Coding Training

Adaptive Shield provides annual Secure Coding Training to all developers.

Framework Security Controls

Adaptive Shield leverages modern and secure open-source frameworks with security controls to limit exposure to OWASP Top 10 security risks. These inherent controls reduce our exposure to SQL Injection (SQLi), Cross Site Scripting (XSS), and Cross Site Request Forgery (CSRF), among others.

Separate Environments

Testing and staging environments are separated from the Production environment. No customer of production data is used in our development or test environments.

Vulnerability Management

Dynamic Vulnerability Scanning

We employ third-party security tooling to continuously and dynamically scan our core applications against common web application security risks, including, but not limited to the OWASP Top 10 security risks. We maintain a dedicated in-house product security team to test and work with engineering teams to remediate any discovered issues.

Software Composition Analysis

We scan the libraries and dependencies used in our products to identify vulnerabilities and ensure the vulnerabilities are managed.

Third-Party Penetration Testing

In addition to our extensive internal scanning and testing program, Adaptive Shield employs third-party security experts to perform detailed penetration tests on different applications within our family of products.

Product Security

Authentication Security

Authentication Options

Adaptive Shield has several different authentication options: subscribers can enable native Adaptive Shield authentication and/or Enterprise SSO (SAML, JWT) for end-user and/or agent authentication.

2-Factor Authentication (2FA)

Adaptive Shield supports 2-factor (2FA) for customers.

Service Credential Storage

Adaptive Shield follows secure credential storage best practices by never storing passwords in human-readable format, and only as the result of a secure, salted, one-way hash.

Additional Product Security Features

Role-Based Access Controls

Access to data within Adaptive Shield platform is governed by role-based access control (RBAC) and can be configured to define granular access privileges. Adaptive Shield supports various permission levels for users.

IP Restrictions

Any Adaptive Shield account can restrict access to their Adaptive Shield Support to users within a specific range of IP addresses. Only users from the allowed IP addresses will be able to sign in to your Adaptive Shield account.

Audit Logs

Adaptive Shield supports user, API, and system-level Audit Logs. These logs include account changes, user changes, and security settings.

HR Security

Security Awareness

Policies

Adaptive Shield has developed a comprehensive set of security policies covering a range of topics. These policies are shared with and made available to all employees and contractors with access to Adaptive Shield information assets.

Training

All employees perform Security Awareness Training, which is given upon hire and annually thereafter. All engineers receive annual Secure Coding Training.

Employee Vetting

Background Checks

Adaptive Shield performs background checks on all new employees in accordance with local laws. These checks are also required for contractors.

Confidentiality Agreements

All new hires are required to sign Non-Disclosure and Confidentiality agreements.

Vendor Security

Adaptive Shield minimizes risks associated with third-party vendors by performing security reviews on all vendors with any level of access to our systems or Service Data.

Privacy Program

Adaptive Shield has a formal global privacy and data protection program, which includes cross-functional key stakeholders including Legal, Security, Product, and Executive of the company.

As privacy advocates, we work diligently to ensure our Services and team members are dedicated to compliance with applicable regulatory and industry frameworks.

Please see our Privacy Policy for more details.

Our main sub-processes are some of the world’s most trusted companies. We conduct careful due diligence on the privacy and security practices of third parties we engage to help us provide our services. You can find our list of sub-processors here.