Data Collection
All data sent from the USM Anywhere Sensor deployed in your on-premises or cloud environment to the USM Anywhere service in the LevelBlue Secure Cloud is and transferred over a secure TLS 1.2 connection. Each sensor generates a certificate to communicate with the USM Anywhere service. This means that all communication is uniquely encrypted between each sensor and USM Anywhere. All forensic data (raw logs) is backed up on an hourly basis. The data collected in USM Anywhere is secured using AES-256 encryption for both hot (online) storage and cold (offline) storage.Data Access
Your data in USM Anywhere is treated as highly confidential, and only a select few LevelBlue staff members have access. This group of employees uses (MFA) to access the LevelBlue Secure Cloud. Strict internal controls and automation enable support for the service while minimizing administrative access. LevelBlue also has a formal information security program that implements various security controls to the National Institute of Standards Technology (NIST) Cyber Security Framework. Key controls include: Inventory of Devices, Inventory of Software, Secure Configurations, Vulnerability Assessment, and Controlled Use of Administrative Privileges. Additionally, LevelBlue conducts security self-assessments on a regular basis.Cold Storage Data Integrity
USM Anywhere offers secure long-term log retention, known as cold storage. By default, USM Anywhere stores all data associated with a customer’s subdomain in cold storage for the life of the active USM Anywhere subscription at no additional charge, while LevelBlue TDR for Gov customer data are kept for three years or longer (if requested).Important: The retention period set on the license (30-days standard or 90-days standard) only applies to regular events. The retention policy for system events is 30 days and for user activities is 180 days, while the user activities related to investigations never expire.
End-of-Contract Shut Down
If your subscription expires and you decide not to renew, your USM Anywhere instance will be decommissioned 14 days after the expiration. All data, including asset information, orchestration rules, user credentials, events and vulnerabilities (hot storage), and raw logs (cold storage), will be destroyed.Business Continuity Plan
To ensure business continuity, USM Anywhere executes a backup procedure 2 times a day, encrypts the data, and stores it for 15 days. The Recovery Point Objective (RPO) is up to 12 hours and the Recovery Time Objective (RTO) is approximately an hour, depending on the size of the data being restored.Password Policy
USM Anywhere stores and encrypts user credentials using the latest industry standards for securing passwords. Keep in mind these points when you are logging in:- The login credentials that you set will apply to any USM Anywhere™ and USM Central™ you have access to.
- USM Anywhere requires all passwords to have a minimum length of 8 characters and a maximum length of 128 characters.
- The password must contain numerical digits (0-9).
- The password must contain uppercase letters (A-Z).
- The password must contain lowercase letters (a-z).
- The password must contain special characters, such as hyphen (-) and underscore ( _ ).
Note: USM Anywhere passwords expire after 90 days. When your password expires, USM Anywhere enforces a password change when you next log in. A new password must be different from the previous four passwords.