fbpx

Security & Reliability

Mission

Security and reliability are the backbone of Blumira’s service. We are dedicated to providing excellence in customer experience and protecting your organization.

People

Leaders in Defensive Security
Blumira is co-founded by leaders in defensive and managed security, CSO Steve Fuller and CTO Matt Warner. CEO Jim Simpson’s user-centric approach to solving problems for customers is unique in an industry that is long known for overly complex, legacy solutions that often fail to protect organizations. Matt has over a decade of experience in IT and development, focusing on business strategy, development, compliance, threat detection and penetration testing.

Blumira Leadership - Jim Simpson & Matt Warner

Dedicated to Giving Back to the Security Community
The security and incident detection team at Blumira writes detection rules that power Blumira’s platform to help identify indicators of compromise early and often for our customers. They are also dedicated to contributing to the greater security community by developing open-source Microsoft tools (known as Flowmira and Logmira) to make threat detection and response easier for all organizations. Blumira’s Security Advisor Series facilitates ongoing roundtable discussion bringing together key security and compliance leaders in the field to provide insights and information to all.

Deep Security Roots
Sr. Incident Detection Engineer Amanda Berlin is a highly accomplished network defender, author of “Defensive Security Handbook: Best Practices for Securing Infrastructure” with Lee Brotherston, published by O’Reilly Media.

The Blumira operations, marketing, sales and engineering teams are composed of several experienced security professionals, previously holding positions at Duo Security and Censys.

Process

Data Security and Integrity
By protecting log data both in transit and at rest, Blumira ensures attackers can’t gain access to your log archives to read data, without the appropriate keys. Least privilege practices makes the Blumira log database accessible only to internal Blumira services and parties that require access. For data integrity, Blumira validates incoming logs haven’t been tampered with through periodic review and internal processes, and provides alerts for file-integrity monitoring (FIM) technology whenever changes are detected.

Automatic Updates
Blumira’s platform updates are cloud-delivered, sending them automatically to your organization to reduce any lag or downtime in service to ensure you’re detecting and alerting on the most important issues, around the clock. Blumira’s engineering team develops and maintains parsers for a wide variety of technical integrations on an ongoing basis to save your team the time and resources to standardize log data collection as it is sent to Blumira’s service.

Technology

Detection
Blumira’s threat detection framework focuses on intrusion behaviors given the ubiquity of Living-Off-the-Land tactics, while also aligning with the MITRE ATT&CK Framework. Loud and or inaccurate security products can easily lead to alert fatigue, resulting in customers that ultimately ignore their own security tools. With that in mind, Blumira’s security team designs, tests, and curates threat detections to be high fidelity from the moment of deployment. All customers receive both a contextual analysis and explicit workflow steps to first qualify and ultimately mitigate all detected threats.

High-Availability Platform
Blumira leverages Google Cloud and Google Compute Platform (GCP) to provide a highly available security platform for its customers. Blumira maintains 99.99% uptime to ensure our service is always available and reliable. View our current status.

Compliance

Compliance for Every Industry
Blumira endeavors to meet many different compliance standards for logging, auditing, reporting, threat detection and more, including CMMC, NIST 800-171, NIST 800-53, HIPAA and FFIEC compliance regulations for data security, confidentiality and integrity. Learn more about compliance.

PCI DSS Compliant
Blumira is certified Payment Card Industry Data Security Standard (PCI DSS) compliant by a third-party auditor. See how our service maps to PCI DSS for customers.

SOC 2 Compliant
Blumira underwent a rigorous independent audit conducted by ByteChek Assurance to complete a SOC 2 (Service Organization Control) examination that ensures Blumira’s security protocols and use of data meet strict data security requirements established by the American Institute of CPAs (AICPA).