Security Portal

Overview

Our mission is to raise the world's security confidence. And we are disrupting the cybersecurity status quo with the speed and simplicity required to outmaneuver attacks while rewriting the rules for how resilient infrastructure can be.

The Automox team has over three decades of operational experience designing and securing multi-tenant cloud and internet applications at scale. Our team comes from some of the most successful and sought after internet companies including, SendGrid, SolidFire, StillSecure, and LeftHand Networks. All team members undergo mandatory background checks prior to employment.

Compliance

CSA STAR

GDPR

SOC 2

Documents

All

Public

Private

Pentest Report

SOC 2 Report

SOC 2

CAIQ

Risk Management Policy

Risk Profile

Data Access LevelInternal

Impact LevelSevere

Recovery Time Objective24-48 Hours

Product Security

Audit Logging

Data Security

Integrations

Reports

Network Diagram

Pentest Report

Security Whitepaper

Self-Assessments

CAIQ

Data Security

Access Monitoring

Backups Enabled

Data Erasure

App Security

Code Analysis

Credential Management

Responsible Disclosure

Legal

Cyber Insurance

Service-Level Agreement

Access Control

Data Access

Logging

Password Security

Infrastructure

Amazon Web Services

Infrastructure Security

Separate Production Environment

Endpoint Security

DNS Filtering

Endpoint Detection & Response

Mobile Device Management

Network Security

Firewall

IDS/IPS

Spoofing Protection

Corporate Security

Email Protection

Employee Training

Incident Response

Policies

Other Policies

Risk Management Policy

Security Grades

ImmuniWeb

Console

A-

Qualys SSL Labs

Console

A+

Trust Center Updates

Automox is not affected by CVE-2022-3602 and CVE-2022-3786

IncidentsCopy link

After careful review of our infrastructure and SBOM, the Automox team has determined that we are not currently vulnerable to the OpenSSL 3 vulnerabilities CVE-2022-3602 and CVE-2022-3786 that were disclosed on November 1, 2022.

Published at N/A

Automox is not affected by the new Microsoft Exchange Zero-Day

IncidentsCopy link

On Sept 29th, News broke of a new ProxyLogon 0-day RCE being used to target Microsoft Exchange Servers. Automox is not affected at this time. Automox does not currently use any Microsoft Exchange products in the delivery of our products or services.

Published at N/A*

Automox is not affected by Confluence CVE-2022-26134

IncidentsCopy link

On June 2, 2022, Atlassian published a security advisory for CVE-2022-26134, a critical unauthenticated, remote code execution vulnerability in the products Confluence Server and Confluence Data Center. The vulnerability is unpatched as of June 2 and is being exploited in the wild. Automox is not affected by this CVE.

Published at N/A

Automox is not affected by Python and PHP's Recent Hijackings

IncidentsCopy link

News broke recently surrounding two open source packages that were hijacked. Python's ctx library and PHP's phpass. Automox does not utilize these packages anywhere in our product or services.

Published at N/A

Automox is not affected by VMSA-2022-0014

IncidentsCopy link

CISA has issued Emergency Directive (ED) 22-03 and released a Cybersecurity Advisory (CSA) in response to the active and expected exploitation of multiple vulnerabilities in the following VMware products: VMware Workspace ONE Access (Access), VMware Identity Manager (vIDM), VMware vRealize Automation (vRA), VMware Cloud Foundation, vRealize Suite Lifecycle Manager.

Automox does not currently use any of these VMware products in the delivery of our products or services.

Published at N/A