SafeBreach maintains an Information Security Program to ensure all computer and data communication systems' confidentiality, integrity, and availability while meeting the necessary legislative, industry, and contractual requirements.
SafeBreach policies, procedures, and standards are based on the International Organization for Standardization (ISO)/International Electrotechnical Commission (IEC) 27001 and the American Institute of Certified Public Accountants (AICPA) Service Organization Control (SOC) 2. In addition, we use an independent third-party body to periodically audit our compliance with leading industry standards.
Hi all,
To follow up, I am pleased to confirm that all SafeBreach machines have been patched with the correct version of the OpenSSH library to guarantee that they are no longer vulnerable. It's important to note that none of these environments were vulnerable to an attack from outside, and we've taken this extra step as a precaution and exercise of best practices.
Thank you,
Avishai Avivi CISO | SafeBreach
Hi all,
SafeBreach is tracking the newly released information about the OpenSSH server component (CVE-2024-6387). While SafeBreach is running the impacted component, our hosted customer consoles are not vulnerable. We do not allow outside connections to the SSH service on these machines. All internal access to these machines is tightly controlled and monitored.
As always, your security is our paramount concern. We will keep an eye on any further developments on this issue,
Avishai Avivi CISO | SafeBreach
Hi all,
SafeBreach is tracking the newly released information about the XZ backdoor. We have searched through the SBOM of our images and associated dependencies. We can confirm that we are not using any vulnerable version of the impacted library (5.6.0 and 5.6.1) or any package with an inherited dependency on said libraries.
As always, your security is our paramount concern. We will keep an eye on any further developments on this issue,
Avishai Avivi CISO | SafeBreach
We are pleased to announce that we have received our ISO 27001:2013 certificate from The Standards Institution of Israel. Customers with NDA can access and download a copy of the certificate from this portal.
To our customers and partners, In light of the recent events in Israel, we have formally activated our Disaster Recovery plan and are closely monitoring the situation. This plan, available for download here, ensures no disruption to our services. As you may know, our main engineering group is located in Israel, and we have been in constant contact with all team members to ensure their safety and well-being.
As always, your security continues to be our top priority, and I believe it is important to provide clarity and reassurance on a few key points:
- SafeBreach HQ is located in the US and continues to operate normally.
- Services and support for customers and partners are carried out primarily by resources located in the US.
- SafeBreach has no dependency on any one region in the world to continue providing these services and support.
- Our Israel site continues to operate normally, albeit at a heightened alert level.
- We expect to remain on schedule with all planned content and product updates.
Our hearts and minds are with our Israeli team members, and we are doing all we can to help them through this difficult time.
Please do not hesitate to contact me directly if you have any questions.
Avishai Avivi CISO | SafeBreach
We are pleased to announce that we have received our SOC 2 Type II report from EY. Customers with NDA can access and download a copy of the report from this portal.
If you think you may have discovered a vulnerability, please send us a note.