Breach Commander is born from the universal need to properly manage cyber incidents in a simple, collaborative, streamlined, repeatable and measurable fashion.

The creator has cooked into the solution his experience of 20+ years of IT, cybersecurity, digital forensics, governance and incident management experience.

Breach Commander is being audited for best practices and security compliance, namely for SOC 2 Type 2.

Here are some of the top notch security controls and considerations that have been cooked into our design:

Secure Coding and Coding Best Practices

We have leveraged security best practices to make sure our code is not only reliable, but absent of vulnerabilities or weaknesses that could compromise its integrity or reliability, including:

+ Encrypting your data at rest with 3 layers of encryption;

+ Salting and hashing of stored credentials;

+ Building reusable code and object-oriented programming (OOP);

+ Validation and sanitation of input data types;

+ Sanitation of SQL queries (especially coming from user-input data);

+ Utilization of cross-site request forgery tokens to avoid the replay of our URLs;

+ Freeing our variables after use;

+Secrets stored in server vault, not in our code;

+ And more ...

Application logic security

Breach Commander is built with role-based access controls (RBAC) for access to content and resources. It ensures that users can access restricted data and content only if they have the proper rights to do so.

Our authentication enforces multi-factor authentication (MFA) via mobile authenticator at account configuration.

Hosting security & Resiliency

Breach Commander is protected with Web Application Firewall policies before any traffic reaches its code.

We use geographical disaster recovery redundancy so that Breach Commander is always available.

You data is backed up frequently.

If you have any interrogation on our practices, please feel free to reach out via out contact page!

Breach Commander being a support tool for challenging moments, we want you to be able to take care of your incidents without considerations for licensing and subscription limits.

For this reason, we do not limit the creation of user and assignment of billable role, even if they go over the subscribed quantities.

The assignments over the subscription are calculated on a daily basis and invoiced every month.

The Tenant settings page and User configuration form clearly show the over consumption so that you are never surprised with costs. Also, when a role assignment consumes over the subscription limit, a reminder email is sent to the Account Owner.

User accounts in Breach Commander are created free of charge.

A user account is billable and consumes a "seat" when operational roles are assigned to it (Commander, Business Lead, Technical Lead, Auditor, Etc).

Consequently, it means that spectators or "viewer" accounts, for colleagues and stakeholders who need to follow your cases, are absolutely free!

Yes.

The timeline display has been designed with exporting in mind, so that the page prints well and exports/prints to PDF conveniently for inclusion in a report.

Breach Commander is built on the very standard and robust Linux - Apache - MySQL - PHP (LAMP) combination of technologies.

The content does not rely on a complex 3rd-party content management system (CMS).

We have tried to build everything by hand. First for the pleasure of it; Then we wanted to avoid all the possible external dependencies. The external modules we use are either commercial add-ons provided by their vendors (mapping, AI, font/icons) or very standard programming libraries in PHP.

Fullblown Security Consulting is the sole developer of the solution and owns 100% of the intellectual property fuelling it.

Yes.

Breach Commander currently supports the following languages for the interview and graphical user interface (UI):

• English

• French

• Espanol

Yes.

Breach Commander has a light and a dark mode display themes

Yes, currently for read operations (cases, items, etc).

We plan to extend the API capabilities in a near future.

Our API is available in Pro or Enterprise subscriptions.

Yes.

Pro and Enterprise subscriptions allow the secure export and import of cases for backup or collaboration purposes.

Yes.

Breach Commander has built-in multi-tenancy. This means that a user can be given granular access rights to various company tenants via the same user account and credentials.

This is of particular interest for providers supporting multiple clients like breach coaches, insurers and incident responders.

Yes.

The audit log review functionality offers the download in standard CSV format.

Yes.

Pro and Enterprise subscriptions allow viewing the graphs, and also exporting them as an image file for inclusion into our customer's governance and policies.