Talk to an expert
Take the first steps to see, assess and manage your asset risk management. Get a custom demo from our experts.
Talk to an expert
PRODUCT
Sepio's Asset Risk Management (ARM)
Sepio platform sees, assesses, and mitigates all known and shadow assets at any scale.
Sepio Solution Breif
Become a partner
Together with our partners, we build long-term strategies to serve our customers with the best cybersecurity posture.
Become a partner
PARTNERS AREA
On Demand: From the CISO
HSBC’s CISO Monique Shivanandan and Carl Froggett, Citi's former CISO Infrastructure Defense, share their top trends and strategies for managing asset risk.
Watch now
EVENTS AND WEBINARS
Improving Asset Visibility and Vulnerability Detection on Federal Networks
Sepio has been awarded a contract to provide its Asset Risk Management (ARM) solution to CISA.
ARM on Federal Networks
POSTS
Join the Sepio team
Be part of our mission, and have an immediate impact on our solution and customers.
Join us
PEOPLE AT SEPIO
SECURITY SCORE CARD
How we’ve secured our platform.
With comprehensive authentication and authorization methods, safe code development, data protection measures. You can use our platform with confidence.
Multi-Factor Authentication
Customers can protect their accounts with MFA so only users that present two or more methods of authentication are allowed to log in to the platform.
Passwords Management
All account passwords must fulfill minimum requirements, encrypted and never stored in cleartext.
Account Lockout
Multiple unsuccessful login attempts result in a locked account, with password re-entry required following time-out.
SSO/SAML Support
Sepio supports using SSO as the login mechanism for easy and secure access.
Furthermore, customers have the option to use their own Identity Provider (IDP) that supports SAML 2.0.
Role-Based Access Controls
Administrators can provision different levels of access and permissions through role-based access control.
Users’ Data
Any user data such as IP addresses is removed to deidentify the data prior to storing it.
Data Segregation
Our cloud infrastructure is broken into entirely separate services for each customer.
Encryption in Transit
Our web servers use TLS 1.2 encryption on port 443 to secure data in transit and via APIs, ensuring all private data is exchanged over encrypted channels.
Encryption at Rest
Data is stored in encrypted databases, with AES 256 or better.
Data Upload Protection
Multiple measures are implemented to scan, test and ensure the integrity of any data that is uploaded into the platform.
Audit logs
Sepio’s platform logs all user activity to enable easy auditing of usage patterns.
Sepio CVEs
Sepio platforms reported CVEs can be found here (NIST NVD).
Availability
Production environment is hosted by Microsoft Azure Cloud Services, which provides high availability and resiliency.
Data back-up and a meticulous disaster recovery plan enables us to quickly recover production in the event failure.
Penetration Testing
We use rotating third parties’ security researchers to perform penetration testing and verify there are no exploitable vulnerabilities in our platform on a regular basis.
Vulnerability Management
Our development department carries out vulnerabilities detection and remediation by multiple tools to achieve STIG compliance (Security Technical Implementation Guide) and according to our internal Patch Management Policy.
Learn more about our security posture and the security measures we implement.
If you want to know more about Sepio’s security framework or you would like to make a security disclosure, please don’t hesitate to contact our CISO at:
Cookie | Duration | Description |
---|---|---|
cookielawinfo-checkbox-analytics | 11 months | This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics". |
cookielawinfo-checkbox-functional | 11 months | The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional". |
cookielawinfo-checkbox-necessary | 11 months | This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary". |
cookielawinfo-checkbox-others | 11 months | This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other. |
cookielawinfo-checkbox-performance | 11 months | This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance". |
viewed_cookie_policy | 11 months | The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data. |