SonarX

SONARX SECURITY

Last Updated: December 11th, 2023

Our Mission

At Sonarverse Inc. ("SonarX," "Sonarverse," "we," or "us"), security is a core component of our mission to provide clarity and transparency in Web3. As the number one provider of high quality, institutional-grade blockchain data, we are dedicated to maintaining robust security protocols based on the best practices in data management. This page outlines said practices across various aspects of our operations.

Data Governance

The 4 C's inform our security and privacy policies:

  • Controlled Access: Access is granted based on the principle of least privilege, and limited to those with a valid business need.
  • Countermeasure Layers: Security controls implemented in layers and in accordance with the principle of defense-in-depth.
  • Consistency: Security controls are applied throughout all areas of the enterprise.
  • Constantly Improving: The implementation of controls is iterative, continuously maturing for improved effectiveness and increased auditability.

Information Security

  • Data at Rest: All data stores with customer data are encrypted at rest. Sensitive datasets and tables also use row-level encryption, ensuring that data is secure even before it reaches the database.
  • Data in Transit: We use TLS 1.2 or higher for data transmitted over potentially insecure networks. Features like HSTS maximize data security in transit. Server TLS keys and certificates are managed by trusted providers.
  • Secret Management: We manage encryption keys through secure key management systems (KMS). Application secrets are encrypted and stored securely using reputable solutions.

Security Assurance

  • Penetration Testing: SonarX engages with leading penetration testing consulting firms, ensuring all aspects of our product and cloud infrastructure are fully assessed. Summary penetration test reports are also available on demand to ensure transparency.
  • Vulnerability Scanning: SonarX enforces vulnerability scanning at key stages of our Secure Development Lifecycle (SDLC), including static analysis, software composition analysis, malicious dependency scanning, and continuous network vulnerability scanning.

Enterprise Security

  • Endpoint Protection: All devices undergo central management with mobile device management software and anti-malware protection. Endpoint security alerts are monitored around the clock to ensure a secure configuration.
  • Vendor Security: Our risk-based approach evaluates vendor security based on factors like access to customer data, integration with production environments, and potential impact on SonarX's brand.
  • Secure Remote Access: SonarX secures remote access using modern VPN platforms, and malware-blocking DNS servers are utilized for employee internet browsing protection.
  • Security Education: Comprehensive security training is provided to employees upon onboarding and regularly enforced through educational modules within SonarX's platform.
  • Identity and Access Management: SonarX uses industry-renown solutions for identity and access management for employees.

Customer Data Protection

Data privacy is a priority here at SonarX. We are committed to being trustworthy stewards of all sensitive customer data.

  • Regulatory Compliance: We continuously evaluate updates to regulatory and emerging frameworks to evolve our compliance program.
  • Privacy Policy: Our Privacy Policy provides transparency around our data handling practices.