We're Serious About Security

Liferay prioritizes security across every layer—from software and cloud infrastructure to customer protection. With certifications like ISO 27001 and SOC 2, built-in safeguards against common threats, and advanced features such as MFA, SSO, and fine-grained access controls, we help customers meet their compliance and privacy needs. 

For those facing advanced threats, our Liferay Premium Security for Liferay PaaS add-on offers enhanced DDoS protection and proactive vulnerability management. Security is core to how we build trust, so our customers can stay focused on their business.

Although Liferay provides top-tier infrastructure and security tools, keep reading to get five key security best practices every customer should follow to maintain a secure and stable deployment.

5 Security Best Practices for Liferay Deployments

1. Enable caching for the Document Library.

 Caching significantly reduces the load on your system by serving public files (like PDFs and images) efficiently through CDNs. This not only boosts performance but also protects your deployment during high-traffic conditions or DDoS attacks.

2. Stay up to date with Liferay DXP releases.

 Each new release from Liferay includes performance enhancements and security patches. Regularly updating your deployment ensures that you benefit from the latest optimizations and defenses.

3. Regularly update your Docker images.

 Using up-to-date Docker images ensures that your environment is protected against known vulnerabilities. If a critical or high severity security vulnerability is identified in the container image, Liferay will rebuild and provide a new version, keeping you secure.

4. Be vigilant about monitoring for vulnerabilities.

 Proactively monitor your systems for vulnerabilities. For Liferay PaaS customers, this is your responsibility—but the Premium Security add-on subscription offers valuable assistance by keeping you informed of the latest threats and providing actionable fixes.

5. Prepare for DDoS attacks.

 DDoS attacks can overwhelm your platform, especially during high-traffic events. Make sure you have response plans in place to mitigate risks. With Premium Security for PaaS, you get built-in DDoS protection as well as expert guidance on handling large-scale attacks.

Why Get the Liferay Premium Security Add-On Subscription

We partner with our customers to ensure that your deployment is both secure and optimized for growth. The Liferay Premium Security for Liferay PaaS add-on subscription empowers you to proactively protect your platform, providing you with the confidence to focus on your business while we handle the threats.

The Premium Security add-on is comprehensive, combining advanced DDoS protection, proactive vulnerability monitoring, and expert insights to ensure that your PaaS deployment remains secure and resilient.

Here’s a glimpse at what the add-on subscription offers:

• Proactive vulnerability monitoring. Stay ahead of potential threats with regular vulnerability reports. Liferay provides actionable guidance on self-run reports as well.
• Advanced DDoS protection. Ensure your environment is safeguarded against high-traffic attacks, ensuring uptime and reliability. This includes Machine Learning-based protection and Threat Intelligence rules.

Liferay Premium Security provides the added layer of security that many organizations need to focus on growth without worrying about unexpected threats. 

Reach out to your Account Executive today to learn how you can strengthen the security of your Liferay PaaS environment. Together, we can secure your digital solutions for now—and the future.