FAQ

Frequently Asked Questions and Answers

Any questions?
Check out the FAQs

Still have unanswered questions and need to get in touch?

THEFENCEâ„¢ enterprise access risk management is an automated access control software solution which assesses the risk of access rights and helps companies enforce the least privilege principle with the least effort.
Risks in access rights to different IT systems and applications. Unnecessary, excessive, or conflicting access rights, or too high privileges potentially resulting in system abuse, compromised data, and cybercrime.
THEFENCE helps measure and thereby reduce the risks of human error, misuse and operational problems resulting from unnecessary privileges.
Unnecessary rights can be misused for fraudulent or data leakage purposes. Therefore, it is essential to maintain a closed control over users to ensure they only use privileges in the system which are truly necessary for their work.
THEFENCEâ„¢ collects users, roles and elementary privileges from the systems in a standardized and automated way. Based on this, it automatically performs a measurable, scoring based risk analysis. Then it creates and sends actionable reports to the relevant departments (primarily IT security, but it can be IT, internal audit, CFO, CRO or HR).
THEFENCEâ„¢ contains a scoring based high privilege and segregation-of-duties (SoD) rule set that can easily be expanded according to the characteristics of the organization.
Each company has their own business-critical systems where access to information, or modification, deletion of information is too complex, or it is not properly managed. Adequate management of access rights is required by international or domestic security standards.
Companies running their business on complex systems and business applications are all affected (this is true for 95% of larger companies today). The company may also have a regulatory or legal compliance requirement for this.
The company’s IT staff, IT managers, internal auditors, financial / accounting managers, and possibly IT security specialists can tell you if your company may have problems with excessively issued or conflicting access rights, or excessive business and IT permissions.
The monitored systems can range from business applications such as SAP to different IT infrastructure layers like Amazon Web Services, Microsoft Azure, Google Cloud Platform, network technologies, operating systems, middleware, database systems or any applications using Windows AD authorization. Moreover, any other application or individual technology can easily be connected.
Yes, practically any other application or individual technology can easily be connected. For internally developed business applications we create our own access right collector, which we insert into our software so that they can be analyzed as well.
Yes, the rulesets can be freely edited or expanded by the customer, we provide a ruleset editor built into the software.
Access risks associated with functional developments can be addressed by extending the rule set supplied as part of the solution. Customers can also edit the rules themselves or request advice from us.
Yes, we provide a default ruleset that is uploaded into our software in the implementation process. In case of custom interface request, the customized ruleset and scoring is prepared together with the organization in the implementation phase.
THEFENCEâ„¢ security software solution is produced by XS Matrix Global Co., an IT security company, headquartered in Miami, FL, USA and Budapest, Hungary, providing automated enterprise access risk management and license control services available both on-premise and in the cloud.
Founded in 2016, XS Matrix started elaborating the concept of risk-based access control technology, then providing access risk detection services. The company then created the AURA software in 2019, then in 2022 XS Matrix launched THEFENCEâ„¢ security software solution providing automated enterprise access risk management and license control services available both on-premise and in the cloud (SaaS).
We envisage a safer environment and more efficient operation for companies and our contribution to a more secure usage of IT systems and applications by mitigating the risks underlying in access rights and in human capital.
The founders are Harold Teasdale, CISA, CISM, MSc in Economy, 20+ years in cyber security; Tamas Mihaly, CISA, CISM, MSc in Informatics and Economy. The team of XS Matrix consists of developers, programmers, project managers, sales and marketing specialists as well as the leadership team. We are specialists of employees’ digital rights & identities; we have analyzed 75.000+ digital users since 2016; we have elaborated 10.000+ rules & patterns.
THEFENCE is available for purchase in an annual software license subscription model. You can subscribe to our software directly with us (please contact us at sales@thefence.net) or indirectly through our resellers or system integrators. You can check out the list of authorized partners on our website in the Company section.
THEFENCE is available in an annual license subscription model. The basis for calculation is the number of monitored systems as well as the number of users. Please reach out to us for more details at sales@thefence.net.
THEFENCE can be implemented via XS Matrix Professional Services or by an authorized reseller, certainly in co-operation with the end user customer.
Yes, you can also run use THEFENCE as a one-off risk assessment service project. In that case the actual gross execution time would be approximately one month depending on any new connector requests.
The implementation time depends on the custom applications / technologies where customized interfaces and rulesets are needed. For a basic implementation with 1-2 proprietary interfaces and ruleset the implementation takes about 1-2 weeks.
The software automatically collects, analyzes and reports the access right risks. Initially you may need more time and effort to handle the discovered access risks, but you can easily prioritize the tasks based on the scorings. Even at larger enterprises the operation of the software and managing the reported risks would not take more than ¼ or ½ of FTE a year (or even less).
Although we provide regular external consultancy services if needed, after the implementation and initial education there would be no need for that: any organization would be able to handle the discovered access risks by themselves. The only part where our expertise may be needed is the preparation of customized rulesets with custom scoring. In this case (but this can be part of the implementation) we can help the organization with external consultancy.
Although we provide regular external consultancy services if needed, after the implementation and initial education there would be no need for that: any organization would be able to handle the discovered access risks by themselves. The only part where our expertise may be needed is the preparation of customized rulesets with custom scoring. In this case (but this can be part of the implementation) we can help the organization with external consultancy.
The actual gross execution time of the basic implementation project is approx. one month, which is the total time between data collection and report submission.
A basic service project requires only minimal internal resources. It may take 1-2 days for the IT staff to internally test the data collection code, and then it takes another 1-2 days to reconcile the results of the raw reports and review the action plan before finalization.
Scroll to Top