The Rumble agent encrypts all communications with the Rumble infrastructure using TLS. You can find the SSL Labs report cards for critical services below:
Rumble uses an Extended Validation Authenticode certificate to sign all Windows executables. All Rumble executables also contain an embedded ED25519 signature, which can be verified with the Rumble Verifier.
Rumble supports multi-factor authentication (MFA) for the Rumble Console through FIDO2-compatible (WebAuthn) security tokens, such as the Yubico YubiKey and the Google Titan key.
Rumble supports Single Sign On (SSO) via SAML/2.0 and has been tested with Okta, Auth0, GSuite, Office365, and Shibboleth. SSO is available to all customers at no additional cost.
Rumble uses AWS (us-east-2) for all infrastructure. All storage is encrypted at rest using AWS-managed keys. User credentials are hashed using
bcrypt and encrypted using
AES-256 in GCM mode with an encryption key stored separately from the database.
Rumble has been developed with security best practices in mind. For additional details about the platform architecture and to see a copy of our last penetration test, please contact us.