logo

Privacy and Security Statement

Last updated 29 Feb, 2024

Welcome to Metron Security!

Metron Security's Privacy and Security statement details the company's practices regarding data collection, usage, and storage for anyone interacting with the site. Owned and operated by Metron Security LLC, the statement aims to inform users about how their personal and other information is handled. It focuses specifically on data gathered directly from user engagement on the website: www.metronlabs.com

Email: connect@metronlabs.com

1.

Managing Your Information and Communication Preferences with us

We value your privacy and want you to feel in control of your information. Here's how you can manage your communication preferences and access your data with us:

Opting Out of Marketing Communications:

We may use your contact information to inform you about new products, services, or upcoming events. However, we understand that you might not want these communications.

  • To opt out of all marketing calls, emails, and postal mailings: Simply send us an email at the address mentioned above, stating your preference to unsubscribe.

Accessing and Correcting Your Information:

You have the right to access and update your personal information stored with us.

  • To access your information: Send us an email at the address above, requesting a copy of your data.
  • To correct any inaccuracies in your information: Reply to any of our emails with the corrections you wish to make, or send us a separate email detailing the changes needed.

2.

Cookies and Tracking Technologies

To ensure a smooth and user-friendly experience, our website utilizes several technologies in the background. Here's a breakdown:

Session Cookies: These temporary cookies vanish upon closing your browser and remember your actions within the current session.

Scripts and Tags: These tiny code snippets perform essential tasks. Scripts may handle functionalities like search bars or interactive elements, while tags often track website usage anonymously, helping us understand browsing patterns and improve user experience.

Aggregated Statistics: By collecting anonymous data (not tied to individuals), we gain valuable insights into website traffic and user behavior. This helps us make informed decisions to optimize the site and cater to your needs better.

Collaboration with Partners: To offer advanced features or personalized experiences, we may work with trusted partners like marketing agencies or analytics providers. However, we strictly control data sharing and ensure all partners adhere to our stringent and rigid privacy standards.

3.

Email

When you contact us using email, be mindful of the information you share. This includes any personally identifiable details like your name, address, or contact information. While we'll only retain your data for as long as needed to handle your request, emails inherently carry some security risks. For truly sensitive information, consider alternative methods like:

  • Secure online forms: Many organizations offer secure online forms with encryption in place, providing an extra layer of protection for your data.
  • Phone calls: If authorized, opting for a phone call with a representative might be suitable for sharing more sensitive details directly.
  • Mailing: For physical documents or highly confidential information, sending them via secure registered mail could be an option.

Safeguarding your privacy is crucial. Choosing the appropriate communication method based on the sensitivity of the information ensures your data remains secure.

4.

Form Submission

When you actively submit your contact information through an inquiry form, we securely store it to facilitate communication and future interactions. Rest assured, your data remains confidential and never gets sold or shared with third-party organizations. However, we do utilize this information to keep you informed about relevant news, updates, and promotional offers from Core Technologies. Remember, you're always in control! If you prefer not to receive these communications, simply opt-out using the designated option readily available within our emails or by contacting us directly. We respect your preferences and will ensure you only receive updates you specifically request.

5.

Security

At Metron, safeguarding your data is paramount. As a cybersecurity company, we understand the potential consequences of a breach and the trust you place in us to protect your information. That's why we go above and beyond, implementing cutting-edge security tools, comprehensive processes, and the fundamentals of information security management.

While we described the overall philosophy behind our security measures, we understand you deserve a closer look. Here's a breakdown of the specific controls and approaches we take to secure every aspect of your data, from the physical environment to digital vaults and proactive threat detection:

5.1

Continuous Security Monitoring

We leverage our expertise by turning these insights into immediate action. We leverage our services on our internal systems, conducting regular and rigorous penetration testing. This closed-loop approach allows us to rapidly discover and address newly identified vulnerabilities before they can be exploited by malicious actors.

Benefits for our clients:

  • Enhanced Security: By staying ahead of threats through continuous self-testing, we refine our vulnerability analysis solutions, ensuring they provide comprehensive protection for your systems.
  • Faster Response: Proactive identification of vulnerabilities means we can address them swiftly, minimizing potential damage and downtime.
  • Trustworthy Expertise: Our commitment to self-testing demonstrates our confidence in our solutions and underscores our dedication to staying at the forefront of cybersecurity.

5.2

Endpoint Protection

Metron Security recognizes that modern threats require a layered defense. While state-of-the-art anti-virus and anti-malware form a crucial foundation, they're just one piece of our comprehensive next-generation endpoint protection strategy.

We go beyond basic virus detection by incorporating:

  • Advanced Behavior Analysis: This detects and blocks suspicious activities, even from unknown malware, preventing infections before they can take hold.
  • Network Intrusion Detection: We monitor network traffic for unauthorized access attempts and data breaches, safeguarding your systems from external threats.
  • Application Control: We restrict the execution of unauthorized applications, preventing malware disguised as legitimate programs from causing harm.
  • Endpoint Hardening: We configure your systems to minimize vulnerabilities and reduce the attack surface for potential threats.

This multi-layered approach provides in-depth protection against diverse threats, ensuring your endpoints remain secure in today's complex cyber landscape.

5.3

Transport Encryption

At Metron Security, safeguarding your information is paramount. We implement robust security measures at every level, and here's a closer look at two key elements:

1. Banking-Grade Encryption for Secure Data Transfer: We utilize industry-leading 128-bit AES Transport Layer Security (TLS) encryption for all communications involving customer data or controlling our infrastructure. This encryption standard, widely used in the banking industry, ensures that even if intercepted, your data remains unreadable.

2. Granular Access Control and Auditing for Privileged Users: All privileged users, those with elevated permissions to access customer data, are assigned individual accounts. This ensures clear accountability and allows for comprehensive auditing and logging of their actions. Every interaction with customer data is meticulously recorded, providing a clear trail for monitoring and identifying any potential unauthorized activity.

We continuously evaluate and upgrade our systems, employing cutting-edge technologies and best practices to ensure your data remains secure at all times.

5.4

Detection

At Metron Security, we understand the constant threat posed by active attacks and take proactive measures to protect your data. Beyond basic firewalls, we employ a robust arsenal of industry-standard intrusion prevention techniques designed to detect and block malicious activity in real time.

5.5

Backups

At Metron Security, we understand that safeguarding your data extends beyond intrusion prevention. That's why we implement a comprehensive backup and recovery strategy to ensure your information remains secure and accessible, even in the face of unforeseen events.

Regular Backups:

  • We perform frequent backups of your and our business data at regular intervals, ensuring critical information isn't lost due to hardware failures, software malfunctions, or even cyberattacks.

Geographically Dispersed Storage:

  • We don't store all our eggs in one basket. Your backups are securely stored in a distinct cloud region, geographically separate from our primary data center. This geographically dispersed storage strategy minimizes the risk of data loss due to regional disasters or outages, providing an additional layer of redundancy.

Tested and Ready Recovery:

  • We don't just create backups; we ensure they're functional and recoverable. We conduct regular disaster recovery drills and test restores to verify the integrity of our backups and the efficiency of our restoration process. This ensures we can swiftly recover your data and minimize downtime in case of any emergency.

5.6

Storage Encryption

We go beyond industry standards to ensure its protection, even in the event of unfortunate circumstances. Here's how we achieve this:

Full-Disk Encryption for All Devices:

We understand the risks associated with stolen or lost devices. That's why we implement full-disk encryption as standard practice on all organizational devices. This means every device, from laptops to servers, utilizes advanced encryption algorithms to scramble data stored on its hard drive. Even if a device falls into the wrong hands, the data remains unreadable, safeguarding your sensitive information.

Cloud Volumes for Customer Data:

We recognize the growing trend towards cloud storage and leverage its benefits while prioritizing security. We utilize secure cloud volumes specifically designed for data encryption and access control. This ensures your data resides in a highly secure environment, protected by robust security measures beyond our infrastructure. By combining full-disk encryption and secure cloud storage with additional security measures, Metron Security creates a multi-layered defense for your data. We offer peace of mind knowing that your information is protected even in unforeseen situations, allowing you to focus on your business goals with confidence.

5.7

Access Reviews

We understand the critical role of human security, and that's why we implement a rigorous access control framework with a key focus on regular employee privilege reviews.

We regularly review employee privileges to ensure they only have access to the data they need for their specific role. This approach, combined with the principle of least privilege and continuous monitoring, minimizes the risk of unauthorized access and keeps your data secure.

5.8

Strengthened Structures

At Metron Security, safeguarding your data extends beyond traditional security measures. We implement a multi-layered approach to protect your information, starting with the very foundation of our applications. Here's how we fortify our application servers:

Strengthened Builds:

Our application servers utilize "hardened builds", meaning they are stripped down to essential components, removing unnecessary software and functionalities that could introduce vulnerabilities. This minimizes the attack surface and reduces potential entry points for malicious actors.

Granular Access Control:

We implement strict access control for application and deployment accounts. These accounts only have access to the resources they need to perform their designated tasks, preventing unauthorized exploration of the operating system or network.

Root Rights Restricted:

We operate with the principle of least privilege, meaning software is never executed with root rights unless necessary and under strict supervision. This minimizes potential damage if a vulnerability is exploited, as attackers wouldn't have access to the entire system's privileges. These combined measures create a robust defense system for our application servers, minimizing the risk of data breaches and unauthorized access.

5.9

Secure Coding

We believe secure applications are the foundation of robust data protection, and that's why we build security into everything we do. Here's how:

Rigorous Secure Coding Practices:

Our developers follow industry-leading secure coding standards, employing best practices that inherently minimize vulnerabilities and reduce the risk of exploits. This ensures that every line of code is written with security in mind, creating a strong foundation for data protection.

Multi-Pronged Security Checks:

We believe in a layered approach to security. Every piece of code undergoes exhaustive manual reviews by experienced security professionals who have a keen eye for identifying potential weaknesses. But it doesn't stop there. We also utilize advanced automated scanning tools that meticulously analyze code for even the most obscure vulnerabilities.

5.10

Two-factor Authentication

Metron Security takes a proactive approach to safeguarding your data, understanding the ever-present threat of cyberattacks. One key layer of defense we employ is two-factor authentication (2FA) for all corporate accounts. This added security significantly hinders various attack methods, including:

Phishing Emails: With 2FA in place, even if a clever phishing attempt tricks you into entering your password, attackers are still blocked from accessing your account. The additional authentication step, often a code sent to your phone or generated by an app, acts as an impassable barrier for unauthorized entry.

Credential Stuffing: Criminals often collect login credentials from data breaches and attempt to use them on different platforms. However, 2FA requires more than just a stolen password. Even if your credentials are compromised elsewhere, attackers remain locked out without the additional authentication factor, significantly reducing the risk of unauthorized access.

Account Takeover: Unsecured accounts can be vulnerable to attackers gaining access. With 2FA in place, even if they manage to steal your password, they're still unable to fully compromise your account. This crucial second authentication step buys us precious time to detect and respond to the attempted breach, minimizing potential damage and protecting your sensitive information.

5.11

Anti-virus and Anti-malware

Beyond basic firewalls, we implement a comprehensive endpoint protection solution that includes industry-leading anti-virus and anti-malware capabilities.. This ensures your information remains secure, even against evolving threats.

Industry-Leading Solutions:

We leverage industry-leading anti-virus and anti-malware technologies recognized for their effectiveness in detecting and blocking both known and emerging threats, acting as a vigilant sentry, and continuously scanning your systems for suspicious activity. Its advanced detection methods go beyond simple signatures, employing behavioral analysis to identify and block even unknown malware before it can harm your systems.

Proactive Threat Detection:

Our solutions don't stop at signature-based detection. They utilize advanced behavioral analysis to proactively identify and block suspicious activities, even from unfamiliar malware.

Real-Time Protection:

We adopt a "better safe than sorry" approach. Our systems provide real-time protection, constantly monitoring your endpoints for potential threats and automatically taking action to quarantine or remove them before they can cause harm.

Continuous Updates and Monitoring:

The cyber threat landscape is constantly evolving, and so is our defense. We ensure our anti-virus and anti-malware solutions remain effective against the latest threats through regular updates. Additionally, our security team continuously monitors system activity and threat intelligence to identify and address emerging vulnerabilities.

5.12

Least Privilege

Beyond firewalls and encryption, we firmly believe in the principle of least privilege, ensuring that every employee has access only to the specific information and systems they need to perform their job duties. This philosophy, akin to issuing personalized keys to specific vault compartments, ensures minimal vulnerabilities and maximizes data security.

Why Least Privilege Matters:

Reduced Attack Surface: By granting minimal access, we significantly shrink the potential attack surface. Even if a breach occurs, the damage is minimized as unauthorized users wouldn't have access to sensitive data beyond their immediate needs.

Enhanced Data Security: Limiting access significantly reduces the risk of both accidental and malicious data leaks. Each user only handles the data relevant to their tasks, minimizing exposure and potential compromises.

Improved Accountability: With granular access control, each user's activity is easily traceable, fostering a culture of accountability and responsibility for data protection. Everyone understands their limitations and the importance of handling information diligently.

SOC 2 Type 1 & Type 2

To demonstrate our unwavering commitment to its security, we've proudly achieved both SOC 2 Type I and Type II compliance. This rigorous audit, conducted by an independent AICPA-approved auditor, provides independent validation of our robust security practices, policies, procedures, and operations.

Understanding SOC 2:

The SOC 2 report focuses on a service organization's internal controls related to Security, Availability, Processing Integrity, Confidentiality, and Privacy (AICPA's Trust Service Principles).

Our SOC 2 Achievements:

  • SOC 2 Type I: This report provides a point-in-time snapshot of our controls, verifying their design and suitability to achieve the specified Trust Service Principles. It essentially confirms we have the security measures in place for data protection.
  • SOC 2 Type II: This report goes beyond design, offering a comprehensive assessment of our controls' operating effectiveness over some time, typically 3-12 months. It showcases that our controls not only exist but also function as intended, offering a higher level of assurance.