WhiteHat Scout

Data Security

How WhiteHat Scout Secures Your Data

As a Software-as-a-Service vendor for web application security, WhiteHat Security recognizes the sensitive nature of the data collected and takes relevant steps to secure and maintain the confidentiality, integrity and availability of Customer security defect (“vulnerability”) information. WhiteHat Security follows standards including PCI-DSS, HIPAA and NIST to secure your data. These include controls at the physical, network, application layer, and business process controls.

Strategy

The WhiteHat Security strategy is to mitigate risks while complying with legal, statutory, contractual and internally developed requirements.  WhiteHat Security complies with ISO 27001 and SOC2 requirements.

Data Center

WhiteHat Scout infrastructure is located at Cyxtera’s SSAE16, ISO 27001 and PCI DSS Level 1 compliant data center (“data center”); the data center provides physical protection, monitoring, and redundancy:

  • Secure building infrastructure. Server rooms are environmentally and physically independent.
  • Process and procedure. Security guards manage physical and electronic monitoring 24×7 static and roving patrols audited by interactive confirmation system.
  • Surveillance. All passageways, entrances and exits are recorded on videotape and coverage retained for 90 days.
  • Zones. Secure zones provide low, medium-low, medium, medium-high and high security zone segmentation used to reduce intrusion risk.
  • Redundancy. N+1 Redundant power supplies, chillers and fire suppression.
  • Authentication. Multi-level authentication methods including PIN, badges, and biometric scanners for access to individual security zones.
  • Access. Data center employee access based on job function and limited to applicable security zone.
  • Background checks. Personnel screening includes drug tests and background checks going back 7 years.

Data Center Network Traffic

All network traffic flows through network appliances that provide:

  • High availability. Logical network topology designed for data assurance enabling one network device to take over for another during unplanned failure or planned maintenance/replacement.
  • Network intrusion & detection. Network traffic patterns analysis generates system alerts and dynamic traffic blocking when attack signatures are detected.
  • Network firewalls. Permit granular control of network traffic and govern denied protocols, source and destination IPs.
  • Web application firewalls. Analyze web application traffic and dynamically block  known attack patterns.

WhiteHat Security Technology and Processes

WhiteHat Scout employs the following security technology and processes:

  • Access Restriction. Role based access is used to restrict access to customer data, error data, & results data.
    • Scout results are strictly restricted to the user account. Results are not available to other users within the organization.
  • Brute Force Attack Prevention. After three (3) failed attempts, CAPTCHA is triggered for each unsuccessful attempt thereafter to prevent brute force DDoS attack.
  • Data Retention and Deletion.
    • No user data is retained other than the past five scan results.
    • User files are deleted after each successful scan.
    • In case of errors, error files are retained for 30 days for troubleshooting upon-request but set for auto-delete within 30 days.
  • Encryption.
    • In Transit. Data from End-User to WhiteHat Scout is transmitted over a secure connection.
    • At Rest. All customer data including results, failed filed retained for debugging and logs are encrypted at rest.
  • Logging. All successful and unsuccessful attempts to login (IP address, username, browser info) are logged for monitoring and forensic purposes.