Learn how hybrid work is fueling ransomware attacks and what to do about it.

Compliance at Menlo Security

We encourage you to inspect and verify our security and privacy practices and operations. Our team is continually working on expanding coverage. The more compliant we are, the better equipped we are to help organizations meet their compliance needs.

FedRAMP Authorization for Cloud Security Platform

Menlo Security is in process of receiving our FedRAMP Authorization for our Cloud Security Platform powered by Isolation Core.™ FedRAMP Authorized solutions meet a higher level of security standards, are rigorously tested and must be continuously tested to maintain the FedRAMP status in order to continue to do business with government agencies.

ISO 27001, 27017 and 27018

ISO 27001 is a specification for an information security management system (ISMS), which is a framework for an organization’s information risk management processes. Menlo is additionally certified for ISO 27017 (Cloud Services) and ISO 27018 (Privacy).

VPAT

Menlo Security has a Voluntary Product Accessibility Template (VPAT™) report on file. This documentation explains how our products and solutions meet the 508 standards for IT accessibility. You can request a copy by filling out the form at the link below.

CyberGRX

Menlo Security has completed the CyberGRX assessment. This assessment has been independently validated by CyberGRX partners, Deloitte, and KPMG. Customers can access Menlo Security’s CyberCRX assessment report to understand details of our compliance with industry standards and the security protocols built into our infrastructure.

SOC 2 Type 2 Report

AWS System and Organization Controls (SOC) reports are independent third-party examination reports that demonstrate how Menlo Security will achieve key compliance controls and objectives. The purpose of these reports is to help you and your auditors understand the Menlo Security controls established to support operations and compliance. Menlo Security has engaged with A-LIGN to ensure SOC2 Type II compliance in September 2023.

Our Approach to Customer Compliance

We help our customers stay secure by meeting their compliance measures.

Aligned with the NIST Cybersecurity Framework

Menlo Security Cloud Platform helps organizations achieve NIST Cybersecurity Framework Compliance by providing enterprise-grade security capabilities that correspond to Zero Trust and NIST 800-53 Guidelines. These include:

  • Data Loss Prevention
  • Threat Insights & Risk Scoring
  • Cloud Access Security Broker (CASB)
  • Secure Browser Isolation
  • Secure Web Gateway, SSL Inspection
  • Private Access
  • Firewall-as-a-Service

Menlo Security provides security-first TIC 3.0 solutions

Menlo Security’s Cloud Security Platform powered by an Isolation Core™ is designed to meet the aggressive requirements of the TIC 3.0 security objectives.

Preventing threats at the initial access of the MITRE ATT&CK® framework

To better understand how threat actors operate, many security leaders look to the MITRE ATT&CK® framework. See Menlo Security’s approach to this framework when it comes to helping you prevent HEAT (Highly Evasive Adaptive Threats) attacks at the point of entry.

Building a cybersecurity strategy based on ASD’s essential eight recommendations

Menlo Security’s remote browser isolation solutions can be used to help achieve the same results intended by ASD’s Essential Eight recommendations, without adding complexity and cost to an organization’s security stack.

Menlo Security ISMAP support status (November 2022)

The Information System Security Management and Assessment Program (ISMAP) is a framework to evaluate cloud services in Japan ensuring that they meet the security requirements of the Japanese government. Menlo Security has been working with an ISMAP certified audit corporation to obtain ISMAP certification within 2022. We are on track to apply for the ISMAP certification before the end of 2022 and obtain our certification in 2023 for regions in Japan.