Kaseya Trust Center

In a world full of cyber threats, learn how Kaseya keeps IT safe, protected, and secure.

quote

“The Kaseya Community is based on Trust. Our commitment to privacy and cybersecurity revolves around you and your data.”

Fred Voccola
CEO, Kaseya
Cloud Patching

Security Standards & Policies

SNMP Device Monitoring Tool

Security Incident Response

Computer Screen

Product Security

Security Shield

Compliance

Gavel and Computer

Legal

Monitoring

Privacy

Security Advisories

When appropriate, Kaseya will provide communications on broader security related incidents that may not be linked to a specific Kaseya product or vulnerability, but are still of importance to our customer base and broader IT professionals.

April 07, 2022 4:02 PM ET: Security Update Regarding Spring4Shell Vulnerability

Kaseya Guidance: Upon investigation, customers are not required to complete any remediation steps for any of Kaseya’s product lines.

Software Affected/Affected Products and Versions: None

Overview: Kaseya has vetted its product line to determine which products may be affected by the Spring4Shell vulnerability. Upon verification, no Kaseya products have been found to be vulnerable to the Spring4Shell vulnerability.

Description: As stated in NIST, A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data binding. The specific exploit requires the application to run on Tomcat as a WAR deployment. If the application is deployed as a Spring Boot executable jar, i.e. the default, it is not vulnerable to the exploit. However, the nature of the vulnerability is more general, and there may be other ways to exploit it.

Resources:

December 14, 2021 6:00PM ET: Security Update Regarding Log4j2 Vulnerability

Kaseya is aware of the Log4j2 vulnerability CVE – CVE-2021-44228 (mitre.org) and our product, operations and security teams are currently assessing all products.

Kaseya has been performing a review of our products, code and production environments.  Currently, our analysis indicates that the products listed below are not affected by this vulnerability.  As this is an evolving threat, we will update this site as new information becomes available.

As always, please follow cybersecurity best practices including ensuring all of your servers are properly secured behind firewalls, backed up, and not left unprotected on the internet if they are installed on-premises.

Up to date information regarding Log4j2 can be found at the below link.

Learn More About Log4j2

Security Standards & Policies

Kaseya’s security framework is based on trust services criteria for security: integrity, availability, and confidentiality. Kaseya products are independently audited to SOC 2 Type 2 and the underlying data centers are certified to ISO 27001. Our security policies and standards are verified annually through external third-party audits.

Security Incident Response

Kaseya adheres to a strict playbook for rapid response as soon as suspicious activity is reported and validated. Kaseya’s policy is to isolate the incident and limit impact while establishing transparent communication channels as the source of truth. Kaseya partners with relevant authorities to identify bad actors and works with independent security researchers to mitigate any vulnerability and resolve the exploit. We’re appreciative of the research community and welcome productive cooperation in eliminating threats, vulnerabilities or exploits. If you have a vulnerability or incident to disclose, please provide details to [email protected].

Report a Security Incident

Product Security

Kaseya’s IT Complete solution consists of 27 unique solutions that are purposely compartmentalized from each other to ensure the highest level of security, reliability, and continuity for our customers.

Each IT Complete module is developed, monitored, and secured independently and audited for SOC 2 Type 2 compliance.

  • Multi-factor Authentication (MFA)
    Access to Kaseya products is controlled using MFA n to enhance security protection and prevent system usage via compromised credentials.
  • Encryption
    Kaseya products utilize industry standard strong encryption for all traffic in transit and encrypted customer data at rest.
  • Role-Based Access Controls
    Kaseya products provide customers with the ability to implement role-based access control on the principle of least privilege to manage and secure access.

Compliance Qualified

Compliance starts with design. All Kaseya products and services adhere to strict governance, risk management, and compliance protocols and regulations. These include SOC 2 Type 2, ISO 27001 Certified Datacenters, HIPAA, GDPR, and CCPA. Attestation and other governance, compliance, and risk management inquiries can be sent to [email protected].

Download Kaseya's SOC 3 Report Vulnerability Disclosure Policy

Legal Assurance

Kaseya’s legal policies and best practices are designed and enacted with our customers’ safety, protection, and well-being top of mind. We exercise complete transparency with our Legal Documents and Statements, including comprehensive terms and conditions and EULA. Legal inquiries can be sent to [email protected].

Privacy: Your Data Is Always in Your Control

All Kaseya products and services operate in accordance with major privacy acts and best practice procedures around the globe to ensure our customers’ data is safe, protected and in adherence with current law. These include, but are not limited to, CCPA and GDPR, CAN-SPAM, Privacy Shield, DRA, DPA, as well as our own Terms and Policy Statements. As new and revised privacy laws are being introduced all the time, Kaseya’s appointed Data Protection Officer operates on the front line to ensure our policies and procedures are always up to date and in line with active law around the globe. Privacy inquiries can be sent to [email protected].

Report a Whistleblower Complaint

Call our Whistleblower Hotline 1-877-519-2413 and/or Email our Governance, Risk and Compliance team to report the complaint

Contact Us

Help Your Customers

Kaseya empowers customers to securely move forward working with their customers

Powered Services

Security Resources

For the latest security insights, please see below for links to trusted government and third-party resources:

Awards & Recognitions

Kaseya IT Complete suite of products has received hundreds of awards and accolades over the last few years

As the only purpose-built, comprehensive IT Solution for small-to-medium businesses, we are taking the IT industry by storm and are thrilled to be acknowledged for the smart, innovative tools and solutions our customers depend on every single day.

Here are few notable recent mentions across our primary product suites:

Graphus Anti-Phishing
Best New Solution – ChannelPro
Outstanding Security Automation in Computing AI and Machine Learning – Computing UK
Tech Innovator – CRN
ID Agent Credentials Monitoring and Security Training
Breach and Attack Simulation (BullPhish ID) – Cybersecurity Excellence Awards
Best Security Awareness Training Solution – ChannelPro Readers Choice Awards
Best In Show – ChannelPro SMB Forum
IT Glue
Best Productivity Solution – ASCII Cybersecurity Excellence Awards
Best in Show – DattoCon
Password Management Tool of the Year (2nd place) – Reseller Choice Awards for Canada
Passly
Most Innovative Product, Threat Protection – American Cyber Awards
Rapidfire Tools Audit and Compliance
Best Product of the Year – American Cyber Awards
Best MSP Solution – American Cyber Awards
Cyber Security Excellence Awards
Unitrends
Business Continuity/Disaster Recovery (Gold) – Cybersecurity Excellence Awards
Best Hardware and Software Service – Steve Awards
Best Storage Solution – Database Trends and Applications
VSA
Best Remote Monitoring and Management (RMM) – ChannelPro Readers Choice Awards
IT Assessment Tool of the Year (2nd place) – Reseller Choice Awards for Canada
Most Innovative Cybersecurity Company – Cybersecurity Excellence Awards
Spanning
Best Data Security Solution – Database Trends and Applications
Top 5 SaaS Backup – Office 365 Online