SafeBreach maintains an Information Security Program to ensure all computer and data communication systems' confidentiality, integrity, and availability while meeting the necessary legislative, industry, and contractual requirements.
SafeBreach policies, procedures, and standards are based on the International Organization for Standardization (ISO)/International Electrotechnical Commission (IEC) 27001 and the American Institute of Certified Public Accountants (AICPA) Service Organization Control (SOC) 2. In addition, we use an independent third-party body to periodically audit our compliance with leading industry standards.
Trust Center Updates
Hi all,
To follow up, I am pleased to confirm that all SafeBreach machines have been patched with the correct version of the OpenSSH library to guarantee that they are no longer vulnerable. It's important to note that none of these environments were vulnerable to an attack from outside, and we've taken this extra step as a precaution and exercise of best practices.
Thank you,
Avishai Avivi CISO | SafeBreach
Hi all,
SafeBreach is tracking the newly released information about the OpenSSH server component (CVE-2024-6387). While SafeBreach is running the impacted component, our hosted customer consoles are not vulnerable. We do not allow outside connections to the SSH service on these machines. All internal access to these machines is tightly controlled and monitored.
As always, your security is our paramount concern. We will keep an eye on any further developments on this issue,
Avishai Avivi CISO | SafeBreach
Hi all,
SafeBreach is tracking the newly released information about the XZ backdoor. We have searched through the SBOM of our images and associated dependencies. We can confirm that we are not using any vulnerable version of the impacted library (5.6.0 and 5.6.1) or any package with an inherited dependency on said libraries.
As always, your security is our paramount concern. We will keep an eye on any further developments on this issue,
Avishai Avivi CISO | SafeBreach
We are pleased to announce that we have received our ISO 27001:2013 certificate from The Standards Institution of Israel. Customers with NDA can access and download a copy of the certificate from this portal.
To our customers and partners, In light of the recent events in Israel, we have formally activated our Disaster Recovery plan and are closely monitoring the situation. This plan, available for download here, ensures no disruption to our services. As you may know, our main engineering group is located in Israel, and we have been in constant contact with all team members to ensure their safety and well-being.
As always, your security continues to be our top priority, and I believe it is important to provide clarity and reassurance on a few key points:
- SafeBreach HQ is located in the US and continues to operate normally.
- Services and support for customers and partners are carried out primarily by resources located in the US.
- SafeBreach has no dependency on any one region in the world to continue providing these services and support.
- Our Israel site continues to operate normally, albeit at a heightened alert level.
- We expect to remain on schedule with all planned content and product updates.
Our hearts and minds are with our Israeli team members, and we are doing all we can to help them through this difficult time.
Please do not hesitate to contact me directly if you have any questions.
Avishai Avivi CISO | SafeBreach
We are pleased to announce that we have received our SOC 2 Type II report from EY. Customers with NDA can access and download a copy of the report from this portal.
SafeBreach is aware of the HTTP/2 weaknesses currently being exploited by malicious actors to enable DDoS attacks. We have taken all precautions to limit the potential attack surface of such attacks in each of our public-facing assets. Customers still concerned about this weakness potentially impacting them can also request to limit the IP ranges allowed to connect to their Management Consoles. This step will effectively render the risk of a volumetric DDoS attack against their consoles moot.
If you have any further questions or concerns, please feel free to contact us via security@safebreach.com or through your account manager.
Your security is our top priority.
Avishai Avivi CISO | SafeBreach
Hi all, We have uploaded an updated version of our Security Whitepaper to the trust center. It does not require an active NDA to download.
Your security is our top priority.
Avishai Avivi CISO | SafeBreach
Hi all. Software supply chain vulnerabilities have been becoming more prominent. SafeBreach has formalized a policy for managing this risk. This policy covers upstream supply risk (vendors) and downstream supply risk (customers). This policy document is available under the Other Policies subsection of the Policies card.
Your security is our top priority.
Avishai Avivi CISO | SafeBreach
Hi all, As you may be aware, the OpenSSL Project is announcing a critical vulnerability in OpenSSL 3,0 and above. We took steps to review our SBOM and are not using the affected libraries in our environment. All SafeBreach platforms are running OpenSSL 1.1.1. We will be monitoring the OpenSSL Project announcement to see if we need to apply any patches to our current environment.
Your security is our top priority.
Avishai Avivi CISO | SafeBreach
We are pleased to announce that we have received our SOC 2 Type II report from EY. Customers with NDA can access and download a copy of the report from this portal.
The SafeBase security portal has been updated.
If you think you may have discovered a vulnerability, please send us a note.