Skip to content

Security operations


Polygon Labs uses a variety of SaaS and bespoke infrastructure. Where audit logs are provided by those services, they are collected into a centralized repository and stored for a certain period of time to support internal operations should a security incident arise.

Logs are reviewed automatically for anomalies to feed Polygon Labs’ threat detection models.


Polygon Labs relies on a variety of sources that generate alerts for potential security incidents. Those sources include, but are not limited to, Google Workspace, Falcon CrowdStrike, AWS GuardDuty, GCP Security Command Center, Cloudflare, and Okta. Every system with built-in anomaly or threat detection directs its findings to a centralized SIEM, Coralogix, for our security analysts to review.

Polygon Labs has security analysts distributed globally to help ensure timely triage of security alerts.

Incident response

Polygon Labs has established an incident response process that is modeled on industry best practices. We designate key people to act as subject matter experts to join the incident response team as needed and depending on the nature of a given cyber security incident. We also use third-party agencies to complement our incident response team from top tier security vendors.

The lifecycle of a cyber security incident begins with detection and discovery. At Polygon Labs, we use a variety of tools such as anti-virus, endpoint detection and response, network intrusion detection, phish screening, and anomaly detection to help ensure we identify potential cyber security events early. We also provide our service providers and community with mechanisms to proactively report suspicious activity; including a ticketing system, instant messaging channels, and a dedicated phone number for emergencies.

When an incident is identified, the security operations team performs triage and draws on our roster of subject matter experts to help with investigation and analysis. If an incident is declared a true positive we move from analysis to containment, remediation, and recovery.

Polygon Labs carefully considers when, how, and who to communicate with during incident response. Impacted stakeholders are sent notifications in a timely manner to ensure they can take reasonable steps to protect their information if necessary.

In order to ensure the incident response process remains relevant, we conduct regular incident response exercises if no real security incident has occurred after a given period.

Authentication & access control

Polygon Labs establishes standards for authentication and access control in its information security policy and information security standards documents.

To ensure the security of our corporate systems, all service providers must adhere to strict authentication and authorization requirements. These may include, but are not limited to, usage of complex passwords, which should be changed regularly according to industry standards and two-factor authentication, together with single sign on is mandatory for accessing sensitive systems. Default, shared, or easily guessable passwords are strictly prohibited.

Polygon Labs performs entitlement reviews for sensitive systems on a regular basis. Where applicable and available, systems are accessed via single sign-on (SSO).