Intrusion Detection System (IDS)

Eververse employs a robust combination of built-in security tools and cloud-native protections to detect and prevent unauthorized access or malicious activity.

1. Purpose

This document outlines Eververse's Intrusion Detection System (IDS) and describes the security controls and technologies we employ to detect, prevent, and respond to unauthorized access or malicious activity within our environment. Eververse leverages a variety of built-in tools and cloud-native protections to safeguard customer data and ensure the integrity of our systems.

2. Built-in Security Controls

Eververse employs the following intrusion detection and intrusion prevention mechanisms through its cloud providers and supporting tools:

2.1 Web Application Firewall (WAF)

  • Vercel’s Web Application Firewall (WAF) is utilized to monitor and filter HTTP/HTTPS traffic to the Eververse platform, preventing unauthorized access, injection attacks, and other malicious activities targeting the application layer.
  • The WAF blocks suspicious requests and provides logging for further analysis of potential intrusion attempts.

2.2 DDoS Protection

  • DDoS protection is implemented at the Vercel infrastructure level, mitigating Distributed Denial of Service (DDoS) attacks by automatically detecting and blocking malicious traffic.
  • This service ensures continuous platform availability by preventing service interruptions caused by traffic floods or brute force attacks.

2.3 Automated Database Auditing

  • Supabase provides automated database auditing, tracking all database access, modifications, and queries. This ensures that any unauthorized or abnormal data access attempts are flagged for investigation.
  • The audit logs are reviewed regularly to detect potential breaches, misuse, or data leakage from internal or external sources.

2.4 Encryption

  • Encryption at Rest and in Transit: All sensitive data within Eververse, including customer data stored in Supabase databases, is encrypted using industry-standard protocols (e.g., AES-256 for data at rest and TLS for data in transit).
  • Encryption ensures that any intercepted data is unreadable without the appropriate decryption keys, protecting data from unauthorized access.

2.5 Role-Based Access Control (RBAC)

  • RBAC ensures that only authorized personnel have access to sensitive data and critical systems. Users are granted the minimum privileges necessary to perform their duties, reducing the risk of unauthorized data access.
  • RBAC policies are reviewed periodically to ensure compliance with least-privilege principles.

2.6 Database Activity Monitoring (DAM)

  • Eververse utilizes Database Activity Monitoring (DAM) provided by Supabase to continuously monitor database queries and detect abnormal patterns of data access, such as bulk data exports or unusual IP access.
  • DAM provides detailed logs of database activities, which are fed into our monitoring system for analysis and alerting in case of potential intrusions.

3. Monitoring and Response

3.1 BetterStack Monitoring and Alerts

  • BetterStack is used to monitor logs, uptime, and system activity in real time. Anomalies, such as repeated failed login attempts, abnormal error rates, or unexpected system behavior, trigger alerts to the security team.
  • By monitoring the entire system's activity, BetterStack allows for early detection of potential security incidents, enabling rapid investigation and response.

3.2 Integrated Security Solutions

  • Supabase's audit logs and encryption work in tandem with these tools to prevent data breaches and ensure compliance with industry standards.

4. Contact Information

For any questions or clarifications regarding this Intrusion Detection System Policy, please contact us.

Get started for free

Explore problems, ideate solutions, prioritize features and plan your roadmap with the help of AI.