We’re Serious About Security

Panther was founded by a team of security practitioners who understand the immense importance of safeguarding your data. Learn more about how we ensure your data is secure, complete, and available.

End-to-end data security

Cyber security is serious business. We value your trust and strive to deliver a security monitoring platform you can depend on.

Compliance

Our platform is compliant with SOC 2, Type 2, and HIPAA so that you can be confident in the integrity of your data.

Infrastructure

Our serverless, single-tenant architecture guarantees world-class reliability and data privacy.

Data and Application Security

Security is paramount in everything we do, from our product, to the way we run our business, to how our employees prioritize security.

Identity and Access Management

We strictly enforce least privilege principles for managing access to all systems where customer data is stored or processed.

Vendor Management

We have a thorough security control review process for all vendors we leverage.


Trusted by modern security teams

Compliance

Panther’s compliance with privacy laws and security standards ensure you meet your own compliance requirements.

We are SOC2 (Type2) Compliant

Panther follows strict policies and procedures that meet all the Trust Services Criteria: security, availability, processing integrity, confidentiality, and privacy.

We are PCI Compliant

Panther meets the Payment Card Industry standards for credit card processing and encrypted Internet transactions.

We are HIPAA Compliant

Panther meets the federal privacy and security standards for handling health industry entities' personal health information (PHI).

Infrastructure

Panther’s entire hardware and software foundation is optimized to guarantee reliability and reduce security risk.

Serverless

Built for scale and fast time to value, Panther runs a completely serverless architecture using best-of-breed solutions like AWS Lambda, ECS Fargate, S3, and DynamoDB to handle massive workloads with zero-hassle administration.

Single-Tenant

By ensuring that each customer’s data is stored in a separate instance, Panther offers better uptime and reliability, leveraging performance and data security based on one instance instead of multiple.

Availability

Panther commits to 99.9% service uptime through our SLA. Read more about our system availability.

Data, Application and IT Security

Panther’s security-first culture puts security and trust at the forefront of every part of our business.

Data Security

All Panther data is encrypted with industry-standard cipher suites, whether at rest or in transit. Equally important, data is backed up to S3 continuously to ensure business continuity in the event of a failure.

Application Security

Security is baked into Panther’s application, and maintaining it is critical. Our code is analyzed via static application security testing (SAST) during continuous integration (CI) and post-deployment, penetration testers regularly audit our application, and we maintain a robust public bug bounty program.

IT Security

All of Panther’s laptops leverage full-disk encryption — and are managed, upgraded, and patched with best-in-class mobile device management (MDM) solution. Our hardware is protected by an endpoint security agent that provides NGAV and EDR/EPP capabilities, with 24/7/365 monitoring.

Identity & Access Management

IAM layers over Panther’s entire business, as identity validation and policy alignment is critical for every aspect of the company.

Internal Applications

Our identity provider (IdP) governs access to internal applications, which requires multi-factor authentication.

Cloud Resources

Access to cloud resources is managed through AWS IAM. Panther strictly follows the model of least privilege, only assigning access to the resources and services necessary. We also leverage MFA comprehensively.

Vendor Management

Every vendor relationship represents a security risk, so third party risk management plays a crucial role in Panther’s security posture.

Review

All vendors we leverage go through a review process in which their security controls are reviewed extensively.

Authorized Third Party Vendors

We also maintain a list of subprocessors and notify our customers of any changes.