Security

The GuardTech security model

Explicit zones, cryptography by default, penetration testing on a cadence, and an incident process that ends in learning, not narrative.

Zone model

We operate three segregated zones: public perimeter, authenticated application, and data plane. Cross-zone traffic passes through audited gateways with mutual authentication.

ZONE · 01

Perimeter

WAF, CDN, rate limiting, and signature filters. No raw traffic reaches the application.

ZONE · 02

Application

Services with identity, mTLS policies, and role-based access controls.

ZONE · 03

Data plane

Encrypted storage, isolated secrets, and access through audited brokers.

Cryptography

Cryptography is the default, not an option. We manage keys in isolated modules, with automated rotation and separation of duties.

TLS 1.3 on all external and internal traffic
Automatic key rotation every 90 days
HSM for evidence signing keys
AES-256 encryption at rest on all disks

Pentest cadence

External pentestAnnual with accredited partner

Internal pentestSemi-annual

Red teamBiennial with full scope

Incident response

01Detect
Combined telemetry and continuous monitoring signals trigger the process.
02Contain
We isolate the affected surface in minutes and preserve state for analysis.
03Eradicate
We remove root cause with cross-validation between engineering and security.
04Learn
Internal public post-mortem in 10 business days, with actions tracked to closure.

Responsible disclosure

We receive reports from security researchers through a dedicated channel. We confirm receipt within 48 hours and publish advisories after remediation.

PGP key

security@guardtechsecurity.com.br · 0xA12F 88C4 9E2D B1FF 4A2C 5E80 21CC 7B91 FA30 8D72

Ready to start a conversation?

Connect with the integrity team and we'll scope the engagement and evidence together.

Talk to integrity team