Corporate Security

At Cellebrite, security starts with a well-defined enterprise-wide strategy, which serves as the guiding light to our security operation and practices. Our security focuses on corporate network resilience, product and services security, safeguarding customers’ data and complying with standards and regulations.

Cellebrite employs dedicated security teams to oversee the corporate information security standards, practices and controls. The teams deploy various programs to ensure our approach to security is well translated to practices and a proactive approach.

Network Security

Access Management and Access Control

Cellebrite’s procedures are designed with the intent to prevent unauthorized access to our corporate systems. The access management process for Cellebrite information and assets is formalized and controlled. Access rights are provisioned based on structured user management and role-based access control (RBAC), which ensures access is granted in accordance with our internal policies and the principle of “least privilege.” Access rights to sensitive data are permission-based on pre-approved workflows. We apply access controls to corporate services, such as pre-access verifications, conditional access, Multifactor Authentication (MFA) and zero-trust policy. Additionally, Cellebrite is also enforcing secure access by using Secure Access Service Edge (SASE) and Virtual Private Network (VPN) methods.

Endpoint Security Protection

Cellebrite Endpoints are continuously monitored and protected by various tools such as anti-malware, firewalls, encryption and Endpoint Detection and Response (EDR). The endpoints are regularly updated with recent OS and patched with relevant and critical security updates.
People Security

Our employees play a critical part in our ability to enhance our security resilience against possible security risks. We invest in ongoing subject matter training to ensure a cross-company security-first mindset and ‘in processes’ embedded security.

We invest in ongoing awareness and training to ensure a cross-company security-first mindset and ‘in processes’ embedded security.

We also maintain open channels of communication so that our employees have easy access to the security team for solutions and support.

To ensure our security standards are upheld, we conduct thorough pre-employment screening and background checks, in full compliance with local regulations and relevant privacy laws.

Internal & External Audits

Cellebrite regularly conducts comprehensive security audits to validate and verify our security resilience and to remediate any possible exposure.

Cellebrite uses various tools and services, including conducting periodic penetrations test, continuously scanning the network and assets for exposures, risk-based internal reviews and independent, third-party audits.