Security drives Kolide

Do you have a security concern that you'd like to report?
Report an Issue
Security concern?
Report an Issue

Security is a top priority at Kolide. Our customers need to be confident that their data is secure which is why Kolide was built to meet the sophisticated needs of organizations large and small. We believe in implementing the technology that will keep you protected against the threats of tomorrow.

What Security Means to Us

We regard ourselves as a provider of security as well as an adherant. Read below to learn more about issues pertaining to your security concerns.

What makes the Kolide product secure?

Application security is important at Kolide. We have an active bug bounty program and we frequently engage professional penetration testers to find vulnerabilities in our most security-sensitive software. The Kolide Cloud product includes enforcable two-factor authentication, role-based access control, and more.

Learn More

What makes Kolide's infrastructure secure?

At Kolide, infrastructure security is important to us because we fully appreciate the sensitive nature of our customers' data. To mitigate risk, every customer has an isolated instance of our Cloud product that we deploy and harden in Google Cloud Platform on Kubernetes, a production-ready container orchestration platform.

Learn More

Internal Security Practices at Kolide

Kolide was founded by members of Facebook's security team, so internal security is important to us because we love building an organization with a forward-thinking approach to internal security. At Kolide we believe in an unprivileged corporate network where we authenticate to internal services through a robust authentication proxy.

Learn More

Product Security

SSO & 2FA

Single Sign-on (SSO) allows you to authenticate users in your own systems without requiring them to enter additional login credentials on (SSO).

If you're using password based authentication, you can turn on 2-factor authentication (2FA) and receive codes via SMS or configure a TOTP token.

Encryption

All web and gRPC traffic sent to or from Kolide is encrypted TLS/SSL 256 bit encryption.

Our API and application endpoints are TLS/SSL only and score an “A” rating on Qualys SSL Labs‘ tests. This means we only use strong cipher suites and have features such as HSTS and Perfect Forward Secrecy fully enabled.

Password & Credential Storage

Kolide enforces advanced password complexity standards by checking for password entropy and disallowing passwords that are commonly used, use predictable substitutions, or match previously leaked credentials.

Kolide stores user passwords and credentials are stored using a password based key derivation function.

Customer Isolation

Kolide leverages Kubernetes to ensure that each customer gets a private deployment of the Kolide Cloud.

Bug Bounty Program

Kolide offers a bug bounty program facilitated by HackerOne, which gives security researchers a platform for responsibly reporting security vulnerabilities.

PCI Compliance

All credit card payments made to Kolide go through our partner, Stripe. Details about their security setup and PCI compliance can be found on Stripe’s security page.