Security You Can Trust
UAS operators, manufacturers, developers, and airspace managers expect to have trusted, reliable, and accurate information. We generally do not like to expose too much about our security practices because it only helps attackers. But we realize security is important to you, so we’ve decided to post some high-level information about how important security is to AirMap.
AirMap employs a wide range of security controls in order to mitigate the risk of vulnerabilities. A few of the security controls in place are a 24/7 Security Operations Center which includes an Intrusion Detection System, Log Analysis, and a Web Application Firewall; Penetration Testing & Vulnerability Assessments, Content Delivery Network, and Data Security Controls.
AirMap delivers tremendous capability to end users without any additional risk. Third party data and service integrations can lead to vulnerabilities. We employ a wide range of security controls to protect against attacks to servers and end users.
Ensure safe and secure drone operations in accordance with laws and policies with AirMap’s robust airspace management platform. We prioritize the integrity and availability of systems to ensure safety. Read more below.
The privacy and data security of recreational and commercial drone operators is extremely important to us. AirMap has multiple controls in place to ensure data security. Rest assured that your data is protected. Read more about the measures we take below.
Security Operations Center (SOC)
AirMap has security personnel monitor our intrusion detection system, conduct log analysis, and review findings from our web application firewall.
Servers log all activities that happen and these activities provide clues about if/when a security incident has occurred. AirMap’s log analysis pulls all of the logs from all of our products’ servers. All of these logs are combed for clues about security incidents both automatically and manually.
Penetration Tests & Vulnerability Assessments
AirMap conducts offensive attacks on our applications, computer systems, and network to try to find security weaknesses. Any weaknesses AirMap finds are quickly fixed and remediated. This testing allows AirMap to think like an attacker and ensure the risk of vulnerabilities in our systems are mitigated so that we can provide accurate, reliable, and secure information and services.
Content Delivery Network (CDN)
AirMap uses a content delivery network to help with Denial-of-Service (DoS) attacks. This helps ensure that our services and data are highly available.
Intrusion Detection System (IDS)
AirMap’s intrusion detection system monitors our products’ network and system (servers) for malicious behavior or violations of policy. Intrusions are reported to a Security Operations Center (SOC) operator so they can investigate further and take action based on our documented incident response plan.
Web Application Firewall (WAF)
AirMap’s Web Application Firewall (WAF) looks for attacks on our software applications and APIs. The WAF will find application attacks that are meant to take over a system, pull information from a database, and attack other users of the software. The WAF will help prevent these attacks from being successful.
3rd Party Vulnerability Assessments
In addition to conducting vulnerability assessments, AirMap also has independent third-parties conduct vulnerability assessments as well. This helps remove AirMap’s bias and provides assurances that AirMap is taking the necessary and expected steps to mitigate all security risks.
AirMap takes data security and privacy seriously. We go above and beyond data privacy laws by ensuring that only the strongest cryptographic algorithms are selected for both data in transit and data at rest.
No security controls are perfect, that is why we have a layered defense strategy. We are prepared to detect, respond, and recover as outlined in NIST’s Cybersecurity framework.
Please also read our Responsible Disclosure Policy.
For questions or more information about AirMap’s security please contact firstname.lastname@example.org.