Can I request Strobes' SOC 2 report?

Yes. Our SOC 2 Type 2 report is available under NDA. Contact your account manager or email security@strobes.co to request a copy.

Where is customer data stored?

Customer data is stored in SOC 2 certified data centers. Deployment options include US, EU, and APAC regions. On-premise and private cloud deployments are also available for enterprise customers.

Does Strobes support SSO?

Yes. Strobes supports SAML 2.0 and OpenID Connect for single sign-on integration. We integrate with Okta, Azure AD, Google Workspace, and other identity providers.

How does Strobes handle vulnerability disclosure?

Strobes maintains a responsible disclosure program. We follow coordinated disclosure practices with a 90-day timeline. Security researchers can report vulnerabilities to security@strobes.co.

Is Strobes data isolated per customer?

Yes. All customer data is logically isolated with strict tenant separation. No customer can access another customer's data. Access controls are enforced at the application and database layer.

Trust & Security

SecurityIsWhatWeSellandHowWeOperate

Strobes meets the highest standards of data security, privacy, and operational integrity. Our platform is independently audited and continuously monitored.

We hold SOC 2 Type 2, ISO 27001, and CREST certifications. Our infrastructure, processes, and people are held to the same standards we help our customers achieve.

Get a Demo

Certifications

Independent Certifications & Compliance

SOC 2 Type 2

Independently audited by AICPA-accredited firm. Controls verified for security, availability, processing integrity, confidentiality, and privacy.

ISO 27001:2022

Certified Information Security Management System (ISMS). Annual surveillance audits confirm ongoing compliance.

CREST Certified

Penetration testing services delivered by CREST-certified professionals following CREST-approved methodologies.

CERT-In Empanelled

Empanelled by the Indian Computer Emergency Response Team (CERT-In) for conducting security audits and assessments.

GDPR Compliant

Data processing aligned with GDPR requirements. Data Processing Agreements (DPAs) available for all EU customers.

SOC 2 Type 1

Initial point-in-time audit completed in 2022. Upgraded to Type 2 continuous audit in 2023.

Our Practices

How We Protect Your Data

Infrastructure Security

Strobes is hosted on enterprise-grade cloud infrastructure with SOC 2 certified data centers. All environments are isolated with network segmentation, intrusion detection, and 24/7 monitoring. Infrastructure is managed as code with automated patching and configuration management. Regular penetration testing is performed against our own platform by third-party auditors.

Methodology

Industry-Standard Testing Frameworks

All security assessments follow recognized industry frameworks and methodologies.

OWASP

OWASP Top 10 and OWASP Testing Guide coverage for all web and API assessments.

SANS 25

CWE/SANS Top 25 Most Dangerous Software Errors verification.

NIST

NIST Cybersecurity Framework and NIST 800-53 control mapping.

OSSTMM

Open Source Security Testing Methodology Manual for comprehensive assessments.

Key Insight

OurSecurityResearchers

Every penetration test and validation engagement is conducted by certified security professionals with real-world offensive security experience.

OSCP

Offensive Security

Offensive Security Certified Professional: hands-on exploitation expertise.

PNPT

Practical Pentesting

Practical Network Penetration Tester certification.

CRTP

Red Team

Certified Red Team Professional for Active Directory attacks.

CISSP

Information Security

Certified Information Systems Security Professional.

Compliance Support

SecurityTestingforYourComplianceNeeds

Strobes helps organizations meet security testing requirements across major compliance frameworks:

Our platform generates compliance-ready reports that map findings directly to control requirements, reducing audit preparation from weeks to minutes.

AI Safety

AI Agents with Guardrails Built In

Strobes AI agents operate within strict boundaries. Safety controls, human-in-the-loop checkpoints, and verifiable reasoning govern every autonomous action.

Bounded Autonomy

AI agents at Strobes do not operate without limits. Every agent has a defined scope, permitted actions, and escalation triggers. Agents cannot take destructive actions, access data outside their assigned scope, or bypass approval workflows.

Human-in-the-Loop Controls

Critical decisions always require human approval. Security teams set the thresholds for autonomous execution. Anything outside those thresholds escalates to a human operator before proceeding.

Explainable Reasoning

Every recommendation and action by a Strobes AI agent includes a reasoning chain. Analysts can inspect why an exposure was prioritized, how a validation was performed, and what evidence supports a recommended fix.

No Training on Customer Data

Strobes does not use customer data to train its AI models. Your vulnerability data, asset information, and remediation history remain yours. They are never shared, aggregated, or used to improve the model without explicit consent.

FAQ

Trust and Security: Frequently Asked Questions

Get Started Today

Needoursecuritydocumentation?

Request our SOC 2 report, security whitepaper, or schedule a trust review with our security team.

Talk to Us

Setup in 5 minutes
SOC 2 & ISO 27001

Join 150+ security teams already reducing exposure with Strobes