This Policy describes what data we collect via the Rubica App and service, why we collect it, what we do with it, and how we protect it.
What data does the Rubica App monitor and collect?
Rubica monitors and collects user data with the explicit purpose of providing accurate and timely cyber security recommendations and remediations. Although we have the same insight into your traffic that your network service provider can see, we take your privacy seriously and work to anonymize and mask your data in all ways feasible, while still maintaining the capacity to find new and emerging threats.
When you use Rubica, your data is summarized as technical information and presented to analysts who look at the traffic summaries for anomalous behaviors. We do not access your files, documents, or emails. We also do not look at the content of the videos you stream, or content on the sites you visit.
Specifically, we group your traffic into buckets, looking for new and strange connections that are unlike other devices similar to yours (Windows, Mac, etc). Once a potential threat is identified, further analysis is conducted to determine whether the traffic is in fact malicious.
To articulate this in an analogy: Imagine that we are the post office, and in the process of delivering packages to and from your house, and many other houses like yours, we take an index of each package’s weight, size, shape, source, and destination addresses. If any of these packages are suspicious based on any of these indexes, they are set aside for special inspection. All other packages not flagged as suspicious are allowed to continue unimpeded and unobserved. When we find that a particular package is known to be bad, we then write a rule that allows us to block these and any matching packages from being ever being delivered, in fact we prevent them from entering the post office in the first place.
In order for us to provide this service, some of the technical data we collect includes:
- Source and Destination IP addresses
- Protocol Type – TCP, UDP, ICMP, etc.
- Source and Destination Port Numbers
- Derived Checksums from the packet
- Calculated Checksums from the packet payload
- Packet and Session Payload length
- Device Type
- Device Version
- Service Logs
- Connection Times
- Connection Lengths
Why does Rubica collect this data?
Cyber threats are constantly changing and adapting; therefore, our security measures must involve adaptive defenses. Ongoing monitoring and analysis of the device traffic data means we can block and detect known malicious actors as well as adapt defenses to thwart emerging attack methodologies. Your device data traffic is analyzed both individually and holistically (in conjunction with the rest of our client base) by our U.S.-based team of cyber experts. This allows us to deploy aggregated macro analytics to discern patterns across the client base and push down real-time defenses if we see a new attack pattern emerge somewhere else.
Who has access to this data?
Only Rubica employees have access to your data. All of our employees undergo extensive background investigations (modeled after the process required by the U.S. and U.K. government intelligence agencies), including but not limited to investigations into past behaviors, reputation checks, and subject matter interviews performed by former law enforcement. We have a zero tolerance policy for misuse of any and all consumer data. All employees also sign nondisclosure and confidentiality agreements which protect both Rubica and client information. Lastly, only individuals tasked with the monitoring and maintenance of your data have access to any of it in raw or summarized form.
How is the data transferred and stored?
Log data is sent from the Rubica app over secure channels to our private security stack where it is encrypted, stored, and managed by the internal Rubica Cyber Team. Our database utilizes both redundant physical servers and cloud-based storage. All client systems are segmented, data is encrypted at rest on the physical servers, and any data transfers are via secure means (SSL) to prevent interception or tampering. At all points of data transmission, the data is protected with either SSL or via an encrypted tunnel.
How does Rubica protect this data?
We deploy cyber security best practices in terms of access controls (both physical controls and virtual controls) to limit who can access your data, when, and how. This information is kept in an isolated database that is only accessible from Rubica internal Networks which are protected behind an IDS/IPS and Firewall.
We utilize “the Principle of Least Privilege,” meaning we limit who has access to the data. The people who do have access to the data have been thoroughly vetted and access is always done via a secure connection and a hardened machine with MDM security controls. Anytime a Rubica employee accesses a server or file with your data, the access is logged, multi-factor authentication and strong passwords are enforced, and digital certificates for authentication are enabled.
Backups containing this collected information are stored in isolated servers that are only accessible from Rubica internal Networks that adhere to the Principle of Least Privilege and uses secure connection methodologies (e.g. SSH Keys). The machines used to access backups are MDM controlled machines that have been hardened. Any transmission of backups between servers are sent over an encrypted connection using non-standard ports.
At no time do Rubica servers store customer credit card information. Customer data is anonymized via a specially crafted naming convention that would be useless to anyone who were to obtain Rubica store data. This is done in order to further protect clients and their device data.