SafeBreach maintains an Information Security Program to ensure all computer and data communication systems' confidentiality, integrity, and availability while meeting the necessary legislative, industry, and contractual requirements.
SafeBreach policies, procedures, and standards are based on the International Organization for Standardization (ISO)/International Electrotechnical Commission (IEC) 27001 and the American Institute of Certified Public Accountants (AICPA) Service Organization Control (SOC) 2. In addition, we use an independent third-party body to periodically audit our compliance with leading industry standards.
Documents
Featured Documents
The entire SafeBreach team would like to take a moment to wish you a wonderful and peaceful holiday season. We hope you enjoy this time with your loved ones and stay safe.
In line with our ongoing commitment to maintaining the highest security standards, we would also like to inform you that, following our Information Security Policy, SafeBreach's security policies have been thoroughly reviewed and updated. These updates have been reviewed and approved by our Executive Security Committee to ensure they continue to meet the ever-evolving needs of our organization and our valued partners. For you convenience, we have created a policy digest available here: https://security.safebreach.com/item/digest
Thank you for your continued trust and support. We look forward to working with you in the coming year to strengthen our security practices and keep our systems and information safe.
Wishing you a secure and joyous holiday season!
Warm regards,
Avishai Avivi CISO | SafeBreach
We are pleased to announce that we have received our SOC 2 Type II report from EY. Customers with NDA can access and download a copy of the report from this portal.
Hi all,
To follow up, I am pleased to confirm that all SafeBreach machines have been patched with the correct version of the OpenSSH library to guarantee that they are no longer vulnerable. It's important to note that none of these environments were vulnerable to an attack from outside, and we've taken this extra step as a precaution and exercise of best practices.
Thank you,
Avishai Avivi CISO | SafeBreach
Hi all,
SafeBreach is tracking the newly released information about the OpenSSH server component (CVE-2024-6387). While SafeBreach is running the impacted component, our hosted customer consoles are not vulnerable. We do not allow outside connections to the SSH service on these machines. All internal access to these machines is tightly controlled and monitored.
As always, your security is our paramount concern. We will keep an eye on any further developments on this issue,
Avishai Avivi CISO | SafeBreach
Hi all,
SafeBreach is tracking the newly released information about the XZ backdoor. We have searched through the SBOM of our images and associated dependencies. We can confirm that we are not using any vulnerable version of the impacted library (5.6.0 and 5.6.1) or any package with an inherited dependency on said libraries.
As always, your security is our paramount concern. We will keep an eye on any further developments on this issue,
Avishai Avivi CISO | SafeBreach
We are pleased to announce that we have received our ISO 27001:2013 certificate from The Standards Institution of Israel. Customers with NDA can access and download a copy of the certificate from this portal.
If you think you may have discovered a vulnerability, please send us a note.