To preserve the integrity of your data, we implement real-time threat-detection tools to proactively track and retroactively investigate unauthorized access.
Firewall protection is implemented at the network, host, and application level.
- Network: This includes network ACL and firewall rules of the platform host (e.g., AWS, Google Cloud).
- Host: Local firewalls are enabled on user endpoints, as well as on servers. Firewall rules protect compute and database instances.
- Application: Web application firewall (WAF) and content distribution are configured at the application layer to protect against common web application attacks (e.g., cross-site scripting, injection, and denial-of-service [DoS] attacks).
- We scan for malware within the infrastructure at the host and file level.
- We perform workload protection for continuous monitoring, collection, and behavioral-based monitoring.
- Internal scans are done on images as they're deployed.
- Intrusion detection is provided in real time on production systems.
- We create WAF web-ACLs with IP sets to bypass filtering for Redox-owned IPs.
- A security information and event management (SIEM) is used for log management and correlation.
To detect a potential data breach, we look for suspicious activity and behavior across all systems, 24/7. This includes analyzing and correlating our platform host's logs for anomalies, configurations, or changes outside the baseline, unusual user behavior, and account activity/creation.
We use multiple services to monitor breached accounts, including any Redox accounts found on the dark web, chat channels, and forums.
Finally, we install managed detection and response (MDR) on all our platform host endpoints. We immediately stop or report any atypical commands executed on the hosts.
We use audit logs to identify unusual user activity or connections originating outside the United States. Security analysts investigate anything of interest.
We keep these logs as per our data retention standards. View Redox data retention standards.