DocumentationAPI ReferenceRelease Notes

Data Storage and Retention

Suggest Edits

How does Panoptica store, secure, and retain data?

As a security company, we treat the data we hold very carefully and perform all possible precautionary steps in order to protect it. We are SOC2 compliant and perform regular penetration testing on a bi-annual basis. Our backend API is under enforcement of all OWASP top 10 security policies, and our data is stored in two different DBs, never shared between customers. Each tenant account is protected via WAF to only allow specific geolocations access.

Storage

All data is stored in two different databases, with scheduled backups and encryption.

  • The first one is the NoSQL database holding the raw data for backend analytics. This database is encrypted and accessible only via a jump server (SSH) to our R&D team.
  • The second one is the SQL database with virtual multi-tenant (different schema for each client). This database is encrypted and accessible only via our backend API server.

Account Access

  • Each client has access only to their own tenant, with a dedicated user and access management roles and permissions.
  • You cannot grant access from one tenant user to another.
  • The tenants are protected via WAF enabling only specific geo locations to access.

Protection

The backend API is under enforcement of all OWASP Top 10 security policies

  • The system goes through penetration testing every six months. The report can be shared upon request.
  • We leverage 3rd party SAST solutions to secure our code
  • All access to our development platform protected via MFA only for our authorized users
  • We are in the process of SOC2 compliance

Retention

Data related to Attack Path Analysis and Security Posture are cleared from the backend by a cleaning task which runs at the start of every of month. The task removes records older than 60 days, meaning this data is retained for 60 to 90 days

Smart CDR data is available to query for 90 days.

The snapshots that are taken of your cloud instances for CVE and malware scanning are deleted immediately after they are analyzed. Only the detected CVEs are saved in your tenant DB.


Data TypeRetention Period
Attack Paths60 to 90 days
Security Posture Findings60 to 90 days
Smart CDR90 days
Snapshots of Cloud InstancesDeleted after analysis

Updated 10 days ago