Skip to main content

Logging

Polygon Labs uses a variety of SaaS and bespoke infrastructure. Where audit logs are provided by those services, they are collected into a centralized repository and retained for a defined period to support internal operations during security incidents. Logs are reviewed automatically for anomalies to feed threat detection models.

Monitoring

Security alerts are generated from multiple sources, including Google Workspace, Falcon CrowdStrike, AWS GuardDuty, GCP Security Command Center, Cloudflare, and Okta. All systems with built-in anomaly or threat detection route findings to a centralized SIEM, Coralogix, for review by security analysts. Polygon Labs has security analysts distributed globally to support timely triage of security alerts.

Incident response

Polygon Labs follows an incident response process modeled on industry best practices. Key personnel act as subject matter experts and join the incident response team as needed, depending on the nature of a given incident. Third-party agencies from tier-1 security vendors complement the internal team. The incident response lifecycle begins with detection and discovery. Detection tools include anti-virus, endpoint detection and response (EDR), network intrusion detection, phish screening, and anomaly detection. Service providers and community members can report suspicious activity through a ticketing system, instant messaging channels, or a dedicated phone number for emergencies. When an incident is identified, the security operations team performs triage and engages relevant subject matter experts for investigation and analysis. If an incident is confirmed as a true positive, the team moves to containment, remediation, and recovery. Impacted stakeholders are notified in a timely manner so they can take steps to protect their information if needed. Polygon Labs conducts regular incident response exercises when no real incident has occurred within a given period, to keep the process current.

Authentication and access control

Polygon Labs establishes standards for authentication and access control in its information security policy and standards documents. All service providers must meet authentication and authorization requirements, including complex passwords changed regularly per industry standards, two-factor authentication, and single sign-on (SSO) for sensitive systems. Default, shared, or easily guessable passwords are prohibited. Polygon Labs performs entitlement reviews for sensitive systems on a regular basis. Systems are accessed via SSO where available.