Security

SECURITY

SECURITY STATEMENT

• Outbrain values its customers' security and is therefore committed to ensuring that our services remain secure.
• The security controls that Outbrain uses to protect your data vary based on the sensitivity of the information that it collects, processes and stores, as well as the current state of technology advancements.
• Outbrain knows that trust and your security are extremely important to you and your business, and we take protecting them seriously.
• In order to safeguard Outbrain information in accordance with these principles, effective security controls, practices and procedures are implemented at all levels across our infrastructure and products.
• Outbrain's Information Security professionals consist of experts with vast and relevant experience in cyber security, security infrastructure, secure development, privacy and regulations. Outbrain security team certifications include, but are not limited to CISSP, CISA, CRISC C|CISO and CCSK.

SECURE DEVELOPMENT

• Outbrain is an agile company. It has defined a software development process that is adaptive to an ever-changing and competitive market environment.
• New staff across the company are trained in Secure Software Development LifeCycle (SSDLC) practices.
• New product initiatives are reviewed by the security team according to SbD (Security by Design) and PbD (Privacy by Design) concepts at the design phase.
• System code is tested against known vulnerabilities (e.g, OWASP top 10).
• Existing core systems and infrastructure are tested for security vulnerabilities periodically. In some instances testing is conducted by automatic scanners as well as manually by external independent parties.
• Outbrain runs a Security 'Bug Bounty' Program. Researchers who have found a vulnerability may submit a bug according to the policy of the program through: https://www.outbrain.com/security/bug-bounty/

ENCRYPTION

• Outbrain uses encryption to protect sensitive information which aides with compliance with statutory, regulatory and contractual requirements.
• Outbrain uses cryptographic algorithms, key lengths and strength, which are approved first by the security team in accordance with industry best practices.
• Outbrain supports HTTPS secure browsing and encrypts metadata related to the Outbrain widget (e.g., links, clicks).

ACCESS CONTROL

• Access to the production environment is restricted to authorized personnel only.
• Authorized personnel are authenticated via a unique user account, password and two-factor authentication system before establishing a secured VPN session.
• Outbrain employees use a Single-Sign-On (SSO) service to enhance security across multitude information systems.

AVAILABILITY AND CONTINUITY

• We're committed to making Outbrain a highly available and reliable service.
• We build systems that tolerate the failure of both individual components or a whole datacenter. We practice disaster-recovery measures and have on-call staff to quickly resolve unexpected incidents.
• Outbrain applies extensive monitoring of services and components by using advanced monitoring systems. Our monitoring methodology aims to predict issues that cause serving problems and resolve them before they occur.
• The beating heart of Outbrain is its data center. Therefore, we deploy three 'Tier-3, SOC 2' compliant “hearts” secured in three different locations, where data is being constantly replicated.

ISO/IEC 27001 CERTIFICATION

• The ISO 27000s family of standards helps organizations keep information assets secure.
• ISO/IEC 27001 is the best-known standard in the ISO 27000s family and provides requirements for an Information Security Management System (ISMS). ISO/IEC 27001:
  • Enables Outbrain to better manage the security of its assets (such as financial information, intellectual property, employee details or information entrusted to Outbrain by third parties);
  • Provides customers and stakeholders with higher confidence in the way Outbrain approaches risk management and controls sensitive information;
  • Helps Outbrain comply with other standards and regulations; and
  • Allows Outbrain to ensure that we meet our legal obligations towards our customers, such as protecting customer privacy.
• An ISO/IEC 27001 certification manifests higher security, higher quality of Outbrain's products and ultimately higher trust.