In order to preserve the integrity of data that JupiterOne stores, processes, or transmits for Customers, JupiterOne implements strong intrusion detection tools and policies to proactively track and retroactively investigate unauthorized access. This includes threat detection and prevention at both the network and host level, as well as threat intelligence monitoring.
JupiterOne policy requires that:
(a) All systems, assets and environments that process critical data must implement threat detection or prevention.
All end-user workstations and production host systems must have antivirus running. The default anti-malware solution for production hosts is Carbon Black PSC
Detected malware is evaluated and removed following the established incident response process.
All systems are to only be used for JupiterOne business needs.
Firewall protection is implemented at the following layers
Network - including Network ACL and Security Groups in AWS as well as on- premise firewalls between the office networks and the Internet.
Host - local host firewalls are enabled on the user endpoints as well as servers (compute and database instances in AWS are protected by security groups)
Application - web application firewall (WAF) and content distribution are configured at the application layer to protect against common web application attacks such as cross site scripting, injection and denial-of-service attacks.
JupiterOne implements a real-time threat detection solution by monitoring AWS Cloudtrail events and/or VPC flow logs.
Additional monitoring is provided by our infrastructure service provider AWS.
Host based intrusion detection is supported via one of the following:
On Windows, Linux, and macOS systems: CarbonBlack agents for malware detection and behavior-based endpoint threat detection.
On Linux servers: AWS Inspector and AIDE agents for activity monitoring, vulnerability scanning, and threat detection. This includes all virtual instances running in the cloud environment.
JupiterOne leverages AWS Services to protect web applications against common attacks such as SQL injection, cross-site scripting, and denial-of-service (DoS/DDoS) attacks. The services used include:
Security events and alerts are aggregated to and correlated by one or both of the following solutions:
The JupiterOne Security Team and relevant staff are subscribed to receive threat alerts from the Cybersecurity & Infrastructure Security Agency (CISA).
Additional intelligence feeds are received and surfaced automatically via a dedicated Slack channel.
Regulatory Requirements Updates
The Security Officer actively monitors the regulatory compliance landscape for updates to regulations such as SOC2 and GDPR.