All security incidents are managed through Autodesk’s Incident Response Plan, which is based on industry best practices and incorporates protective, detective, and corrective measures to quickly resolve product security and information security incidents.
What is an incident?
A security incident is one or more unwanted or unexpected information or product security events that could compromise the confidentiality, integrity or availability of information and weaken or impair business operations. These include but are not limited to:
Attempts (either failed or successful) to gain unauthorized access to a system or its data
Unwanted disruption or denial of service
The unauthorized use of a system for the processing or storage of data
The unauthorized changes to system hardware, firmware, or software characteristics
The identification of a software vulnerability in an Autodesk product or service
Improper public disclosure of confidential information
REPORT AN ISSUE
We are ready to respond to issues that you report to us.
When an incident occurs, our Security Incident Response Team works as quickly as possible to remediate the threat though our established process:
An issue is detected and escalated to us via one of our monitoring tools, an internal Autodesk team or from an external entity.
All escalated issues are assessed to verify if an incident has occurred.
Verified incidents are assigned a priority level and a remediation strategy is defined.
Incident categories provide a shared “measure” within Autodesk of the size and potential impact of the incident. By defining incident categories, Autodesk is able to set expectations as to the severity and response actions necessary to deal with the situation. Autodesk assigns incidents a reverse scale of priority, with one being the most critical and four being the least severe.
Autodesk’s first priority is then to isolate and contain the immediate threat.
We then work to eradicate the threat from our environment and validate that removal was successful.
In order to gain visibility into these advanced threats, specifically targeting our organization, we closely monitor our network borders for threat indicators. With this enhanced visibility, we gain insight into persistent suspicious activity, present cyber threats and ongoing exploits. This allows Autodesk to take proactive steps to defend against these threats with the appropriate incident response.
Autodesk’s Security Incident Response Plan centralizes all aspects of our response to provide cross-functional consistency between Product Security, Public Relations, Legal and Privacy. This team is committed to delivering a transparent response including timely and consistent communication with our customers.
When an incident occurs that requires customer attention, Autodesk will post Security Advisories to the Trust Center to communicate with our users and provide updates. In some cases, we may reach out to our customers directly by email. Please refer to the Security Advisories page for general security updates, patches and vulnerability information.