SECURITY
Protecting mission-critical infrastructure and customer data is foundational to everything we do. Our security architecture is designed for the demands of space operations.
Network & Infrastructure
Edge Protection
Global CDN with DDoS mitigation capable of absorbing multi-Tbps volumetric attacks. All traffic is inspected at the edge before reaching origin infrastructure.
Network Segmentation
Mission-critical systems, client portal, corporate IT, and ground station networks are physically and logically isolated. No lateral movement between segments.
Intrusion Detection
Network and host-based IDS/IPS deployed across all segments with 24/7 monitoring by our Security Operations Center (SOC). Mean time to detect: < 15 minutes.
Firewall Architecture
Multi-layer stateful firewalls with default-deny policies. All inter-segment traffic is explicitly whitelisted and logged.
Data Protection
Encryption in Transit
TLS 1.3 enforced on all external connections. Internal service-to-service communication uses mutual TLS (mTLS) with certificate rotation every 24 hours.
Encryption at Rest
AES-256-GCM encryption for all stored data, including mission telemetry, customer payloads specifications, Earth observation archives, and database records.
Key Management
Hardware Security Modules (HSMs) for cryptographic key storage and operations. Keys are never exposed in plaintext outside the HSM boundary.
Data Classification
Four-tier classification system (Public, Internal, Confidential, Restricted) with automated policy enforcement. Customer mission data defaults to Restricted.
Identity & Access
Multi-Factor Authentication
MFA required for all internal systems and the client portal. Hardware security keys (FIDO2/WebAuthn) mandatory for mission-critical system access.
Role-Based Access Control
Principle of least privilege enforced across all systems. Access reviews conducted quarterly with automated deprovisioning for role changes.
Single Sign-On
SAML 2.0 and OpenID Connect federation for enterprise customers. Centralized identity management with session timeout policies.
Privileged Access Management
Just-in-time access for administrative operations. All privileged sessions are recorded, time-limited, and require approval workflows.
Application Security
Secure Development Lifecycle
Security integrated into every phase of development. Threat modeling, static analysis (SAST), dynamic testing (DAST), and dependency scanning in CI/CD pipelines.
Penetration Testing
Annual third-party penetration tests by certified firms. Continuous bug bounty program for responsible disclosure of vulnerabilities.
API Security
OAuth 2.0 / JWT authentication for all API endpoints. Rate limiting, input validation, and request signing prevent abuse and injection attacks.
Supply Chain Security
Software Bill of Materials (SBOM) maintained for all components. Automated vulnerability scanning of third-party dependencies with SLA-driven patching.
Advanced Defenses
Content & Page Loading Protection
Page chrome, loading states, and content rendering are guarded against visual tampering, slow-load probing, and direct copy extraction flows.
Skeleton Loading Shields
Critical sections render through controlled loading shells to prevent partial content scraping during initial page load. Sensitive layout regions remain hidden until hydration completes and all access checks pass.
Anti-Scrape View Layer
Protected content is wrapped in a view layer that blocks text selection, image dragging, and rapid DOM extraction patterns. The layer is tuned to preserve usability while discouraging automated copying.
Secure Content Mounting
Mission data, dashboard panels, and AI responses mount only after the page’s security and consent gates complete. This prevents hidden or partially rendered data from appearing in the DOM before authorization.
Integrity Checkpoints
Each major content section validates its rendering state before display. Sections that fail integrity checks stay in a blocked state and report the issue to monitoring for review.
Content Moderation & AI Protection
Visitor-facing AI output is filtered for harmful, off-policy, or high-risk content before rendering, with strict controls for automated abuse and bot behavior.
AI Moderation Filter
All AI-generated responses are reviewed by a moderation layer that blocks unsafe instructions, manipulative content, and policy violations before they reach the user interface.
Bot Abuse Scoring
Automated behavior is scored across session timing, request bursts, and interaction patterns. High-risk sessions are throttled, challenged, or blocked entirely depending on severity.
Model Output Guardrails
The assistant is constrained to approved product, services, and support topics. Content that attempts to exfiltrate secrets, impersonate users, or produce harmful instructions is suppressed.
Appeals & Review
Flagged sessions are logged for review by the security team. False positives can be exempted after manual verification without weakening the enforcement policy.
Data Encryption & Secret Storage
Customer data, mission data, and operational secrets are protected using strong encryption in transit and at rest, with strict key handling rules.
TLS 1.3 Everywhere
All browser and API traffic uses TLS 1.3. Internal service traffic is encrypted with mutual TLS, and unsupported ciphers are disabled across the platform.
AES-256 at Rest
Stored mission data, uploads, and customer records are encrypted at rest with AES-256. Backup archives and log exports follow the same policy.
Hardware-Backed Keys
Root keys and signing secrets are held in hardware-backed storage and never exposed to the browser or source repository. Rotation is enforced on a defined schedule.
Scoped Access Tokens
User and service tokens are short-lived, scope-limited, and revoked automatically when permissions change or a session is terminated.
Traffic, DDoS, and Abuse Defense
The delivery layer is hardened against high-volume attack traffic, bot floods, scraping spikes, and denial-of-service attempts.
Edge DDoS Mitigation
Traffic is absorbed and scrubbed at the edge before it reaches origin infrastructure. Automated mitigation handles volumetric floods and application-layer spikes.
Rate & Pattern Limiting
Requests are rate-limited by session, IP, ASN, and behavior pattern. Suspicious bursts trigger progressive challenges and temporary blocking.
Bot & Scraper Filtering
Known automation fingerprints, headless browser behaviors, and scraping signatures are challenged or blocked to protect site content and service availability.
Origin Shielding
Origin addresses are kept private behind protected delivery infrastructure so direct attack traffic cannot target the backend surface area.
Output Sanitization & XSS Defense
Every string rendered into the DOM from an external source passes through a strict encoding and sanitization pipeline before reaching the browser.
Content Security Policy (CSP)
A nonce-based CSP header is issued with every response, restricting script execution to explicitly approved sources. Inline scripts and eval() are blocked site-wide. Violations are reported to our SIEM in real time.
HTML Encoding at Output
All user-controlled strings are HTML-encoded at the rendering boundary. Characters such as <, >, &, " and ' are escaped before insertion into any HTML context. Template engines enforce this automatically; raw HTML injection points are prohibited by code review policy.
DOM Purification
Rich-text content ingested from external data sources (Earth observation metadata, mission notes) is sanitized using a server-side HTML sanitizer with a strict allowlist before storage and re-rendering.
Security Response Headers
X-Content-Type-Options: nosniff, X-Frame-Options: DENY, and Referrer-Policy: strict-origin-when-cross-origin are enforced on all HTTP responses. Third-party resources are covered by Subresource Integrity (SRI) hashes.
Prompt Injection & Jailbreak Defense
The OrbEX AI assistant is protected by multiple independent layers that prevent adversarial prompt manipulation, context escape, and unauthorized instruction injection.
Prompt Boundary Isolation
System prompt context is injected at the server layer before user input is appended. The model's instruction set is never exposed to user-facing channels. User input is structurally separated from system context using role-scoped token boundaries that the model cannot cross.
Semantic Classifier Pre-Filter
Each query passes through a lightweight semantic classifier trained on known jailbreak patterns, role override attempts, and instruction injection signatures. Queries that score above a threshold are soft-blocked before reaching the inference layer and logged for review.
Output Post-Processing
All model outputs are validated before rendering. Responses containing instruction-like text, code execution suggestions, or out-of-scope content are suppressed and replaced with a safe fallback. The classifier runs independently of the model that generated the output.
Session Rate Limiting
AI inference endpoints enforce per-session request limits and velocity checks. Rapid-fire query patterns consistent with automated jailbreak probing trigger progressive throttling and CAPTCHA challenges.
Securing Lead Capture Webhooks
All inbound webhook payloads are cryptographically verified before processing. Unauthenticated or replayed requests are silently discarded at the ingestion layer.
HMAC-SHA256 Payload Signing
Every inbound webhook request must include a valid HMAC-SHA256 signature computed over the raw request body using a shared secret. Signatures are verified server-side before any payload processing occurs. Secrets are rotated on a 90-day schedule and stored in HSMs.
Timestamp & Nonce Validation
Payloads include a Unix timestamp and a per-request nonce. Requests outside a ±5-minute window are rejected. Nonces are stored in a short-lived cache and checked for replay; duplicate nonces are permanently blocked for the lifetime of the cache window.
IP Allowlisting
Webhook ingestion endpoints are restricted to a documented list of source IP ranges for each integration partner. Requests originating outside allowlisted CIDRs are dropped at the edge without response.
Payload Schema Validation
Inbound payloads are validated against strict JSON schemas before deserialization. Unexpected fields are stripped. Malformed payloads trigger an alert but return a 200 to prevent enumeration by adversaries.
Preventing API Key Theft
API credentials and integration secrets are never exposed in client-side code. All secrets are managed server-side with hardware-backed storage and short-lived token issuance.
Server-Side Only Secrets
No API keys, service account credentials, or signing secrets are included in browser-delivered JavaScript bundles. All integration calls requiring credentials are proxied through server-side functions or edge workers that inject secrets at execution time.
Short-Lived Scoped Tokens
Session tokens issued to authenticated clients have a maximum TTL of 15 minutes. Tokens are scoped to the minimum required permissions for the requested operation. Refresh tokens are single-use and invalidated immediately upon rotation.
HSM-Backed Key Storage
Long-lived signing keys and root credentials are stored in Hardware Security Modules. Keys are never exported in plaintext. All cryptographic operations using these keys occur inside the HSM boundary.
Anomaly Detection on API Usage
API usage is monitored for behavioral anomalies: unexpected geographic access, volume spikes, unusual method sequences, and off-hours access patterns. Anomalous sessions trigger automatic suspension and security team notification.
Certifications
Information Security Management System certification covering all OrbitExSpace operations, including launch services, satellite operations, and data processing.
Annual audit of security, availability, and confidentiality controls for our client portal and data delivery infrastructure.
Trusted Information Security Assessment Exchange at Assessment Level 3, required for collaboration with European automotive and defense partners.
European Cooperation for Space Standardization compliance for software product assurance in space systems.
Incident Response
Automated alerting from SIEM, IDS, and anomaly detection systems. SOC team acknowledges and triages within 15 minutes.
Affected systems isolated. Forensic preservation initiated. Incident commander assigned and stakeholders notified.
Root cause identified and eliminated. Indicators of compromise (IOCs) distributed across all monitoring systems.
Systems restored from verified clean backups. Enhanced monitoring deployed. Post-incident review initiated.
Affected customers and regulatory authorities notified in accordance with GDPR Article 33/34 timelines.
AI moderation, content loading protection, anti-copy controls, encryption, and traffic defense are enforced across the site to reduce abuse and protect customer data.
Client Portal