FAQ
Frequently Asked Questions and Answers
Any questions?
Check out the FAQs
Still have unanswered questions and need to get in touch?
Product
What is THEFENCE?
THEFENCEâ„¢ enterprise access risk management is an automated access control software solution which assesses the risk of access rights and helps companies enforce the least privilege principle with the least effort.
What is the issue addressed by THEFENCE?
Risks in access rights to different IT systems and applications. Unnecessary, excessive, or conflicting access rights, or too high privileges potentially resulting in system abuse, compromised data, and cybercrime.
How can THEFENCE help secure the operation of my company?
THEFENCE helps measure and thereby reduce the risks of human error, misuse and operational problems resulting from unnecessary privileges.
What are the security risks coming from excessive or unnecessary privileges?
Unnecessary rights can be misused for fraudulent or data leakage purposes. Therefore, it is essential to maintain a closed control over users to ensure they only use privileges in the system which are truly necessary for their work.
How can THEFENCE handle the problem of conflicting or unnecessary privileges?
THEFENCEâ„¢ collects users, roles and elementary privileges from the systems in a standardized and automated way. Based on this, it automatically performs a measurable, scoring based risk analysis. Then it creates and sends actionable reports to the relevant departments (primarily IT security, but it can be IT, internal audit, CFO, CRO or HR).
What makes THEFENCE work in a standardized and automated way?
THEFENCEâ„¢ contains a scoring based high privilege and segregation-of-duties (SoD) rule set that can easily be expanded according to the characteristics of the organization.
How is this topic relevant for me?
Each company has their own business-critical systems where access to information, or modification, deletion of information is too complex, or it is not properly managed. Adequate management of access rights is required by international or domestic security standards.
Can our company be affected?
Companies running their business on complex systems and business applications are all affected (this is true for 95% of larger companies today). The company may also have a regulatory or legal compliance requirement for this.
In case I cannot decide if we are affected, who can answer this to me?
The company’s IT staff, IT managers, internal auditors, financial / accounting managers, and possibly IT security specialists can tell you if your company may have problems with excessively issued or conflicting access rights, or excessive business and IT permissions.
What systems can be monitored by THEFENCE?
The monitored systems can range from business applications such as SAP to different IT infrastructure layers like Amazon Web Services, Microsoft Azure, Google Cloud Platform, network technologies, operating systems, middleware, database systems or any applications using Windows AD authorization. Moreover, any other application or individual technology can easily be connected.
Can THEFENCE handle customized applications?
Yes, practically any other application or individual technology can easily be connected. For internally developed business applications we create our own access right collector, which we insert into our software so that they can be analyzed as well.
Can the ruleset be customized locally?
Yes, the rulesets can be freely edited or expanded by the customer, we provide a ruleset editor built into the software.
How are custom developments within applications managed?
Access risks associated with functional developments can be addressed by extending the rule set supplied as part of the solution. Customers can also edit the rules themselves or request advice from us.
Is the ruleset provided by the supplier?
Yes, we provide a default ruleset that is uploaded into our software in the implementation process. In case of custom interface request, the customized ruleset and scoring is prepared together with the organization in the implementation phase.
Company
Who is the manufacturer of THEFENCE?
THEFENCEâ„¢ security software solution is produced by XS Matrix Global Co., an IT security company, headquartered in Miami, FL, USA and Budapest, Hungary, providing automated enterprise access risk management and license control services available both on-premise and in the cloud.
What is the story of XS Matrix?
Founded in 2016, XS Matrix started elaborating the concept of risk-based access control technology, then providing access risk detection services. The company then created the AURA software in 2019, then in 2022 XS Matrix launched THEFENCEâ„¢ security software solution providing automated enterprise access risk management and license control services available both on-premise and in the cloud (SaaS).
What is your vision?
We envisage a safer environment and more efficient operation for companies and our contribution to a more secure usage of IT systems and applications by mitigating the risks underlying in access rights and in human capital.
How about the XS Matrix team?
The founders are Harold Teasdale, CISA, CISM, MSc in Economy, 20+ years in cyber security; Tamas Mihaly, CISA, CISM, MSc in Informatics and Economy. The team of XS Matrix consists of developers, programmers, project managers, sales and marketing specialists as well as the leadership team. We are specialists of employees’ digital rights & identities; we have analyzed 75.000+ digital users since 2016; we have elaborated 10.000+ rules & patterns.
PURCHASE & DEPLOYMENT
How can I buy THEFENCE?
THEFENCE is available for purchase in an annual software license subscription model. You can subscribe to our software directly with us (please contact us at sales@thefence.net) or indirectly through our resellers or system integrators. You can check out the list of authorized partners on our website in the Company section.
How is THEFENCE licensed?
THEFENCE is available in an annual license subscription model. The basis for calculation is the number of monitored systems as well as the number of users. Please reach out to us for more details at sales@thefence.net.
Who can implement THEFENCE?
THEFENCE can be implemented via XS Matrix Professional Services or by an authorized reseller, certainly in co-operation with the end user customer.
Can I also buy THEFENCE as a one-off services project?
Yes, you can also run use THEFENCE as a one-off risk assessment service project. In that case the actual gross execution time would be approximately one month depending on any new connector requests.
IMPLEMENTATION
How long does it take to implement the software?
The implementation time depends on the custom applications / technologies where customized interfaces and rulesets are needed. For a basic implementation with 1-2 proprietary interfaces and ruleset the implementation takes about 1-2 weeks.
What resources will I need to use the software? Will there be a need for new experts?
The software automatically collects, analyzes and reports the access right risks. Initially you may need more time and effort to handle the discovered access risks, but you can easily prioritize the tasks based on the scorings. Even at larger enterprises the operation of the software and managing the reported risks would not take more than ¼ or ½ of FTE a year (or even less).
Will there be a need for regular external advice?
Although we provide regular external consultancy services if needed, after the implementation and initial education there would be no need for that: any organization would be able to handle the discovered access risks by themselves. The only part where our expertise may be needed is the preparation of customized rulesets with custom scoring. In this case (but this can be part of the implementation) we can help the organization with external consultancy.
Will there be a need for regular external advice?
Although we provide regular external consultancy services if needed, after the implementation and initial education there would be no need for that: any organization would be able to handle the discovered access risks by themselves. The only part where our expertise may be needed is the preparation of customized rulesets with custom scoring. In this case (but this can be part of the implementation) we can help the organization with external consultancy.
How long does it take to run THEFENCE in a one-off services project?
The actual gross execution time of the basic implementation project is approx. one month, which is the total time between data collection and report submission.
What internal resources and how long is required for a basic service project?
A basic service project requires only minimal internal resources. It may take 1-2 days for the IT staff to internally test the data collection code, and then it takes another 1-2 days to reconcile the results of the raw reports and review the action plan before finalization.
