Transport EncryptionPulseway uses end-to-end encryption, which ensures that your private infrastructure information stays private and unauthorized access is prevented. All connections to Pulseway services are done with a fully encrypted communication based on RSA public/private key exchange and AES (256 Bit) session encoding. This is the current industry standard encryption algorithm used worldwide.
Message EncryptionAll communication messages are encrypted with AES (256 Bit) symmetric keys, which are sent via RSA public/private key exchange mechanism to guarantee that in the unlikely event of transport encryption failure, privacy is not compromised. Keys are automatically rotated on a controlled interval to prevent brute-force attacks also adding an extra layer of security against man-in-the-middle attacks.
Brute-Force ProtectionA brute-force attack is a trial-and-error method used to guess account passwords. With the growing computing power of standard computers, the time needed for guessing long passwords has been increasingly reduced. Pulseway defends brute-force attacks by blocking multiple failed requests and increasing the timeout between failed requests.
Code SigningAll the Pulseway Windows and macOS agents and applications are signed using a Code Signing certificate to guarantee that the binaries have not been altered or compromised by a third party.
Datacenter & Network SecurityWe host our servers on US East Coast data centers providing high redundancy and lower latency.
The Datacenter complies with US federal regulations and industry standards - ISO Certification, LEED Certification, SOC 2, and Uptime Institute.
The Pulseway agents and client software do not require the opening of any inbound network ports. The solution only requires the HTTPS (TCP 443) outbound port to be available.
Device Access Control ListsFor enhanced security on the Pulseway mobile apps you can setup:
- PIN code mobile authentication (and Touch ID / Face ID where supported) to prevent unauthorized access to the monitored systems.
- Centralized device access control lists with the ability to remotely disable mobile devices.
- Default device access control list that will be used for newly added systems which allows you to deny access for all systems until you explicitly approve the new device.
Two-Factor AuthenticationTwo-factor authentication (2FA) is an additional security layer that will require an additional step to access your account or perform certain operations.
2FA is mandatory for all instances. You will receive Push notifications on your mobile apps to approve authentication requests or can use a TOTP app (Time-based One-Time Passcode) like Google Authenticator, Authy, or 1Password.
When setting up 2FA, the system will also generate backup codes that can be used when all the other authentication methods are not available. Each backup code can only be used once.
Pulseway users who are part of the Administrators team will also secure the Pulseway instance by enforcing two-factor authentication for all user accounts.