How Blumira Supports Your Cybersecurity Strategy
At scale, people can create cascading problems and the best way to mitigate these problems is through validation and intentional efforts. As a security organization, Blumira has maintained that to be easy to use, we must also be trustworthy and ensure that our work meets the expectations of all users. Like many organizations, Blumira is SOC 2 Type 2 compliant, but providing a robust service that maintains a high quality of stewardship for its customers must go beyond mere compliance.
Our Engineering Team - Platform/Infrastructure
Blumira’s team of engineers are committed to ensuring our platform and infrastructure are reliable and secure to best serve our customers and partners, with the following practices:
- Annual penetration tests with review and resolution SLAs
- Daily security scanning of production artifacts as part of the deployment process
- Blumira's ITSec team has implemented a custom security program to monitor, assess, address, and continuously improve the security of the Blumira platform
- Customer data and logs are encrypted at rest and in transit
- We constantly review and improve our automated test coverage
- Regular tests to check for the proper functionality of features like Blumira Agent's host isolate and de-isolation
- Robust testing in controlled and predictable environments to ensure validity and accuracy
- All workstations and laptops are corporate-managed
- Time-bound authentication and authorization supports secure access to corporate resources
Data Security & Integrity
By protecting log data both in transit and at rest, Blumira ensures attackers can’t gain access to your log archives to read data without the appropriate keys. Least privilege practices makes the Blumira log database accessible only to internal Blumira services and parties that require access. For data integrity, Blumira validates that incoming logs haven’t been tampered with through periodic review and internal processes, and provides alerts for file-integrity monitoring (FIM) technology whenever changes are detected.
Detection Methodology
The Blumira threat detection framework focuses on intrusion behaviors given the ubiquity of Living-Off-the-Land tactics, while also aligning with the MITRE ATT&CK Framework. Loud and/or inaccurate security products can easily lead to alert fatigue, resulting in customers that ultimately ignore their own security tools. With that in mind, the Blumira security team designs, tests, and curates threat detections to be high fidelity from the moment of deployment. All customers receive both a contextual analysis and explicit workflow steps to first qualify and then mitigate all detected threats.
Automatic Updates
Blumira platform updates are cloud-delivered, sending them automatically to your organization to reduce any lag or downtime. This ensures that you’re detecting and alerting on the most important issues, around the clock. The Blumira engineering team develops and maintains parsers for a wide variety of technical integrations on an ongoing basis to save your team the time and resources of standardizing log data collection.
High-Availability Platform
Blumira leverages Google Cloud and Google Compute Platform (GCP) to provide a highly available security platform for our customers. Blumira maintains 99.99% uptime to ensure our service is always available and reliable.
SOC 2 Compliance
Blumira underwent a rigorous independent audit conducted by an external auditor to complete a SOC 2 (Service Organization Control) examination that ensures Blumira’s security protocols and use of data meet strict data security requirements established by the American Institute of CPAs (AICPA).
Our Vendors - Agent/EDR
How the Cybersecurity Industry Supports Each Other
We also partner with trusted providers to ensure the line of trust is solid and our customers stay protected. Here's a statement from LimaCharlie, a partner that we leverage to power our endpoint visibility and response agent, Blumira Agent for Windows, Mac & Linux devices:
“At LimaCharlie, we understand the critical importance of system stability and the potential impact of security software not only on your security operations, but your business operations as well. We want to assure our customers that the type of system-wide failure recently experienced by CrowdStrike customers affecting nearly 8.5 million devices is simply not possible with LimaCharlie's architecture. Here's why…”
– See LimaCharlie blog post for more details, LimaCharlie's commitment to stability and control
We are committed to providing you with a reliable, high-availability and secure platform. Reach out to us if you have any questions or concerns -- we are here to help.
