Greenhouse
In the context of cybersecurity, Greenhouse is a vital HR platform that handles extremely sensitive employee and candidate data, making it a prime target for attackers. It's not a security tool itself, but its security posture is critical to an organization's overall defense. A breach of this system could expose personal information, including resumes, performance reviews, salary data, and background check results.
Core Problem Solved: Human Resources Data Management
Greenhouse's primary purpose is to streamline the hiring process. However, because it centralizes a vast amount of confidential information, it becomes a high-value target for data theft. The cybersecurity focus, therefore, is on how Greenhouse protects this data from unauthorized access, both from outside attackers and from internal misuse.
Key Aspects of Greenhouse's Cybersecurity:
Data Protection:
Encryption: Greenhouse protects data both in transit (using TLS) and at rest (using AES-256 encryption). This is a fundamental safeguard that prevents data from being read if it is intercepted or if a server is compromised.
Data Minimization and Retention: The platform offers features to assist companies in complying with data privacy regulations, such as GDPR and CCPA. This includes the ability to set data retention rules and delete candidate data when it is no longer needed.
Malware Scanning: Greenhouse scans all uploaded documents, such as resumes and cover letters, for malware. This helps prevent malicious files from entering the company's network through the hiring process.
Access and Identity Management:
Granular User Permissions: Greenhouse enables administrators to define distinct roles and permissions, ensuring that employees have access only to the data necessary for their job functions. This principle of least privilege is a core cybersecurity best practice.
Single Sign-On (SSO) and SCIM: The platform supports SSO, which simplifies user authentication and reduces the risk of password compromise. It also supports SCIM for automated user provisioning and de-provisioning, which ensures that access is automatically revoked when an employee leaves the company.
Audit Logs: Greenhouse maintains detailed audit logs that track every action a user takes within the system. This provides a crucial forensic trail for security teams to investigate potential incidents, such as unauthorized data access or a change in a user's permissions.
Operational Security:
Third-Party Audits and Certifications: Greenhouse undergoes regular third-party audits and has achieved significant certifications, including SOC 1 Type 2, SOC 2 Type 2, and ISO 27001. These certifications provide independent verification of the company's security controls.
Penetration Testing and Bug Bounty Program: The company conducts regular penetration tests with external firms and runs a bug bounty program to encourage security researchers to find and report vulnerabilities.
Cloud Infrastructure: Greenhouse uses Amazon Web Services (AWS) as its cloud infrastructure provider, leveraging AWS's robust security measures, including physical security and redundant systems for high availability.
Greenhouse's cybersecurity is focused on protecting sensitive HR data. The primary risk is a data breach that could have serious legal, financial, and reputational consequences. The company's security posture is built on a foundation of data encryption, strong access controls, continuous monitoring, and adherence to global security and privacy standards.
ThreatNG, as a comprehensive external attack surface management, digital risk protection, and security ratings solution, provides an outside-in, unauthenticated view of an organization's security posture. It would help a company that uses Greenhouse by identifying and assessing potential security risks from an attacker's perspective, which complements the platform's internal security controls.
External Discovery
ThreatNG performs purely external, unauthenticated discovery with no connectors. For an organization using Greenhouse, ThreatNG's Cloud and SaaS Exposure module would automatically identify the company's Greenhouse instance as a sanctioned SaaS application in use. The discovery process also reveals other related external assets, such as subdomains, mobile apps, and public code repositories, to provide a comprehensive view of the attack surface.
Example: ThreatNG would discover
mycompany.greenhouse.ioand identify it as an HR SaaS platform used by the organization.
External Assessment
After discovering the Greenhouse instance, ThreatNG assesses potential vulnerabilities from an attacker's perspective.
Cyber Risk Exposure: ThreatNG would check for risks such as misconfigured certificates and vulnerabilities related to the Greenhouse domain. It also factors in Code Secret Exposure, which discovers sensitive data in public code repositories. For a Greenhouse user, this could include finding API keys or access tokens in a public repository that could compromise their account. The score also considers compromised credentials on the dark web that could be used for an attack.
Data Leak Susceptibility: ThreatNG assesses a company's susceptibility to data leaks by looking for exposed information in cloud and SaaS environments. This is critical for Greenhouse users, as a data leak could expose confidential employee or candidate information. ThreatNG also considers Compromised Credentials from the dark web and Domain Intelligence to determine an organization's susceptibility to data leaks.
BEC & Phishing Susceptibility: ThreatNG's Domain Intelligence module assesses a company's susceptibility to business email compromise and phishing attacks. It would identify typosquatting domains (e.g.,
greenhouse-mycompany.com) that could be used in a phishing campaign to steal credentials from job candidates or employees.NHI (Non-Human Identity) Exposure: This score uncovers an organization's susceptibility to risks associated with non-human identities like API keys and service accounts. ThreatNG would identify compromised non-human identities and secrets by analyzing sensitive code exposure in repositories and mobile applications. This is particularly important for Greenhouse, as many integrations use API keys to connect to other HR systems, and a leaked key could expose sensitive data.
Investigation Modules
ThreatNG provides detailed investigation modules to analyze findings:
Sensitive Code Exposure: This module would discover public code repositories and mobile apps and investigate them for sensitive data.
Example: ThreatNG could find a public repository on GitHub where a developer accidentally hard-coded a Greenhouse API key. An attacker could use this to gain unauthorized access to candidate or employee data.
NHI Email Exposure: This feature groups discovered emails identified as
admin,support, orrecruit. This helps identify and secure administrative accounts that might have privileged access to Greenhouse.Archived Web Pages: ThreatNG can search archived web pages for sensitive data.
Example: ThreatNG could find an old, archived web page that was accidentally left public, containing a list of employees or candidates with their email addresses and other details, which could be used for targeted phishing attacks.
Intelligence Repositories
ThreatNG's intelligence repositories, branded as DarCache, power its assessments.
DarCache Rupture (Compromised Credentials): This repository would be checked for any compromised user credentials associated with the company that could be used to log into the Greenhouse platform.
DarCache Dark Web: This repository would be scanned for mentions of the company or its use of Greenhouse, including discussions about potential exploits or leaked data.
DarCache Vulnerability: This repository provides critical context on known vulnerabilities. It includes data from NVD, EPSS, and KEV. This would help a company's security team prioritize patching efforts on vulnerabilities that pose an immediate and proven threat.
Example: ThreatNG's DarCache Vulnerability repository would provide information on any known vulnerabilities in the Greenhouse SDKs or APIs, including their technical characteristics, potential impact, and likelihood of being exploited in the near future. This enables security teams to concentrate on the most severe and likely-to-be-exploited vulnerabilities.
Reporting and Continuous Monitoring
ThreatNG offers comprehensive reporting, including executive, technical, and prioritized reports, which would detail the findings related to the company's use of Greenhouse. These reports provide risk levels, reasoning, and recommendations to help the organization prioritize its security efforts and mitigate risks. ThreatNG also offers continuous monitoring of the external attack surface and security ratings, ensuring that any new risks or exposures are promptly detected.
Complementary Solutions
ThreatNG's external, unauthenticated approach complements internal security tools, creating a more comprehensive security program.
Security Information and Event Management (SIEM): A SIEM solution, like Splunk, collects and analyzes log data from internal systems. If ThreatNG discovers compromised credentials on the dark web, this intelligence can be fed into the SIEM. Then, suppose the SIEM detects a suspicious login attempt to a Greenhouse account. In that case, it can correlate that event with the intelligence from ThreatNG, providing the security team with a clearer picture of the threat.
Identity and Access Management (IAM): An IAM solution, such as Okta or Azure Active Directory, manages user identities and access to applications. If ThreatNG discovers a compromised non-human identity, such as an exposed API key for Greenhouse, this information can be used to revoke that credential in the IAM system immediately.
Data Loss Prevention (DLP): A DLP solution monitors for data exfiltration within a company's network. If ThreatNG identifies a public-facing asset that contains sensitive data (e.g., an archived webpage with employee information), this intelligence can be used to inform the DLP solution, which can then look for similar data patterns, helping to prevent future leaks.
