Drupal Steward

Drupal Steward

Drupal Steward is a paid service from the Drupal Association and Drupal Security Team providing a globally distributed web application firewall which can protect Drupal sites from highly-critical vulnerabilities.

Drupal Steward acts as a network-level mitigation of certain types of highly-critical vulnerabilities that might be identified in Drupal core. In layman's terms, by using Drupal Steward you will have a "virtual patch" put in place to secure your site from certain vulnerabilities, giving you the time you need to update. Not all security issues can be mitigated in this way, but most of the highly-critical vulnerabilities in Drupal core's history could have been mitigated with this solution.

Peace of mind

Security is the #1 concern that keeps me up at night. If I can spend a small amount to safeguard our user's data, and at the same time protect my team from long hours and and late nights on a highly critical patch day - you can bet I'm going to do that.

—VP of Engineering at a major pharmaceutical company

Reduce risk and save

Drupal Steward On-call security updates A breach
Update on your time

With Drupal Steward, you are protected from highly-critical vulnerabilities, and can update your Drupal sites on your own time, aligning with your existing change management and update schedules.

Drupal Steward is an affordable solution, scaling based on traffic. A site with 1 million http requests per month will pay less than $20/mo, and a site with over 10 million monthly requests will still pay less than $100/mo.
Keeping a team on-call is a significant expense.

Notice of an upcoming security release means disrupted roadmaps, teams put on call, and quite possibly overtime hours.

Not only does your IT organization have to be on-call waiting for the patch to drop, they must perform all of their change management processes, testing, and validation out of band with their normal schedule.

For an organization with 20 sites to update, a highly-critical release window can easily cost thousands of dollars in unplanned engineering time.
If your team doesn't update in time?

A compromised site means notifying users of data breach, regulatory penalties and fees, and a lengthy engineering process to regain control and rebuild.

At an enterprise-scale, the cost of a highly critical breach can easily run into the millions of dollars.

Partners

Platform Partners

These major Drupal hosting companies provide Drupal Steward coverage on their platform:

     

Supporting Partners

These Drupal agencies are trusted supporters of the Drupal project and Drupal Association, and are authorized to help you get set up on Drupal Steward:

Complete the setup process

Instructions to complete the setup process

FAQ

Frequently asked questions about the Drupal Steward program, a joint program between the Drupal Security Team and the Drupal Association

Guide maintainers

hestenet's picture