Security

We go beyond industry norms by implementing a comprehensive, multi-faceted security strategy to ensure unparalleled protection of your valuable data.

Need to request a security review or obtain related documentation?

Access Security Center
Ezra Schwartz, Junior Software Engineer, working on the Mythos platform at a desk

SOC 2 Certification

Mythos operates with a security-first mindset and culture of compliance across the organization.

Powered by Drata state-of-the-art security automation platform

Continuous monitoring of 100 internal security controls

SOC 2 Logo: Automated by DrataAICPA SOC logo

Secure Software Development Life Cycle

The Mythos product team adheres to a secure Software Development Life Cycle (SDLC) when developing new features for the Mythos platform. A Secure SDLC requires adding security testing at each software development stage, from design, to development, to deployment and beyond. Examples include designing applications to ensure that your architecture will be secure, as well as including security risk factors as part of the initial planning phase.

Penetration and Vulnerability Certification

The Mythos software platform is penetration tested for vulnerabilities on an annual basis by A-LIGN Compliance and Security, Inc. A-LIGN is a technology-enabled security and compliance partner trusted by more than 2,500 global organizations to mitigate cybersecurity risks. A-LIGN follows a testing methodology that seeks to identify vulnerabilities and, through exploitation, determine the security impact.

All vulnerabilities that may be identified are immediately remedied by the Mythos team and re-tested by A-LIGN. A-LIGN then provides a Penetration Testing Report that describes any vulnerabilities discovered, the risk level of each, and whether or not Mythos has remedied the vulnerability.

A-LIGN’s penetration testing methodology is based upon the National Institute of Standards and Technology (NIST) SP 800-115 and Penetration Testing Execution Standard (PTES) frameworks and contains the following phases. The A-LIGN report is available upon request.

Daily Vulnerability Scanning and External Attack Surface Management

Intruder.io

Scans the Mythos publicly and privately accessible servers, cloud systems, websites, and endpoint devices, using industry-leading scanning engines to find vulnerabilities such as misconfigurations, missing patches, encryption weaknesses, and application bugs, including SQL Injection, Cross-Site Scripting, OWASP top 10, and more.

Detecify

Surface Monitoring strengthens the security of your applications' Internet-facing subdomains and detects exposed files, vulnerabilities, and misconfigurations continuously.

Automatically scan custom-built apps, find business-critical security vulnerabilities and strengthen your web app security with Application Scanning.

Want to see Mythos in action?

Book a Demo

See the stability and power of Mythos for yourself.

A tablet with a screenshot of Mythos.