SECURITY

Security & Trust

VALIX Defence is built on a foundation of security-first design principles. From encrypted sensor data transmission to secure API authentication, every component is engineered to protect operational data and maintain system integrity.

Core Security Principles

End-to-End Encryption

All sensor data is encrypted at source before transmission. Data remains encrypted through gateway aggregation and API delivery using industry-standard encryption protocols.

Network Isolation

VALIX Gateway architecture is designed for deployment in range networks and isolated environments. Direct public internet exposure is not recommended for operational deployments.

Secure Authentication

API access requires authenticated credentials with support for OAuth 2.0, API keys, and mutual TLS (mTLS) for high-security deployments.

Minimal Data Exposure

Sensor nodes transmit only necessary data. No telemetry or diagnostic information is collected without explicit configuration by the deploying organization.

Secure Updates

Gateway firmware and software updates are delivered over encrypted channels with cryptographic signature verification to prevent unauthorized modifications.

Operational Security

Technical specifications including frequency bands, ranges, and protocols are restricted to specific companies only documentation to prevent operational compromise.

Deployment Best Practices

Network Architecture

VALIX Gateways should be deployed within managed range networks, not directly exposed to public internet. Use network segmentation, firewall rules, and VPN/private connectivity for API access from command and control systems.

Access Control

Implement role-based access control (RBAC) for API consumers. Use separate credentials for different operational units or deployment zones. Rotate API keys and certificates on a defined schedule.

Physical Security

While VALIX Node S1 sensors include tamper detection via motion sensors, physical access to deployed nodes should be restricted when possible. Gateway installations should be in secured locations with controlled access.

Responsible Disclosure Policy

VALIX Defence takes security vulnerabilities seriously. If you discover a security issue in VALIX products or services, we encourage responsible disclosure.

Reporting Process

  • Send vulnerability details to privacy@valixdefence.fi
  • Include detailed reproduction steps, affected versions, and potential impact assessment
  • Allow 90 days for investigation and remediation before public disclosure
  • Do not exploit vulnerabilities beyond proof-of-concept validation

Our Commitment

  • Acknowledge receipt of vulnerability reports within 48 hours
  • Provide regular updates on remediation progress
  • Credit security researchers in public advisories (unless anonymity is requested)
  • Coordinate disclosure timelines with reporters

Security Questions?

For security-related questions, compliance documentation, or penetration testing coordination, contact our security team at privacy@valixdefence.fi.