How we connect to your network
ThreatSabre deploys a single lightweight agent inside your own network. It makes outbound HTTPS connections only — no inbound access to your network is ever required — and reads your Fortinet devices through their management APIs using a read-only account you create and control.
Sensitive values are redacted inside your network before any data is sent to us, so what we analyse is configuration and posture data, not your traffic, credentials, or user activity. Every one of these controls is verifiable on your side: you create the read-only API user, you restrict where the agent can connect, and you can route its traffic through your own inspection proxy to confirm exactly what leaves.
Data encryption
All customer data is encrypted at rest with AES-256 and in transit with TLS 1.2+. Sensitive credentials such as device API keys are encrypted again at the application layer (AES-256-GCM) before they are ever stored.
Access control & authentication
Role-based access control scopes what each user can see and do, and your data is isolated to your organisation. Multi-factor authentication is mandatory for all users, with least-privilege access applied throughout the platform.
Secure development & testing
We follow a secure development process, with peer review and automated vulnerability scanning built into our pipeline. The platform is independently penetration-tested, with findings remediated and verified.
Network protection
Public traffic is protected by a web application firewall and always-on DDoS mitigation. Malicious and anomalous requests are filtered at the edge before they reach the platform.