NTAS: Security

We take the security and confidentiality of your data very seriously. Here are details of the measures we take.

Personnel

Our analysts are subjected to security screening. Full details of the checks undertaken are available to registered users on request.

Email

We use two individual scanning systems to ensure that we do not send or receive malware. Details of the systems we use are available on request from a registered user.

Account Security

We require all new accounts to be validated via email. We monitor the use of accounts and retain the right to disable an account if we feel that it’s being used in a way that might threaten security.

Data Upload

Our upload mechanism encrypts data using 256-bit SSL (RSA-2048 encryption and SHA-256 hashing algorithms) and every upload requires user authentication. We can’t control the content uploaded, you have sole responsibility for meeting your organisation’s data governance demands and any regulatory requirements. However, we treat all uploaded data as though it contains sensitive information.

Data Download

This is not possible. For enhanced security, we operate a one-way transfer system – upload only.

Virus Scanning

Uploaded data is scanned prior to and during analysis.

Data Storage

Your data is uploaded and stored within our cloud service hosted by Amazon Web Services in the EU region. To restrict access to the data we use the enterprise-class security measures that AWS provides. The data is stored in an encrypted format to limit the visibility to authorised users, and only unencrypted during analysis. In decrypted form, it remains within the secure AWS environment.

Confidentiality

The data remains within our AWS environment at all times, and we never share the data content with others. We never share the content of emails or reports that we generate for you with anyone other than those you have authorised to receive such information.

Isolated Analysis

We use our own analyser toolkits within a sandbox in the AWS environment. At the start of each project we create a new analyser image. This eliminates the risk of data cross contamination.

Anonymised Packets

You have the option of removing all payload data from packets prior to upload using a tool such as TraceWrangler. You can also use this tool to anonymise IP addresses. We are happy to work with data that has been anonymised, but there are a couple of points to note:

  1. Removing the payload may limit the information we can provide back to you. For example, if we find a slow database response we will typically tell you which query or stored procedure is slow. Obviously we can’t do that if all packet payload is removed.
  2. If the IP addresses are anonymised, you and your team will need to transpose all references to IP addresses that you send to us, such as in input to the portal and subsequent emails.

If you do anonymise the data, please start the anonymisation above the transport layer, i.e. don’t strip the TCP or UDP headers. We need the transport protocol detail to deliver meaningful results.

Packet Slicing

An alternative way to remove packet content is to slice the packets, either while capturing or by post-processing the captured data. We can work with sliced packets in the same way as we can work with anonymised packets, with the same points noted above. Please make sure that the slice length is adequate to include the transport layer header.