Security at Mend.io

Mend.io’s information security leadership conducts regular risk assessments to constantly evaluate and improve the level of information security based on business needs and emerging threats. Mend.io’s information security management program is evaluated by the senior management security committee on a quarterly basis.

Mend.io employs state-of-the-art encryption techniques to safeguard your data both at rest and in transit. All data is encrypted using industry-standard protocols (EG TLS 1.2, AES-256), ensuring that unauthorized individuals cannot access or decipher it.

Mend.io implements stringent access controls to limit data access only to authorized personnel. Role-based access control (RBAC) ensures that employees are granted access to specific data based on their responsibilities and job roles, minimizing the risk of unauthorized access. All systems used to provide services to our customers utilize Single Sign-on with MFA enforced. Access to data centers is limited in accordance with the principles of “Least privilege” and it implements Zero Trust principles.

Our infrastructure is hosted on highly secure Cloud provider (Amazon AWS/Microsoft Azure) data centers that adhere to the strictest industry standards. Mend.io works with these trusted partners to ensure that our physical and virtual infrastructure is protected against threats, including unauthorized access, power outages, and natural disasters.

Mend.io conducts regular security audits and assessments to identify vulnerabilities and address any potential risks promptly.

In the event of a security incident, Mend.io has a well-defined and tested incident response plan in place. Our dedicated security team promptly investigates and responds to any potential breaches, minimizing the impact and restoring normal operations as quickly as possible.

Mend.io maintains a robust secure SDLC program. The program follows industry best practices such as OWASP Top 10 and “Security by Design Principles”. Mend.io implements multiple controls to secure the SDLC process, including automated code scanning, automated open-source vulnerability scanning and remediation, supply chain attacks automated detection and mitigation, secure code reviews, on-going secure coding training for developers and more.

Services provided by Mend.io undergo semi-annual penetration tests by a 3rd party. Mend.io runs robust vulnerability disclosure and bug bounty programs with HackerOne.

Mend.io utilizes multiple industry leading tools to constantly obtain the highest level of security throughout its infrastructure. Utilized tools include: network firewalls, HIDS, NIDS, web application firewalls, anti-malware, file integrity monitoring, container runtime security, data leak prevention and more.

Mend.io maintains comprehensive data backup and disaster recovery plans to ensure the availability and integrity of your data. Regular backups and offsite replication enable us to quickly restore your data in case of any unforeseen incidents.

Mend.io is committed to maintaining compliance with relevant industry regulations and standards. Mend.io’s information security management system is ISO 27001:2013 certified and undergoes a SOC2 audit annually. Regular audits and certifications validate our commitment to security and data privacy. Mend.io’s information security controls are compliant with leading industry standards, including NIST 800-53, CSA CMM, CIS controls and others.

Mend.io prioritizes user education and awareness to foster a security-conscious environment. We provide resources and training to our employees, empowering them to make informed decisions and take necessary precautions.