Security & Trust
Your fleet data, protected. Aries handles device posture, network telemetry, and audit logs under controls built for enterprise security and IT teams.
Data protection
Device posture, network telemetry, and audit logs are encrypted on the wire and on disk, so what Aries collects about your endpoints stays confidential throughout its lifecycle.
Every agent and console connection is protected with industry-standard TLS, so posture data is encrypted as it moves between your devices and the platform.
Posture snapshots, telemetry, and audit logs are encrypted at rest using strong, widely adopted encryption standards.
The agent collects posture and network metadata, not the contents of your files — and we support deletion of fleet data when an engagement ends.
Access control
Access to your environment is scoped tightly and tracked, so only the right people see the right fleet — and you can see who did what.
Internal access to customer environments follows least-privilege principles and is limited to what is required to operate and support the service.
Sign in with Google or Outlook single sign-on, so authentication stays with your identity provider and your existing account controls.
Each agent authenticates with its own opaque, revocable token, and each tenant enrolls devices with its own key — so fleets stay isolated.
Infrastructure
Aries runs on reputable cloud infrastructure with tenant isolation and routine backups, so your data stays separated and recoverable.
We build on established cloud infrastructure providers that maintain their own rigorous physical and operational security programs.
Customer data is logically isolated so one organization's fleet is never exposed to another.
Data is backed up on a regular cadence to support recovery and business continuity.
Enforcement you control
Aries can run purely read-only, and every state-changing action is gated behind an explicit setting. You decide when the agent only observes and when it is allowed to harden.
Run the agent read-only to see posture and exposures with zero changes to the device — ideal for a first rollout or sensitive systems.
Every enforcement action — enable a control, apply a policy, killswitch — is gated behind an explicit allow-harden setting, off by default.
Hardening actions have a matching revert, and a stand-down command reverses a baseline across the fleet if you need to back out.
Compliance posture
We design our controls around established security and privacy frameworks. We are transparent about what is in place today versus what we are actively working toward.
Our controls are designed around the SOC 2 trust principles — security, availability, and confidentiality — as we mature our formal program.
Our data handling is designed with privacy regulations such as the GDPR in mind, including data minimization and deletion practices.
Privacy considerations are part of how we build. See our Privacy Policy for how we collect, use, and protect personal data.
Reliability
Security runs around the clock. Aries is built to stay available and performant so your fleet stays protected and your evidence keeps flowing.
The platform is designed for redundancy so a single failure does not take your console offline.
The agent degrades safely: a missing tool or a wrong-OS host never crashes it — it reports what it can and keeps heartbeating.
Regular backups and recovery practices keep your fleet data durable through disruptions.
Responsible disclosure
We welcome reports from security researchers and customers. If you believe you've found a vulnerability, please reach out so we can investigate and respond quickly. We ask that you give us a reasonable opportunity to remediate before any public disclosure.
Contact our team through our contact page and flag your message as a security report.
Talk to our team about how Aries protects your fleet data, or request our current security overview.