Printed from CheckTick DSPT Compliance Documentation
Sovereign Advanced Threat Protection (ATP) Procedure
Strategy: CheckTick maintains a high-security posture using UK-sovereign infrastructure and application-layer active defenses.
1. Active Defense Stack (ATP Equivalent)
| Layer | Technology | Function |
|---|---|---|
| Identity | django-axes |
Actively monitors login attempts; automatically locks IPs/Accounts after 5 failed attempts (Brute Force Protection). |
| Traffic | django-ratelimit |
Prevents automated scraping and DoS attacks by limiting requests to sensitive endpoints (e.g., survey submissions). |
| Code | CodeQL |
Scans for logic-based security threats (SAST) on every commit. |
| Infrastructure | Northflank Logs | Managed UK-based intrusion monitoring and DDoS mitigation at the platform level. |
2. Monitoring & Alerting
- Automated Blocking:
django-axesanddjango-ratelimitoperate in real-time, blocking threats before they reach the database. - Alert Triage: Critical errors (e.g., 403/429 spikes) are logged and reviewed daily by the CTO.
- Audit Trail: All blocked attempts are recorded in the application database and are available for SIRO review during quarterly security audits.
3. SIRO Review
The SIRO ([DPO Name]) has reviewed this stack and confirms it meets the requirement for active threat management while maintaining CheckTick's commitment to UK data sovereignty.