Security One-Pager
B-Brave Gatekeeper
Enterprise IT Security & Network Management Platform
Last updated: Q2 2026 · Version 1.3
info@bbravegatekeeper.cloud
Platform overview
B-Brave Gatekeeper is a unified IT security and operations platform that combines network discovery, CMDB, IPAM, ITSM, compliance automation, MDM, SIEM, SOAR, and AI-assisted reporting in a single environment. It is designed from the ground up for regulated industries, multi-tenant MSP deployments, and security-conscious organisations that require audit-ready controls and flexible deployment models.
Deployment options
Cloud SaaS
Multi-tenant, regional isolation, zero infra overhead
On-Premise
Full data sovereignty, runs inside your datacenter
Hybrid
Cloud control plane + on-prem agents, results local
Air-Gapped
Fully offline, zero outbound, for classified environments
Security controls
Encryption at rest & in transit
AES-256 at rest (database, backups, credentials vault). TLS 1.3 in transit. Per-tenant envelope encryption for secrets.
Identity & MFA
TOTP-based MFA enforced for all users. Active Directory and OAuth integration. Passkey support.
Tamper-evident audit log
Append-only activity log. Every user action, configuration change, and API call is recorded with actor, timestamp, and tenant context.
Encrypted backups
Automated daily backups with AES-256 encryption. Point-in-time recovery. Backups stored in a separate region from primary data.
Patch SLA
Critical CVEs patched within 72 hours. Dependencies scanned in CI/CD. Container images rebuilt on upstream security updates.
Row-Level Security
Postgres Row-Level Security enforces tenant isolation at the database layer. No application-level filtering required.
TLS & HTTP hardening
SSL Labs
Security Headers
Forward Secrecy
HSTS Preload
TLS 1.3 enforced · TLS 1.2 allowed with restricted cipher suite · TLS 1.1, 1.0, SSLv3 disabled · 8 HTTP security headers deployed at CDN edge (HSTS, CSP, X-Content-Type-Options, X-Frame-Options, Referrer-Policy, Permissions-Policy, COOP, X-Permitted-Cross-Domain-Policies) · Certificate Transparency · DNS CAA · OCSP Stapling · ECDHE-only cipher suites.
Availability & incident response
99.9%
Monthly uptime SLA
5 regions
Independent infrastructure
72 h
Critical CVE patch SLA
P1: 1 h
Critical incident response
RTO: 4 h (cloud) · RPO: 1 h · Maintenance communicated 48 h in advance · P2 response: 4 h · P3: 24 h
Compliance frameworks
Native compliance evidence packages generated per framework. No third-party GRC tool required.
Data residency
Europe
Netherlands, Germany, Finland
GDPR, NIS2, BIO, Wbni
Americas
US East, US West, Canada
SOC 2, HIPAA, CCPA
Asia-Pacific
Singapore, Australia
PDPA, Privacy Act
Middle East
UAE, Bahrain
NESA, PDPL
Africa
South Africa
POPIA
Tenant data never crosses region boundaries. Infrastructure is fully isolated per region.
Data processing transparency
Processed by the platform (as data processor)
- Network telemetry: IPs, MACs, hostnames, ports
- Asset inventory: device type, OS, firmware, software
- Security events: SIEM alerts, CVE matches, traffic logs
- User account data: name, email, hashed credentials, MFA
- Operational data: tickets, changes, on-call schedules
Stays entirely on-premise (self-hosted only)
- All scan results and raw network telemetry
- Credentials vault contents — encrypted locally
- Device configurations and SNMP community strings
- FortiGate, switch, and AD connection credentials
- Agent scripts and custom automation playbook logic
Legal Documents
- Data Processing Agreement (GDPR Art. 28)
- Subprocessor List
- Service Level Agreement
Pentest & Hardening
- Q1 2026 independent third-party assessment
- Scope: web app, REST API, network layer
- Summary public · Full report under NDA
Contact
- Security: security@bbravegatekeeper.cloud
- General: info@bbravegatekeeper.cloud
- PGP key available on request