Security is our culture.

Mission critical industrial control systems are in our trust every day. That’s serious.

We believe transparency is important for security. When you do business with Dispel, you should feel comfortable knowing that your systems are more secure than before.

On this page, you will find our organizational security at Dispel, the security we provide you, and our specialty: Moving Target Defense.

Download

Do you prefer reading a document instead?

Dispel's security white paper walks you through the nitty gritty of our security culture, practices, and compliance.

Download White Paper
Image showing a screenshot of the security white paper

Internal Security

The Security We Practice

Dispel regularly undergo audits by penetration testers, and our customers make sure we’re on the top of our game.

  • DSS Logo

    NISP Operating Manual

  • GDPR Icon

    GDPR

  • USDOC Logo

    Exportable

Many of our security practices are aligned to the DoD 5220.22-M. We are also GDPR-compliant, and exportable.

Organizational Security

Personnel Security

Access

Dispel’s personnel practices apply to all employees and contractors who make up the Dispel workforce. All workers are required to understand and follow internal policies and standards.

Prior to access to Dispel systems, workers agree to confidentiality agreements and consent to background investigations. The depth of a personnel security investigation depends on the kind of access the individual may have. Workers also attend regular security awareness training, including topics such as device security, avoiding phishing, data privacy, physical security, incident reporting, and workplace ethics.

Upon termination of work at Dispel, all access to Dispel systems is removed immediately.


Training

Dispel provides all employees with security training and briefings commensurate with their involvement with sensitive information. This training covers topics such as general security awareness, device security, insider threat awareness, reporting requirements, and data protection. Workers are encouraged as part of the culture to personally verify identities when access requests are made.


Ownership

Cybersecurity is geopolitical. Dispel is sensitive to the risks associated with possible foreign ownership and influence. To that end, we have taken the following steps:

Our core technology is developed on U.S. soil. Technology areas with lesser security requirements, such as our informational website, may be developed in both U.S. and allied territories. Dispel does not outsource software development.Our engineers are U.S. citizens or authorized for employment by the U.S. Government.

Some of our systems use open source software, which we do not control. When we use open source software, we reasonably update which software is used in a publicly available list.


Roles

Dispel has defined roles and responsibilities to distinguish which personnel have security obligations and responsibilities. At the center of our security efforts is the Dispel Security Team. These personnel are responsible for supervising and directing security measures necessary for implementing applicable requirements for sensitive information.


Workstations

Access to Dispel workstations are secured by video surveillance, locks, keyed access, and intrusion detection systems as appropriate for the sensitivity of the material handled at the relevant facility.

All computers used by workers are configured to comply with our standards for security. These standards require all computers to be properly configured, kept updated, and run security monitoring software. When new workers start, their computers are configured to encrypt data, have strong passwords, restrict remote access, and lock when idle. Computers run up-to-date monitoring software to report and detect potential malware and malicious activity.


Policies

Dispel has internal policies we maintain in order to safeguard information, and create a culture of trust and security awareness. This document is among those. Through culture and policy, our security documents help Dispel workers operate reliably and ethically. These policies are living documents, and are updated and made available to all workers to whom they apply.

Audits, Compliance, and Independent Assessments

Audits

When appropriate for meeting a particular standard, Dispel undergoes independent audits of our procedures and facilities. When appropriate and with approval, some customers also perform their own security audits of our technology. Our Security Team works with other companies' security and architecture teams to make sure we address questions prior to a deployment.


Penetration Testing

We undergo regular independent white box penetration testing. The results of these tests can be made available under a non-disclosure agreement.


Compliance: SOC 2,
ISO 27001, & GDPR

Dispel maintains security risk management policies supporting SOC 2, ISO 27001, and GDPR. We do not hold SOC 2 and ISO 27001 certifications, but will work with clients in completing their SIG questionnaires.

Dispel does not maintain its own data centers, and instead utilizes third-party cloud providers. Those providers often do hold additional certifications beyond what Dispel has. In circumstances where clients use their cloud credentials in Dispel, we will use those credentials as directed to provision resources for the client.

Technological Security


Code Review and Handling

Dispel uses version control software to store code. We try to push code to production as often as safely possible, so bugs get fixed quickly. We like to have second sets of eyes look at code. When code moves from a feature branch to staging to production, it is subject to a code review when the pull request is made to merge the branch into staging.


Network Security

Dispel divides its networks into separate infrastructure in order to protect more sensitive information. Systems supporting testing and development environments are distinct from production environments. Access and credentialing to production systems and databases is restricted to engineers with specific business requirements.

Network access to production systems are isolated to protocols needed to support the applications. System logs are generated and stored in accordance with customer requests, for alerting and monitoring. For that reason, Dispel security and engineering teams receive notifications depending on state and status of Dispel network infrastructure.


Authorization

Dispel employs a system of least trust when granting systems access in order to minimize the risks of a data breach and the possibility of insider threat. Dispel grants access to code repositories, billing systems, customer relationship management tools, email servers, and cloud environments based upon business requirements.

Workers must request access from their manager or responsible owner when seeking to escalate privileges. When workers no longer require access, their credentials are revoked. Access audits are conducted quarterly to determine if granted accesses are still necessary.

Authentication

Least Trust

Dispel requires the use of approved password managers. Password managers help prevent the re-usage of passwords and reduce the chance that passwords are physically written down. They also reduce the risk of successful phishing attacks.

To further minimize the risk of unauthorized access, Dispel requires multi-factor authentication on systems containing more sensitive information. Where applicable, Dispel uses private keys for authentication. Where SSH keys are used, access is restricted to individuals with business requirements necessitating knowledge of those SSH keys.

When credentials are transmitted between workers, encryption methods such as public-key cryptography or out-of-band transmission are used. When credentials are encrypted using public keys for transmission, data transit is still conducted under encrypted protocols. In production environments requiring the highest level of security, single-tenant systems are provisioned without root access and will not provide access credentials to anyone.


Engine Surety Tamper
Control and Detection
Program STCDP

For clients who want to restrict access to their dedicated Engines, Dispel uses the Two-Person Concept (TPC) for tamper control measures. TPC is designed to make sure that neither the client nor Dispel peronnel can perform an unauthorized procedure on the Engine without the others' knowledge. Engines under the STCDP are stationed behind a jump host whose access keys are held by the client. Access keys to the Engine are held by authorized Dispel personnel. The client must open an access tunnel on the jump host for the Dispel personnel to route through to the Engine.


Incident Response

If a security incident is detected, Dispel's computer security incident response team (CSIRT), which is part of the Security Team, will respond. The CSIRT's goal is to minimize and control the damage resulting from incidents by responding and recovering, and subsequently putting in corrections to prevent similar future incidents from taking place.

Product Security

The Security We Make

Dispel meets multiple enterprise security requirements with an industry-leading security program.

  • NIST Logo
  • ISO27001 Logo
  • PCI Logo

We help customers align towards each of these frameworks.

Product Security


Data encryption
in transit and in rest

Dispel transmits information over the public Internet. We protect data in transit with strong encryption, reviewing and updating to employ the latest cryptographically reliable cipher suites.

For example, at this time, when you are connected to your Dispel services through our client application or a hardware device, and for internal server-to-server transmissions, we use two layers of cascade ciphered AES-256-CBC with independent 4096-bit RSA keys for the initial key exchange. Keys are typically generated by segmented compute systems designed with randomness in mind, and distinguished between clients.

When you are using one of our browser-accessible applications, we employ AES-256-GCM encryption. These may be secured using SHA-256 with 2048-or 4096-bit RSA keys, depending on the security requirements of the application. This means many communications through Dispel are protected by three layers of encryption. We encrypt data multiple times, using different ciphers, for several reasons. As one example, by using different ciphers encrypted data is less susceptible to a zero day flaw that could affect both at the same time.


LDAP user
management

With enforced MFA through ToTP and hardware tokens, single sign-on, and Active Directory integration. Granular user permissions are defined on a per-Enclave basis according to the principles of Least Privilege.


Single-tenant provisioning

With rare, explicitly stated exceptions, Dispel production environments are single-tenant for each customer. This prevents one client from abusing the information they have about their Dispel network in order to attempt to attack another client on the same system. It also means any threat is segmented to a per-client minimum attack vector.

Client data is encrypted at rest in file systems, but client machines are usually active and therefore those drives are mounted in the OS. The hardware is subject to physical safeguards.


Custom logging
and retention

You choose what information to keep, and we burn the rest. All of our components speak syslog, which we can consolidate and forward to a central SOC or SIEM according to customer requirements.


Geo-location management

Dispel can be deployed across 250+ global datacenters. You choose where you want your servers to be. Or, you choose a region, and we’ll randomize within it.


Clear environments
after you‘re done

As we like to say, we don’t just lock the door behind you, we remove the door entirely. As your systems are always rotating through new machines, the old ones are formatted clean.


Security We Champion

Moving Target Defense

How we create proactive cyber security.

Cybersecurity has long been taught as an exercise in building a castle which, over time, is enhanced by further walls, scouts, guards, and mazes. As is the case in the physical world, such cyber defenses don’t move, and are relatively easy to find. The result is a reactive defensive structure wherein the attacker has the advantage of time.

The solution in the physical world was to stop building castles and start protecting assets by moving them around, ideally in mediums where they were difficult to track. This strategy is called Moving Target Defense.

Dispel’s patents allow us to implement moving target defenses at a network level.


It's not static. That was a big deal for us.

Will PerezDirector of Information Security at ConnecticutWater

Connecticut Water Logo

With moving target defense, you get:

  • Dynamic Defense

    Static networks give your adversary time to find and exploit weaknesses. Dispel’s platform automatically shifts your infrastructure around, so adversaries cannot locate and sustain target lock.

  • Precision at Scale

    Dispel lets you control user access at both the application and network layers in a manner that is easy to manage, even at scale.

  • Real Segmentation

    In a true Zero Trust model, servers and users that do not need to be linked should not know of each other’s existence. Dispel's implementation achieves this through topological and cryptographic segmentation.

  • True Resiliency

    True resiliency is being able to identify, quarantine, respond, shift, and recover from an attack. Dispel provides hot swappable backups and 1 hour recovery times.

Reach out

Contact our security team

If you would like to contact us about a security concern, the fastest way to get in touch with our security team is at security@dispel.io.

Use this PGP key below to securely communicate with Dispel, and verify signed messages you receive from us.

Active Date: March 21, 2018
Expiration Date: March 21, 2022
Key ID: 7987BAC6
Key Type: RSA
Key Size: 4096 bits
Finger Print: 0CBB E6D1 6AAA 1926 3646 C56D 1692 2685 7987 BAC6
User ID: security@dispel.io


Download our key here