Protecting your Data

Security Overview

ThreatConnect is a leading cybersecurity software platform that reduces complexity for everyone, makes decision-making easy by turning intelligence into action, and integrates processes and technologies to continually strengthen defenses and drive down risk.

We are committed to safeguarding our customers’ data and keeping ThreatConnect a secure and reliable security and operations support platform. We are dedicated to protecting your company and personal information and ensuring secure collaboration within our platform. Security is our top priority and we continue to implement the strictest security measures so you are assured that your data is secure.

Access Control

ThreatConnect employees’ administrative access to the customer data is tightly controlled and is limited to specific job roles. Individual access is specifically approved by a trained manager and the least level of privilege required to perform a job is provided to the employee.

Quarterly reviews of employee access are done and access is revoked as soon as employee’s access requirement changes (change in role, termination, etc.).

Access to the ThreatConnect application website is controlled jointly by the customer and ThreatConnect. The customer is responsible for controlling access to their employees. ThreatConnect provides administrative access and access control training to customer administrators.

Awareness and Training

All ThreatConnect employees are required to take security orientation and security awareness training at the beginning of their employment and on a yearly basis thereafter. Employees are trained on ThreatConnect security policy, practices, customer obligations, regulatory requirements, and security best practices.

Audit and Accountability

Network activities are audited and logged for security monitoring. A dedicated team of security engineers monitors logs for anomalous and suspicious activities and takes quick action to prevent or contain malicious activities.

Security Assessment and Authorization

ThreatConnect maintains dedicated Security Operations and Compliance personnel who are tasked with protecting customer data and complying with the industry security standards and customer agreements. The Compliance team conducts routine internal audits to ensure that the various business units and employees comply with the ThreatConnect security policies and practices.

ThreatConnect engages independent accredited auditors to perform audits of the business against AICPA SOC 2 and ISO/IEC 27001 standards on an annual basis. ThreatConnect currently maintains compliance with both of these standards.

Vulnerability Management

Network assets are routinely scanned against the NIST National Vulnerability Database for known
vulnerabilities. ThreatConnect also uses various tools to test our software code against OWASP
known vulnerabilities and to ensure that secure code development practices are used.

An in-depth penetration test is conducted by an independent, third-party to proactively detect any
vulnerabilities. Vulnerabilities found are prioritized and patched based on the criticality and impact.

Configuration Management

Software and infrastructure changes are reviewed and require various approvals before implementation. A security impact analysis is performed for each change to ensure the change does not adversely affect the security configuration of the network.

Our CI/CD tools capture a complete audit history for each change that includes who submitted the change, who approved it, its status, and other details.

Our SDLC enforces separation of duties: the person making a change cannot be the change’s reviewer or approver. Similarly, developers cannot test changes and QA cannot implement changes.

Contingency Planning

ThreatConnect maintains a robust Disaster Recovery Plan to quickly recover a customer instance from failure or corruption. Customer data is backed up multiple times each day throughout a 7 calendar-day rolling backup window.

Physically separate data centers are used to provide failover capabilities in the event of a data center failure.

Backups and restoration are tested annually to ensure the Disaster Recovery Plan’s accuracy.

Identification and Authentication

Administrative remote access to the SaaS network is only approved for limited ThreatConnect employees from authorized IPs. Remote access is done over secure SSH sessions and requires two-factor authentication.

Customer/end-user web access to the ThreatConnect website requires identification and authentication for authorized users before they can access any website information. This access is managed in collaboration with the customer and ThreatConnect. The ThreatConnect application website provides various access control features including role-based access and multi-factor authentication.

Authentication to the ThreatConnect application website can be controlled using the customer’s identity provider.

Incident Response

ThreatConnect maintains a robust Incident Response Plan that guides key personnel on handling security incidents including remediation and recovery activities. The personnel are trained annually to make sure they are familiar with the Incident Response Plan. The plan it tested annually to ensure its effectiveness and accuracy. The Incident Response Plan includes prompt communication with any affected customers in the event of a data breach.

Media Protection

Storage media is sanitized using industry best practices before disposal and reuse.

Physical and Environmental Protection

ThreatConnect uses a commercial Infrastructure-as-a-Service provider to deliver its SaaS. Access to networking equipment is highly controlled. Only authorized personnel are allowed physical access to the hardware and network containing ThreatConnect data.

Personnel Security

ThreatConnect employees with administrative access to the customer data are screened with background checks at the beginning of their employment. Employees are bound by a strict non-disclosure agreement to protect ThreatConnect and our customer data. ThreatConnect employees agree with and sign a Security Code of Conduct document that outlines acceptable and unacceptable conduct when performing their job functions.

Risk Assessment

The Senior Director of Information Security actively performs risk assessment and develops risk mitigation plans. The risks are prioritized and mitigated in coordination with the various internal business units. The risk assessment drives and plays a key role in the security and compliance programs.

System and Communications Protection

Customer data is encrypted at rest with cryptographic keys using a FIPS 140-2 validated Key Management Service. Access to the cryptographic keys are controlled and only allowed to limited authorized personnel.

End-user or customer access to the SaaS web interface and API is over TLS 1.2/TLS 1.3 where all data in transit is encrypted.

Data Segregation

ThreatConnect Dedicated Cloud customers receive dedicated compute, database, and storage which is logically separate from other customer instances. A customer instance cannot interact with other customer resources.

Data Handling and Privacy

ThreatConnect maintains compliance with the European Union’s General Data Protection Regulation (GDPR). Please refer to our privacy policy for our full GDPR statement, which can be found here:

Privacy Policy
https://threatconnect.com/privacy-policy/.

Please contact our Sales team here if you have any security questions and concerns.