How Our Technology Works

Our Security Operations Center (SOC team) will periodically reach out to you with recommendations for removing the worst risks from your environment. To avoid alert fatigue, we will generally not reach out more often than about once a month, unless a critical risk is detected.

Elpha’s deep scanning tool is used for external network and cloud assets to detect vulnerabilities, misconfigurations, and services that are prone to the most commonly used exploits. Elpha contacts our insureds only for the worst risks to be closed, usually once per month, but occasionally in response to widespread attacks. For example, default passwords or other weak configurations are identified during the non-invasive penetration testing results.

All network based SaaS services are available on internet facing endpoints. 

In addition to the monthly email of top critical risks to remove, a full report on these results is also available upon request by our insureds on a quarterly cadence.

Cybercriminals are using increasingly sophisticated email-based attacks. ES Mail is meticulously engineered to help protect your inbox by:
‍
1. Blocking malicious URLs and harmful attachments.
2. Intercepting spam and bulk phishing attempts.
3. Integrating additional protections that go above and beyond to remove email based attacks while allowing existing security controls to continue operating.
4. Ensuring that only the emails you want and need reach your inbox.
5. Flagging fraudulent payment instructions, suspicious cryptocurrency transactions, and deceptive tax-related directives.
6. Reminding our insureds that they must use a completely external phone or other external contact method to validate whether a sender is genuine for all detected financial transfer emails.

Elpha’s security agent consists of seven main components:
1. Real-Time Threat Monitoring (EDR) – mitigates and responds quickly to potential threats.
2. Remote Access Protection – adds multi-factor authentication (MFA) to safeguard your remote access process (RDP/VNC).
3. Security Operations Center (SOC) – sends an email with top three patches and risk mitigations against the worst vulnerabilities to close as part of regular security hygiene, as well as reach out occasionally when top critical risks emerge.
4. Email Security (ES) – filters phishing and spam emails and identifies fraudulent financial transactions.
5. Patching Capabilities – vulnerability and software version management.
6. Dark Web Monitoring – compromised credential remediation for passwords and authentication data posted, sold, or stored on Dark Web marketplaces and forums. The Dark Web is commonly used by attackers due to its restricted access and anonymity, requiring specialized tools and skills to search and navigate.
7. Exposed Credential Monitoring - monitoring and remediation of exposed corporate credentials resulting from data breaches, misconfigurations, or public disclosures.

Elpha will send the main point of contact listed on your insurance policy an invite to the Elpha portal as the first step in the onboarding process. Once the administrator activates their account, they can begin the installation process or add additional administrators to assist with deploying the software.
‍
Elpha’s Customer Success Team will reach out to the administrator with helpful installation instructions and next steps.
‍
Various deployment options can be found in our Help Center.

Once proper exclusions are applied to third-party security tools, the Elpha security agent should install with no issues or interruptions to other software. Users shouldn’t even notice the agent running in the background.

Elpha’s software can be configured in “active mode” with all tools enabled, or individual tools can be turned off, if already in place.

Elpha’s EDR can operate in a passive, alert-only monitoring mechanism, but this is not recommended.

Yes. Elpha’s software provides separate control over each security tool, allowing customization to fit your organization's needs. If your existing security posture already handles certain scenarios, the software can be preconfigured with redundant tools disabled. Please contact our Customer Success Team to determine whether we consider your security stack to be equivalent.

Yes, our software has been validated by a third party for efficacy, false positives, and performance. We also perform regular penetration tests of our software via third parties.

Here are Elpha’s most recent tests by VB100.

The majority of our software won’t change existing user workflows with the exception of our remote access tool. If you use this tool, a 2FA solution will be implemented to harden your remote access capability. This tool introduces firewall rules to block remote access through RDP, VNC, and SSH by default, and users will need to log into the portal to be granted remote access.
‍
If your organization doesn’t require the added security provided by the remote access feature, the tool can be disabled.

When telemetry tools are enabled, our software analyzes metadata such as system audit logs, running processes, open and listening ports, and packet flow statistics (including DNS names). This data enables our machine learning models to generate security alerts that we share with you and assist you with mitigating risks.
‍
Please see our terms of service for more information about data collection.

Elpha loads a comprehensive signature database and unpacks certain files into memory during scanning. This method enables us to provide a thorough and efficient scan to protect your system against potential threats.
‍
As a result, memory usage may climb to as high as 500 MB. These spikes are temporary, and memory usage should reduce to ranges from 200 – 350 MB once the initial scanning processes are complete.

Elpha loads a comprehensive signature database and unpacks certain files into memory during scanning. This method enables us to provide a thorough and efficient scan to protect your system against potential threats.

As a result, memory usage may climb to as high as 500 MB. These spikes are temporary, and memory usage should reduce to ranges from 200 – 350 MB once the initial scanning processes are complete.

The backup tool performs two functions simultaneously: it periodically scans the selected directories in the background, and it watches the directories for changes (any new files will be immediately backed up).
‍
An encryption key is generated on the device when the software is installed; half of the key is emailed to the administrator, and half is stored on our portal. Both halves are needed for file decryption.
‍
To ensure a stronger defense against ransomware, our system stores multiple versions of each file instead of just the most recent version (which may have been maliciously encrypted during the attack). Elpha does not review the file contents, as confirmed in our SOC 2 privacy policy confirmation. The system provides whatever folders are selected by your organization and produces a backup. Any files are transmitted in encrypted format using TLS for in transit and encrypted on Google hosted drives within the storage system. Elpha’s system is designed such that we do not inspect the content of those backups, nor do we suggest storing PII/PHI in those directories, but Elpha does treat the backup data as if they contain sensitive information.

Our backup system encrypts data on the device before it's sent to the cloud, but we understand that you may still consider some data too sensitive to send. In turn, you can customize the directories to be backed up on each machine.

The administrator can also disable the backup tool but should keep in mind that another backup mechanism would need to be in place to remain compliant with our insurance policy terms.

We don't recommend backing up excessively large files like full machine images because our backup tool is rate limited to 100 KB/s to conserve network resources. In a cloud environment, the provider's own machine image backup solution is likely your best option. Our backups are limited to 1TB for the organization so the business-critical folders should be backed up first and foremost.