JupiterOne Policies, Standards, and Procedures

Threat Detection and Prevention

2020.1

In order to preserve the integrity of data that JupiterOne stores, processes, or transmits for Customers, JupiterOne implements strong intrusion detection tools and policies to proactively track and retroactively investigate unauthorized access. This include threat detection and prevention at both the network and host level, as well as threat intelligence monitoring.

Policy Statements

JupiterOne policy requires that:

(a) All systems, assets and environments that process critical data must implement threat detection or prevention.

Controls and Procedures

System Malware Protection

  1. All end-user workstations and production host systems must have antivirus running. The default anti-malware solution for production hosts is Carbon Black PSC

    • Next generation endpoint protection agent may be used as an equivalent solution.
    • Hosts are scanned continuously for malicious binaries in critical system paths. Additionally, if supported, the agent is set to to scan system every 2 hours and at reboot to assure no malware is present.
    • The malware signature database is kept up to date, changes are pushed continuously.
    • Logs of virus scans and alerts are maintained according to the requirements outlined in the Audit Logging Standard.
  2. Detected malware is evaluated and removed following the established incident response process.

  3. All systems are to only be used for JupiterOne business needs.

Firewall Protection

Firewall protection is implemented at the following layers

Network Intrusion Detection

Intrusion Detection in AWS Cloud Environments

JupiterOne implements a real-time threat detection solution by monitoring AWS Cloudtrail events and/or VPC flow logs.

Additional monitoring is provided by our infrastructure service provider AWS.

Host Intrusion Detection

Host based intrusion detection is supported via one of the following:

Web Application Protection

leverages AWS Services to protect web applications against common attacks such as SQL injection, cross-site scripting, and denial-of-service (DoS/DDoS) attacks. The services used include:

Centralized Security Information and Event Management

Security events and alerts are aggregated to and correlated by one or both of the following solutions:

Threat Intelligence Monitoring

The JupiterOne Security Team and relevant staff are subscribed to receive threat alerts from the Cybersecurity & Infrastructure Security Agency (CISA).

Intelligence Feeds

Additional intelligence feeds are received and surfaced automatically via a dedicated Slack channel.

Regulatory Requirements Updates

The Security Officer actively monitors the regulatory compliance landscape for updates to regulations such as SOC2 and GDPR.