Reach is designed with the most security-conscious Security and IT teams in mind. Understanding the security practices of an organization you’re looking to trust with your data can feel intentionally confusing and more often than not, frustrating. We strive at Reach to keep things simple and secure.
This article provides an up-to-date overview of the state of Reach’s security and how it applies to our system. We take advantage of cloud security best practices and adhere to strict policies and requirements that enable Reach to maintain the security and integrity of the data our customers entrust us with.
Sections outlined in this document
Every Reach employee is committed to the security and privacy of our customers and their information. This starts with accessible information security policies that are reviewed on a quarterly cadence and being leveraged throughout the organization. These policies guide how Reach does business, builds products, and operates. Some examples:
AI comes in many different flavors. We developed AI for Reach to meet the rigorous demands of enterprise security.
Reach develops a custom AI model dedicated to:
Built to be unique to your company’s inputs, the model is created with your tenant and destroyed when required. This is done without impacting other Reach customers.
By keeping third-party LLMs out of the mix, Reach AI relies on verified, domain-specific data to power its configuration engine. This means all data processed by Reach is private and not shared with third parties; nor do third parties interact with Reach.
Because security decisions are critical to enterprises, Reach brings the highest level of rigor to its AI. We’ve built it to ensure no hallucinations. This allows your team to focus on critical security decisions, while letting data power cross-platform configuration decisions to land you at the single best result.
Reach sits at the center of a few data types. Data types fall into three categories; Identity service data, Security event logs, Security product configurations. Some of the data in the Identity service data and Security event logs may contain Personally Identifiable Information.
Identity service data can come from any number of sources. Most commonly the data comes from an Identity Provider within the company, like Microsoft AzureAD or Active Directory.
Security event logs will be analyzed by Reach for a number of products when connected to Reach. You must connect these products to Reach in order for security event ingestion to occur.
Note: Reach is not a Security Incident Event Mananegment (SIEM) product. We are only gathering a subset of the security events for processing purposes.
Security product configurations will be analyzed by Reach for a number of products when connected to Reach
The following data can be processed by Reach:
Data Type | Data | May be Considered Personally Identifiable Information | Can be anonymized |
---|---|---|---|
Directory Service Data | Name | Yes | Yes |
User name | Yes | Yes | |
Email address | Yes | Yes | |
Department | No | N/A | |
Role Title | No | N/A | |
Organization | No | N/A | |
Security Groups | No | N/A | |
Distribution Lists | Yes | Yes | |
Proxy Addresses | Yes | Yes | |
Location (typically office location | No | N/A | |
userAccountPropertyFlag | No | N/A | |
whenCreated | No | N/A | |
whenChanged | No | N/A | |
guid_lookup (if needed to join threat logs) | No | N/A | |
OktaWorkerType | No | N/A | |
Security Product Logs* | Domain and username | Yes | Yes |
Email Address (sender) | Yes | Yes | |
Email Address (recipient(s)) | Yes | Yes | |
MAC address | No | N/A | |
Hostname | Yes | No | |
Qualified hostnames | Yes | No | |
Operating system | No | N/A | |
Name of Security device | No | N/A | |
IP Address (Source) | Yes | Yes | |
IP Address (Destination) | No | N/A | |
URL | No | N/A | |
File name | Yes | Yes | |
Forensics | Yes | Yes | |
Security Product Configurations | Security product configuration files | No | N/A |
All customer data is processed within Amazon Web Service locations in the United States.
Current AWS Regions:
Reach is built with industry-tested technology and security practices.