Security

Platform Security Architecture

VIPER is built on a security-first architecture designed to protect your most sensitive data while providing real-time threat detection and response capabilities.

Data Encryption

• In Transit: TLS 1.3 encryption for all data transmission with perfect forward secrecy
• At Rest: AES-256 encryption for all stored data and backups
• Key Management: Secure key rotation and management practices

Infrastructure Security

• Cloud Infrastructure: Hosted on enterprise-grade cloud infrastructure with global CDN delivery
• DDoS Protection: Cloudflare Workers for webhook ingestion with advanced DDoS mitigation
• Database: PostgreSQL with automated backups (hourly incremental, daily full)
• Email Service: Transactional emails via Resend with SPF, DKIM, and DMARC configured
• Webhook Domain: Dedicated webhooks.gardiensecurity.com with rate limiting and signature verification
• High Availability: 99% uptime SLA with automatic failover and disaster recovery

Multi-Factor Authentication (MFA)

• TOTP Standard: RFC 6238 compliant Time-based One-Time Password authentication
• Compatible Apps: Works with Google Authenticator, Microsoft Authenticator, Authy, and all TOTP apps
• Backup Codes: 10 single-use backup codes for account recovery
• Encrypted Secrets: MFA secrets encrypted with AES-256
• Organization Policy: Optional per user or enforced organization-wide (Enterprise)

Role-Based Access Control (RBAC)

• Owner: Full system access, user management, billing, and all settings
• Admin: Manage investigations, users, integrations, and organization settings
• Analyst: Create and manage investigations, view dashboards, access all investigation features
• Read Only: View-only access to investigations and dashboards
• SSO Integration: Enterprise plans support SAML 2.0 and OAuth 2.0 for single sign-on

Access Controls & Authentication

• API Keys: Per-tenant API key authentication for webhook ingestion
• Multi-tenancy: Complete data isolation between customer environments
• Audit Logging: Comprehensive audit trails for all access, changes, and external shares
• Session Management: Secure session handling with automatic timeout and device tracking

Security Monitoring

• 24/7 SOC: Dedicated security operations center monitoring our infrastructure
• Threat Detection: Real-time anomaly detection and automated alerting
• Incident Response: Defined procedures with <1 hour response time for critical issues
• Security Intelligence: Continuous threat intelligence integration

Application Security

• Secure Development: Security-first SDLC with code review and testing
• Vulnerability Management: Regular security assessments and penetration testing
• Dependency Scanning: Automated scanning of third-party dependencies
• Bug Bounty: Responsible disclosure program for security researchers