Wondering how our software will work with and within your operation? Get answers to your questions right here.
Elpha Secure software — or Elphaware — is designed to dramatically improve your security posture once installed on each compatible endpoint in your organization.
Real-time monitoring, alerts, offsite backups, MFA, and more.
Third-party audited by Security Compass Advisory
Integrates with our cyber insurance to reduce your premium
Depending on your particular needs, Elpha Secure software can:
Serve as a lightweight EDR (endpoint detection and response) solution
Be configured with some or all active tools in the Elpha Secure software suite
Be used in a read-only passive mode to fit into existing security infrastructure
Below you’ll find answers to common queries to help you choose, use, and get the most out of our security software.
We’ll send your system administrator or company contact point an invite to the Elpha Secure portal as the first step in the onboarding process. Once the administrator activates their account, they can add additional users or administrators who will each download and install the software.
Alternatively, the admin can access a bulk installer (MSI on Windows OS, PKG with multiple licenses on Mac OS) and push it out to all endpoints through existing endpoint management software.
Elpha Secure software can be configured in “active mode” with all tools enabled, or individual tools can be turned off to convert it into a passive read-only monitoring mechanism. Our software may have to be allowlisted within other security suites, but otherwise they should have no trouble coexisting.
Our software is compatible with laptops, desktops, and servers running Windows, recent Mac, and Linux operating systems (headless or with a GUI). It does not run on switches or mobile devices at this time. Any unsupported devices may be kept in their original configuration and still meet our insurance requirements.
Yes. Our software is like a container for multiple security tools, and the container automatically updates itself along with each separate tool.
Yes. Our software provides separate control over each security tool, allowing customization to fit your organization's needs. If your existing security posture already handles certain scenarios, we allow redundant tools to be disabled. Please contact us to determine whether we consider your tooling to be equivalent.
Yes, we perform regular penetration tests of our software via third parties. Details available upon request.
The majority of our software won’t interfere with existing user workflows, with the exception of our remote access tool. This tool introduces firewall rules to block remote access through RDP, VNC, and SSH by default so that users will need to log into the portal to request an unlock.
If you don’t require the added security provided by the remote access feature, the tool can be disabled by administrators.
When telemetry tools are enabled, our software collects metadata like system audit logs, which processes are running, open and listening ports, and packet flow statistics (including DNS names). This data enables our machine learning models to generate security alerts that are shared with you.
In terms of file content, our backup tool reads selected directories and encrypts files on the device before uploading them. Filenames may be collected and stored separately to enable our backup restore process to supply meaningful names to the user.
Please see our terms of service for more information about data collection.
Our primary data centers are hosted by Google in the eastern US. Data backups (encrypted on the device) are stored in Backblaze cloud storage in the western US.
Our software is written primarily in native code, minimizing its system resource footprint. To prevent excessive disk consumption, logs are periodically rotated and our dependency list is kept small.
Since we carefully restrict memory use by chunking file and network operations, and CPU overhead is minimal, our software can run even on older machines and in constrained environments.
We rate limit all network usage to 100KB/s, and each installation of our software won't exceed this amount.
Our remote access tool mediates remote desktop login by creating a firewall rule to block access through RDP, SSH, and VNC. This firewall rule is created directly with operating system utilities and will likely not interfere with existing firewalls and access control.
It's unlikely that our remote access tool will interfere with other MFA systems, but users may be required to unlock twice. In this case, since multi-factor authentication is already present, the administrator can disable our remote access tool without impacting insurance coverage.
The backup tool performs two functions simultaneously: it periodically scans the selected directories in the background, and it watches the directories for changes (any new files will be immediately backed up).
An encryption key is generated on the device when the software is installed; half of the key is emailed to the user, and half is stored on our portal. Both halves are needed for file decryption.
To ensure a stronger defense against ransomware, our system stores multiple versions of each file instead of just the most recent version (which may have been maliciously encrypted during the attack).
Our backup system encrypts data on the device before it's sent to the cloud, but we understand that you may still consider some data too sensitive to send. In turn, you can customize the directories to be backed up on each machine.
The administrator can also disable the backup tool, but keep in mind that another backup mechanism would need to be in place to remain compliant with our insurance policy terms.
We don't recommend backing up excessively large files like full machine images, because our backup tool is rate limited to 100 KB/s to conserve network resources. In a cloud environment, the provider's own machine image backup solution is likely your best option.
Insurance fused with security software for a complete defense.