Infrastructure and application security focuses on protecting the data that our customers send us for transcription. That’s a priority for Verbit, but we’re just as serious when it comes to protecting our own data.
- SaaS Security Posture Management (SSPM)
Like most tech businesses, Verbit relies on a number of software-as-a-service (SaaS) platforms for our daily business operations. To manage these platforms, we’ve chosen to implement a best-in-class SSPM solution to help us out.
With SSPM, our security team can monitor security posture for each of our SaaS assets in near real-time. We’re able to detect SaaS misconfigurations, as well as monitor user privileges. This allows us to make accurate assessments of both SaaS-to-SaaS and Device-to-SaaS risks and implement appropriate remediations, continuously hardening our SaaS security.
SSO is the perfect counterpart to SSPM – we use one of the world’s leading SSO platforms to bring authentication across our SaaS estate together under one umbrella.
Incorporating 2FA, our SSO platform hardens our SaaS security and helps our employees avoid falling into common password security traps, such as reusing the same password for multiple systems.
Our SSO platform also makes life easier for our IT and security teams when provisioning and deprovisioning users, and even helps by automatically deactivating inactive user accounts.
At Verbit, we don’t store confidential information on user devices, but we don’t stop there. All of our corporate-managed devices are encrypted, meaning that if the device is lost, any data on it cannot easily be accessed. We also enroll our devices into a device management platform so that our team can monitor and manage them centrally. The functionality includes helping with routine tasks, such as applying system updates, but also allows us to disable or even wipe the device remotely if it is ever lost or compromised.
- Antivirus and Anti-Malware
If you ask any information security expert what keeps them awake at night, invariably they’ll start talking about ransomware. The idea that you could quickly be locked out of your data is a risk that all businesses should take seriously.
We leverage the power of a world-leading next-gen antivirus and endpoint detection and response (NGAV and EDR) solution that goes far beyond traditional definitions-based file checking to help secure our endpoints and reduce the risk of ransomware and other malware. Utilizing AI and machine learning technology, our NGAV and EDR can block known and unknown malware and ransomware. Industry-leading threat intelligence is combined with AI-powered indicators of attack to help prevent malicious behavior and sophisticated attacks.
What’s more, our NGAV and EDR solution is backed by a team of cybersecurity experts working 24/7 to help prevent attacks – sometimes referred to as Managed Detection and Response (MDR) – for a truly comprehensive, hybrid solution.
A phishing email can often be the entry point for ransomware or malware – in fact, some reports suggest that as much as 91% of all attacks begin with a phishing email, so email security is worth taking very seriously. At Verbit, we’ve enhanced the native security capabilities of our email suite by adding advanced threat protection from one of the leading vendors in the market. With seven layers of security – including threat intelligence from multiple sources, recursive unpacking, and CPU-level technology – our advanced threat protection can prevent not just spam and typical malicious emails, but also deeply embedded attacks, persistent attacks and targeted attacks, as well as business email compromise scenarios such as email spoofing and look-alike domains.
It’s important that our vendors take information security as seriously as we do at Verbit – particularly where they may have access to our customers’ data.
We’ve developed strict security criteria for our vendors based on the risk they pose to us and to our customers, and we work with a leading third-party security management platform to automate the management process. Smart questionnaires and automated security scanning give us visibility of our external attack surface and allow us to identify and treat third-party risks effectively.