Threat Detection and Monitoring for Contract Data with DocuSign Monitor and Monitor API

By Abhijit Salvi, Sr. Director of Product Management and Hal Marcus, Product Marketing Director

Every organization stores critical data in its agreements. Agreements are foundational documents containing details about business relationships, assets, and how work will get done. DocuSign is built on the understanding that every organization needs an efficient way to prepare, sign, act on, and manage agreements. To protect contract data, threat monitoring, detection, and remediation have emerged as key requirements for managing agreements. 

Typically, businesses struggle to keep up with threats to their data. A study by the Ponemon Institute revealed that it takes an average of 191 days to identify a data breach once it has happened. As we talk to DocuSign customers that have grown to enterprise levels, it is clear that the threat of targeted attacks on corporate data is something to take seriously. Since these mature customers are housing critical agreement data with DocuSign, we recognize the criticality of listening to their feedback and supporting them with powerful threat detection tools. 

The DocuSign Agreement Cloud already adheres to key industry security standards, but a deployment is ultimately only as secure as the customer’s management of its accounts and activity. To empower our enterprise customers to manage their risk more completely, we’re pleased to introduce threat monitoring as an additional safeguard.


New threat detection from DocuSign — in beta now

DocuSign Monitor tracks account activity around the clock to provide a new layer of oversight for your system of agreement. It proactively detects external and internal threats to agreement data and processes and surfaces that information in near-real-time.  

The beta version of Monitor comes preconfigured to track over forty events and deliver three prebuilt alerts triggered by suspicious user activity: 

  • An administrator removing security policy from any user
  • A user failing 6 consecutive login attempts
  • A single user deleting 5 or more envelopes in an hour

And, like other DocuSign technologies, Monitor adds even more value by integrating with the rest of the important technology you already use. The DocuSign Monitor API enables developers to ingest the events and alerts directly into their existing security stack, including Security Information and Event Monitoring (SIEM) systems (like Splunk Enterprise or Sumo Logic) and visualization tools (like Tableau or Power BI).

These integrations build upon DocuSign’s mature and innovative telemetry infrastructure to provide organizations a high degree of visibility into their system usage and behavior patterns. They also enable an organization to customize visualized dashboards and build alerts specific to its needs and business environment.

Anticipated future developments for DocuSign Monitor include the use of advanced analytics to help prioritize potential threats and recommend remediation, including quick actions to expedite responses like shutting down an account that may be compromised.


Join the DocuSign Monitor beta today

We’re excited to offer customers this new tool to monitor and detect potential security breaches. DocuSign would like to extend an invitation to join the beta to customers that want to help us make Monitor even better. 

Request participation in the beta program. The DocuSign Monitor team will evaluate your request and reach out to those who qualify to enable DocuSign Monitor in their demo environment. 

DocuSign Monitor is designed to help DocuSign customers secure their critical agreement information. In these early stages, we’re eager to partner with our beta customers to develop strong detection and remediation tools together.


Additional resources