Security

Security built for SOC workflows and customer trust.

Threat Foundry is designed around controlled access, review-first automation, auditable workflows, secure deployment patterns, and a practical secure development lifecycle. This page summarizes the security practices built into the platform in a SOC 2-style format.

Request security review View controls
Secure SDLCSAST-oriented development, dependency awareness, code review, and security-focused validation.
Cloud SecurityAWS deployment patterns with secrets management, network boundaries, and least-privilege design.
Access ControlRBAC, MFA support, tenant-aware isolation, API keys, and explicit workflow permissions.
AuditabilityAI usage, SOAR/API calls, saved hunts, triage actions, and case history are recorded for review.

SOC 2-Style Overview

Controls that support secure adoption.

This overview is not a certification claim. It is a plain-language summary of platform controls and operating practices designed to support customer due diligence.

Secure Development Lifecycle

Threat Foundry development emphasizes small scoped changes, reviewable code paths, validation before deployment, and security-aware engineering practices.

  • SAST-oriented code review and testing practices
  • Input validation for AI and user-provided text
  • Dependency and container build awareness
  • Security checks before production-style rollout

AWS Deployment Security

The platform is designed to run in customer-controlled AWS environments with clear separation between application, database, network, and secret boundaries.

  • ECS-ready deployment patterns
  • Secrets Manager-backed sensitive values
  • ALB health checks and controlled ingress
  • Security group and VPC-aware architecture

Identity and Access Control

Access is governed through platform permissions and role-aware workflows so sensitive actions require explicit authorization.

  • Role-based access control
  • MFA support for local accounts
  • Tenant-aware data boundaries
  • Permission checks on refresh, configuration, execution, and review actions

Data Protection

Threat Foundry avoids hardcoded credentials, keeps secrets out of displayed configuration, and treats customer-generated detections and intelligence as private by default.

  • Blank secret submissions preserve existing values
  • Customer detections private by default
  • Detection Exchange requires tenant opt-in
  • Sanitization before community rule sharing

AI Governance

AI workflows are built with review gates and usage tracking so generated hunts, Sigma rules, YARA rules, summaries, and analysis remain accountable.

  • AI usage tracking by workflow
  • Review-first generated content
  • Prompt-source and query policy controls
  • Feasibility checks before YARA generation

Operational Audit Trails

Threat Foundry records important operational actions so teams can review how intelligence became hunts, detections, triage items, and cases.

  • Saved hunt notes and rerun history
  • Triage and case history
  • SOAR/API audit records
  • Detection sharing status and sanitization messages

Safe Execution Defaults

Potentially sensitive workflows are designed around explicit analyst approval, bounded queries, and read-only investigation patterns.

  • Review before live query execution
  • Read-only osquery/Fleet checks
  • Telemetry readiness before hunt execution
  • No broad filesystem scans by default

Resilience and Operations

The deployment model supports health checks, repeatable container builds, database-backed state, and operational visibility for refresh and ingestion jobs.

  • Application health endpoints
  • Containerized deployment workflow
  • Intel refresh status tracking
  • Configurable background refresh schedules

Customer Review

Designed for practical security conversations.

For CISOsClear controls around access, auditability, AI governance, and customer data protection.
For Security EngineersReviewable deployment patterns, explicit execution gates, and configurable integration boundaries.
For Compliance TeamsA SOC 2-style control map that can support vendor risk, internal review, and roadmap planning.

Security Review

Need a deeper security walkthrough?

We can walk through architecture, deployment assumptions, data flows, access control, AI governance, and detection sharing controls with your security team.

Request security review