• Use cases
    • Threat intelligence
    • Incident triage
    • Threat Hunting
    • Email Phishing
    • Endpoint protection
    • User Lifecycle Management
    • Forensic investigation
    • Cloud Security Posture Management
    • Ransomware
  • Integrations
  • ITOps
  • SecOps
  • CloudOps
  • Company
    • Partners
    • Hiring
    • Security
  • Blog
Mindflow Logo
  • Use cases

    Phishing

    Automate the handling of phishing incidents and response.

    Ransomware

    Automated playbooks to circumvent incoming attacks at machine speed.

    User life cycle management

    Automate users’ on and offboarding. Orchestrate the monitoring of suspicious activities.

    Threat Intelligence

    Enable continuous updates and data sharing from worldwide intelligence feeds.

    Threat Hunting

    Gather resources spread across your company to decipher previously unknown threats.

    Incident triage

    Build automated workflows to depart false positives and duplications from real threats.

    Endpoint Protection

    Automate and Orchestrate the detection and remediation of incidents on your devices.

    Threat Detection

    Decipher threats running in your organization by mapping abnormal activities.

    Forensic investigation

    Alleviate the work of forensics with streamlined resources.

    Cloud Security

    Maintain constant monitoring of your cloud configuration to reduce risks of misconfiguration.

    • Threat intelligence
    • Incident triage
    • Threat Hunting
    • Email Phishing
    • Endpoint protection
    • User Lifecycle Management
    • Forensic investigation
    • Cloud Security Posture Management
    • Ransomware
  • Integrations

    Cybersecurity

    Put your cybersecurity stack on steroids

    Threat Intelligence
    SIEM
    Network & Firewalls
    EDR
    Vulnerability Management
    Connect your cybersecurity ecosystem

    IT & Business

    Break silos in your modern IT stack

    Ticketing
    Communication
    IAM
    Cloud
    Miscellaneous
    Explore the paradigm of fusion

    Featured Integrations

    We cover your entire environment

    Jira
    Okta
    Splunk
    Sentinel One
    Slack
    CyberReason
    Discover our 200+ integrations
  • ITOps
  • SecOps
  • CloudOps
  • Company
    • Partners
    • Hiring
    • Security
  • Blog
Get Started

Mindflow Logo
  • Use cases

    Phishing

    Automate the handling of phishing incidents and response.

    Ransomware

    Automated playbooks to circumvent incoming attacks at machine speed.

    User life cycle management

    Automate users’ on and offboarding. Orchestrate the monitoring of suspicious activities.

    Threat Intelligence

    Enable continuous updates and data sharing from worldwide intelligence feeds.

    Threat Hunting

    Gather resources spread across your company to decipher previously unknown threats.

    Incident triage

    Build automated workflows to depart false positives and duplications from real threats.

    Endpoint Protection

    Automate and Orchestrate the detection and remediation of incidents on your devices.

    Threat Detection

    Decipher threats running in your organization by mapping abnormal activities.

    Forensic investigation

    Alleviate the work of forensics with streamlined resources.

    Cloud Security

    Maintain constant monitoring of your cloud configuration to reduce risks of misconfiguration.

    • Threat intelligence
    • Incident triage
    • Threat Hunting
    • Email Phishing
    • Endpoint protection
    • User Lifecycle Management
    • Forensic investigation
    • Cloud Security Posture Management
    • Ransomware
  • Integrations

    Cybersecurity

    Put your cybersecurity stack on steroids

    Threat Intelligence
    SIEM
    Network & Firewalls
    EDR
    Vulnerability Management
    Connect your cybersecurity ecosystem

    IT & Business

    Break silos in your modern IT stack

    Ticketing
    Communication
    IAM
    Cloud
    Miscellaneous
    Explore the paradigm of fusion

    Featured Integrations

    We cover your entire environment

    Jira
    Okta
    Splunk
    Sentinel One
    Slack
    CyberReason
    Discover our 200+ integrations
  • ITOps
  • SecOps
  • CloudOps
  • Company
    • Partners
    • Hiring
    • Security
  • Blog
Get Started

Security at core

Security is a top priority for every company. Threats are growing exponentially in terms of occurrence and gravity. That’s why we embedded it as one of our core values from the beginning. We’re providing you with a solution built with trust at its heart by following best practices as we create. 

Security in Mindflow 

To ensure the best level of protection at all times for our customers, we provide several features within Mindflow to safeguard the security, confidentiality, integrity, and availability of customer data.

Infrastructure

Access to production environments: We restrict access to production systems to senior employees only that are designated upon manual review. 

Segregation between test and production environments: We enforce segregation between test and production environments and ensure that data used in test is separate from data used in production environment to protect customers’ data.

Single tenant: Mindflow is deployed in single tenant to ensure hermetic separation between every customer.

Data encryption: Data flowing through Mindflow is encrypted at rest and in transit using AES-256.

Data backup: Automatic backups are performed daily and retained for 35 days. In the event of a disaster, Mindflow is replicated across numerous data centers to allow rapid recovery. Shall a prolonged Disaster occur, Mindflow has a predetermined Recovery plan on alternate sites to enforce Recovery Time Objectives.

Secure protocols: Mindflow enforces SSL/TLS protocols to keep connexions secure.

End user access: MFA can be enforced on end-users to access the platform.

Availability: Mindflow is built using AWS Lambda serverless computing to keep speed and agility as we scale up to meet any demand and maintain a high level of availability.

Physical and virtual security: AWS handles the physical and virtual security of Mindflow’s architecture as part of the shared responsibility model.

Web application firewall: Mindflow uses AWS WAF to block attacks targeting the web-facing app.

Code

Peer review: We enable peer review on code changes before pushing them into test environments.

Code changes: Code Changes are pushed to production environment only after a senior developer’s approval.

Continuous tests: Throughout the development life cycle, CI/CD tests are enforced to check the code for compiling errors.

Privileges

Identity management: A secure governance and management system using AWS Control Tower and Organizations provides identity management, cross-account security audits, and federated access to accounts enforced by high-level rules.

User access: Using AWS Cognito, we provide a  fine-grained user identity system.

Security at Mindflow

There is no security if we don’t place emphasis on humans. At Mindflow, we put security within our company at the same priority as in our product. We’ve listed below a non-exhaustive list of measures we’ve implemented enterprise-wide.

Security awareness training: Every Mindflow employee undergoes security awareness training as a mandatory onboarding step. Once a year, every employee must undergo training again.

Background checks: Every employee must complete a background check upon arrival at Mindflow.

Passwords and MFA: Mindflow enforces the use of a SOC2 Type 2 certified Password Manager among its employees. Access to critical systems is protected by MFA authentication.

Business continuity: In the event of a disruption of business processes, senior management is trained to minimize downtime and enforce continuity of the business processes.

Devices: All employees are issued laptops by the company dedicated to professional work upon arrival. The laptops are encrypted to prevent the risk induced by thievery. Laptops are continuously monitored to protect,  or should the event arises, detect and mitigate incidents.

Third-party vendors risk assessment: Critical vendors’ security architecture are reviewed regarding SOC2 standards.

Compliance

Mindflow is aligning its security architecture with regard to the relevant international frameworks.  We are currently in the process of SOC 2 Type 2 and ISO/IEC 27001 certifications.

soc2 monitoring security
ISO monitoring security

Mindflow is committed to GDPR compliance and enforces adequate measures to ensure that requirements are met within the company. You can review our practices and sub-processors in our Privacy policy.

Our Commitment to Integrity and Confidentiality

Mindflow provides a process to external users for reporting security, confidentiality, integrity, and availability failures, incidents, concerns, and other complaints. To report incidents linked to the matters mentioned above, please send details to security@mindflow.io.

We are dedicated to conducting our business with the highest standards of probity and integrity. In accordance with the French and international applicable regulations, we have implemented a comprehensive mechanism within our company to prevent breaches of probity and integrity. This public statement outlines our commitment to maintaining this mechanism throughout the duration of our business agreements and ensuring the confidentiality of those involved in reporting any breaches.

Mindflow is committed to protecting the confidentiality of those who report any breaches of probity and integrity, as well as the persons targeted by such reports and the information collected by all recipients of the report. To maintain confidentiality, we adhere to the following principles:

1. Ensuring the identity of authors of the report, persons targeted by it, and any information collected remains confidential and is only disclosed to authorized personnel on a need-to-know basis.
2. Implementing secure systems and processes to store and manage any sensitive information related to reports of breaches of probity and integrity.
3. Prohibiting any form of retaliation against employees or other parties who, in good faith, report concerns or potential breaches of probity and integrity.
4. Providing support and resources to those who report breaches of probity and integrity, including access to confidential advice and guidance.

Company

Hiring
Security
DPA
Privacy
Terms and Conditions

Blog

Profiles

CloudOps
ITOps
SecOps

Integrations

Cybersecurity
IT & Business

Use cases

Cloud Security
Endpoint Protection
Forensic Investigation
Incident Triage
Phishing
Ransomware
Threat Detection
Threat Intelligence
User Lifecycle Management
Get Started
Mindflow Logo

128 rue la Boétie 75008 Paris, France

Twitter Linkedin
© Copyright 2022
mindflow
Manage Cookie Consent
To provide the best experiences, we use technologies like cookies to store and/or access device information. Consenting to these technologies will allow us to process data such as browsing behavior or unique IDs on this site. Not consenting or withdrawing consent, may adversely affect certain features and functions.
Functional Always active
The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
Preferences
The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
Statistics
The technical storage or access that is used exclusively for statistical purposes. The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
Marketing
The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.
Manage options Manage services Manage vendors Read more about these purposes
View preferences
{title} {title} {title}