Skip to main content
Xoxoday protects all internal systems with dedicated firewalls deployed within a multi-tier Virtual Private Cloud (VPC), complemented by Intrusion Detection and Prevention Systems (IDS/IPS) and Amazon GuardDuty for continuous threat monitoring across its AWS environment.
Xoxoday’s approach to infrastructure security starts at the network perimeter and extends through every tier of its cloud environment. All internal systems operate within a dedicated Virtual Private Cloud (VPC) on AWS, shielded by purpose-built firewalls that segment and control traffic at both the public-facing and internal layers.

Multi-Tier Firewall Architecture

Xoxoday deploys a multi-tier firewall model that separates what is exposed to the internet from what remains strictly internal. Public-facing firewalls apply strict allow-list rules before any request reaches application servers. Internal firewalls then govern lateral movement within the VPC, ensuring a compromise at one layer cannot cascade freely across the environment. This architecture reflects the defense-in-depth principle that underpins both ISO 27001 and SOC 2 Type II frameworks — standards to which Xoxoday aligns its security controls. Independent auditors verify these controls are in place and operating effectively as part of each certification cycle.

Intrusion Detection and Prevention

Beyond static firewall rules, Xoxoday operates Intrusion Detection Systems and Intrusion Prevention Systems (IDS/IPS) across its network. These systems inspect traffic patterns in real time, flagging anomalies and automatically blocking known attack signatures before they reach sensitive workloads. For enterprise customers running Xoxoday alongside HR platforms such as SAP SuccessFactors or Darwinbox, this active monitoring layer means data exchanged over API integrations travels through a continuously inspected, secured network path.

Amazon GuardDuty for Continuous AWS Monitoring

Xoxoday uses Amazon GuardDuty to provide intelligent threat detection across its AWS accounts. GuardDuty analyses CloudTrail logs, VPC Flow Logs, and DNS records to surface suspicious activity — including unauthorized access attempts, unusual API calls, and connections to known malicious IP addresses — without requiring additional infrastructure overhead. GuardDuty findings feed directly into Xoxoday’s security operations workflow, enabling rapid triage and response when anomalies are detected at the cloud account level.

Anti-Virus and Endpoint Protection

All internal systems within Xoxoday’s infrastructure are covered by dedicated anti-virus software. Endpoint protection policies enforce regular scanning and real-time threat detection, reducing exposure to malware and ransomware vectors that increasingly target SaaS supply chains. Taken together — firewalls, IDS/IPS, Amazon GuardDuty, and anti-virus — these controls form a layered security posture that Xoxoday maintains on a continuous basis, not as a point-in-time compliance exercise. Security and IT teams evaluating Xoxoday can request the latest audit reports to verify these controls are active and effective. Learn more: Xoxoday Help Centre — Vulnerabilities & Exploits

How does Xoxoday handle data encryption at rest and in transit?

Learn how Xoxoday encrypts data across storage and transport layers to prevent unauthorized access.

Is Xoxoday ISO 27001 and SOC 2 Type II certified?

Understand the compliance certifications Xoxoday holds and what they mean for your data security requirements.