Security

Guardicore takes the security of its customers, products and servers seriously.
If you believe you have found a security vulnerability in Guardicore’s software or servers, please reach out to security@guardicore.com.
We’d be happy to hear about any issues you’ve found, but please note that generally speaking, we care about issues that impact customers or our confidential data.  This means we care about the security of Guardicore Centra, our partner and customer portals, development and proprietary data.
If you identify a vulnerability that could be used to obtain access to sensitive content, including information that could be used to identify an individual (personal information), you

  • Limit disclosure of the details of the vulnerability – Please start by only informing Guardicore
  • Take no actions that would result in unauthorized access to such information and work to prevent disclosure, and
  • Alert Guardicore as soon as possible and support our investigation

Our Commitment

Guardicore is committed to resolving security vulnerabilities quickly and carefully, releasing a Security Advisory and any needed product update for our customers. We hold ourselves to the highest accountability standards with strict commitment to transparent communication and timely resolution.
We encourage open and responsible communication. If a vulnerability is disclosed, we will work closely with researchers who communicate vulnerabilities to us, and will give credit to finders who follow responsible disclosure.

  1. Reported security issues will be considered as critical defects at “Severity 1”, the highest severity level with Platinum support level, even if the reporting party has no support contract.
  2. We will continuously follow-up with the reporter. Expect an initial response within 24 hours.
  3. We ask the reporter to give us a reasonable amount of time to respond before making any detail about the findings public.
  4. We will notify the reporter when the vulnerability is fixed.
  5. Once the issue is resolved, finders may publish details about their finding.

Finders can contact us via security@guardicore.com.

Wait, No Time Commitment?

At Guardicore, vulnerability management begins in Product Development, where we use a variety of secure coding methods and analysis tools for vulnerability reduction. In some cases, vulnerabilities escape detection, or new types of exploits are designed after we release a product, resulting in potential for security breaches in our customer’s environments.  
Our position is that we are responsible for disclosing product vulnerabilities to our customers, but in general, no vulnerability should be announced until we have developed and thoroughly tested a patch and made it available to licensed customers.   Because our products are complex, interrelated, and used under many different configurations, we cannot provide software security patches according to a set timeline.
Each issue requires investigation, resolution, localization, and testing appropriate to its complexity. Some issues can be fixed and tested very quickly. Other issues may require more time.
We do commit that our development teams treat security fixes like critical bug fixes and will work round-the-clock to deliver a sound patch if a serious vulnerability is found.  

Breach of customer information

A data breach is a confirmed incident in which sensitive, confidential or otherwise protected data has been accessed and/or disclosed in an unauthorized fashion. Data breaches may involve personal health information (PHI), personally identifiable information (PII), trade secrets or intellectual property.
Guardicore will notify customers imminently as soon as such breach is discovered.
Guardicore will provide all the necessary information and work diligently  with the affected customers to resolve the issue.