Protection Proof

Prove your protection works.

Protection Proof checks your existing cyber tools, exposes gaps, proves recovery, and gives leaders clear action.

Start discovery View the evidence

The evidence

The risk is measurable. The control gap is real.

65% of medium UK businesses reported a breach or attack in the last 12 months. UK Government

69% of large UK businesses reported a breach or attack in the last 12 months. UK Government

USD 4.4M global average cost of a data breach reported in 2025. IBM

100T security signals processed daily by Microsoft. Microsoft

The reason to buy is simple: firms already spend money on security, but still need proof that the protection is working when it matters.

The reason Protection Proof exists

Turn cyber spend into evidence, action, and assurance.

Check what exists

Connect to approved tools and check whether key controls are present and working.

Expose the gaps

Show what is missing, stale, misconfigured, risky, or unproven.

Prove recovery

Check backup encryption, isolation, freshness, and restore evidence.

Escalate action

Route serious issues to the right owner, with vCISO escalation when needed.

What it means for the client

A calm control room for cyber assurance.

1 Less blind risk

See the gaps before they become incidents, downtime, data loss, or ransom pressure.

2 Clear ownership

Every important finding has evidence, severity, owner, due date, and next action.

3 Board ready proof

Leadership gets clarity without needing to read ten technical dashboards.

4 Safer AI use

AI helps explain and prioritise, but its inputs, outputs, recommendations, and actions are logged.

How to get started

Start with a no access discovery conversation.

01 Discovery

A EugeneZonda Principal Partner discusses your objectives, cyber footprint, current tools, risk appetite, and priority concerns. No technical access is needed.

02 Baseline

If there is a fit, we connect approved tools, collect control evidence, and produce your first Protection Proof baseline report.

03 Assurance

Protection Proof then monitors the evidence, highlights gaps, tracks action, and escalates serious risk through the agreed route.

What the client sees

One view of protection confidence.

Urgent

0 risk score

25 starter checks

12 failed controls

10 warnings

1 quarantine decision

How it works

A simple protection assurance process.

1 Connect

Link Microsoft 365, identity, endpoint, backup, email, and other tools already in use.

2 Collect evidence

Read live signals about users, devices, files, alerts, backup jobs, and restore tests.

3 Check controls

Compare the evidence against the protection checks a firm should have working every day.

4 Prioritise action

Turn noisy alerts into plain English tasks with urgency, owner, evidence, and next step.

5 Escalate

Send serious issues to a vCISO or incident partner when judgement is needed.

Where it sits

Protection Proof sits above the existing stack.

Microsoft 365 Entra ID Defender Intune Backup Email security Firewall

AI assurance layer Protection Proof

Checks if the controls are present, working, recoverable, and ready to respond.

Client dashboard Action plan vCISO escalation Evidence report

Device coverage

A typical 500 person company can easily have 1,000 things to protect.

500 User computers

Windows laptops, desktops, macOS devices, Linux workstations, and contractor machines.

250 Mobile devices

iPhones, Android phones, tablets, and personally owned devices allowed by policy.

70 Servers and cloud hosts

File servers, app servers, database servers, virtual machines, and cloud workloads.

60 Network devices

Firewalls, routers, switches, wireless access points, VPN, and SD WAN appliances.

70 Shared and smart devices

Printers, scanners, meeting room screens, phones, cameras, door access, and storage boxes.

50 Security and backup assets

EDR sensors, backup repositories, admin consoles, log collectors, and recovery stores.

Internet

Remote users

Cloud apps

Firewall and VPN

Protection Proof

Identity and email

Office network laptops, desktops, phones, printers, meeting rooms

Server and data layer files, apps, databases, backup, recovery

Security tools EDR, email security, firewall, logs, device management

Protection Proof does not replace these tools. It checks whether they are present, working, monitored, recoverable, and ready to respond.

Technical operating model

Connect to tools, collect evidence, manage action.

01 Tool connectors

Microsoft 365, Entra ID, Defender, Intune, backup, email security, firewall, and EDR tools connect through approved API access.

02 Evidence store

The system stores control evidence, timestamps, source tool, tenant, asset, user, device, and backup status.

03 Risk engine

Evidence is checked against the control library, then scored as protected, action needed, urgent, or escalated.

04 AI analyst

AI reduces noise, explains the issue in plain English, groups related alerts, and recommends the next action.

05 Approved playbooks

Safe actions are prepared from agreed rules, such as isolate endpoint, revoke session, remove sharing, or open vCISO review.

06 Client management

The client sees status, evidence, actions, owner, due date, progress, and escalation history in one dashboard.

Monitor

Read new evidence from connected tools on a schedule.

Compare

Check evidence against the required protection controls.

Decide

Prioritise risk, suppress noise, and choose the correct route.

Manage

Create actions, track progress, and escalate serious risk.

Prove

Keep reports and evidence for leadership, insurance, and audit.

Technical build

The private platform sits behind secure login and controlled connectors.

Public site

The current website explains the offer. It should stay public, fast, and simple.

Private dashboard

Client users sign in before they can see tenant data, evidence, findings, actions, or reports.

Protected API

The dashboard talks to a backend API. The API checks identity, tenant access, role, and audit rules.

Secure login AWS Cognito Email, password, MFA, Microsoft, Google, Apple, passkeys

Private app Dashboard Status, findings, evidence, actions, reports

Backend API service Tenant checks, role checks, audit logs, workflow

Automation Evidence workers Scheduled checks against client tools and backup systems

Storage Evidence store Encrypted database, encrypted exports, separate tenant records

Application structure

Use a small web app for the client dashboard, an API service for business logic, worker jobs for connector checks, PostgreSQL for structured evidence, and S3 for encrypted report exports.

Data model

Start with tenants, users, roles, assets, connectors, evidence records, control checks, findings, actions, backup tests, malware decisions, and audit events.

Connector rules

Store no client passwords. Use OAuth, API tokens, or vendor app registrations. Secrets live in AWS Secrets Manager, and connector permissions start read only wherever the vendor allows it.

Check engine

Convert every tool signal into common evidence, run it through a control library, score the result, create a finding, and attach the source evidence.

Action engine

Low risk items become client tasks. Serious events can request approval for actions such as revoke session, isolate endpoint, disable sharing, or escalate to a vCISO.

Audit trail

Every login, connector change, evidence pull, finding update, export, approval, and response action gets written to an audit log with user, time, tenant, and source.

Secure login blueprint

Recommended first login design

Use AWS Cognito managed login for the private dashboard. Require MFA for local users, allow Microsoft Entra ID for business customers, allow Google and Apple where appropriate, and add passkeys for Windows Hello, Touch ID, and Face ID style sign in.

Email and password with MFA Microsoft Entra ID single sign on Google and Apple identity providers Passkeys for Windows, macOS, iOS, and Android

GET /api/dashboard

Return tenant status, score, open findings, recent evidence, and urgent actions.

GET /api/evidence

Return filtered evidence by tenant, tool, asset, control, date, and severity.

POST /api/connectors

Create or update a connector after the client approves access to a source tool.

POST /api/actions/approve

Approve a staged action, record the approval, and queue the playbook task.

Implementation order

Put the public website on HTTPS once the domain points to this server.
Create a protected app subdomain, for example app.proproofweb.com.
Create the AWS Cognito user pool, app client, callback URLs, MFA rules, and identity providers.
Build the private dashboard and API with JWT token validation on every request.
Add tenant separation, role based access, encrypted database storage, and full audit logging.
Connect Microsoft 365 first, then backup proof, then endpoint response and quarantine workflow.

Security boundary

Show what can be accessed, viewed, and leave the environment.

Access

MFA required for every user.
Role based access for client, vCISO, and admin users.
Connector permissions start read only where possible.
Response actions require approved playbooks.

Client tools Protection Proof Client dashboard

Viewing

Users see only their own tenant.
Evidence is linked to source tool and timestamp.
Findings show status, owner, action, and escalation.
Every important change is written to an audit trail.

Information leaving

The default model avoids moving client data. Protection Proof collects control evidence and security status, not file contents, emails, or full documents unless the client explicitly approves that scope.

Allowed: metadata, control status, alert summaries, backup proof, audit evidence Restricted: raw files, mailbox content, personal data, secrets, full document content Protected: encrypted transport, tenant separation, audit logs, export approval

Benefits

Less noise, clearer risk, faster response.

Affordable assurance

Uses tools the client already owns, then adds a simple AI monitored proof layer.

Data protection focus

Shows where sensitive data is, who can access it, and whether recovery is proven.

Backup confidence

Checks encryption, isolation, freshness, and restore evidence rather than trusting job success alone.

Faster containment

High confidence malware alerts can stage endpoint isolation and vCISO escalation.

Board ready clarity

Turns technical findings into status, business impact, action, and evidence.

Scales to 1,000 endpoints

Designed for firms that need serious protection without a large internal security team.

Features

The first version checks the essentials.

Identity

MFA, admin accounts, stale users, break glass accounts, and access review evidence.

Endpoint

Managed devices, endpoint protection health, encryption, operating system support, and patch age.

Data and email

External sharing, suspicious inbox rules, forwarding, DMARC, audit logs, and sensitive data inventory.

Backup and response

Encrypted backups, recent restore tests, isolation, malware decisions, and escalation records.

Protection loop

Assess, verify, act, escalate, prove.

Security gaps

Identity, endpoint, email, logging, and data controls are checked from evidence.

Backup proof

Recovery confidence is measured by encryption, isolation, freshness, and restore tests.

Malware action

High confidence malware alerts stage endpoint isolation and vCISO escalation.

Priority findings

Critical issues first

Backup proof engine

Prove recovery, not just backup success.

The first report flags the finance file server because the job is stale, backup encryption is missing, immutability is not confirmed, and the restore test is overdue.

Recent backup job

Backup encryption

Isolation or immutability

Restore test within 90 days

Malware response

Quarantine decision staged

Alert mal 2026 0001 on LAPTOP FIN 09 is staged for device isolation in dry run mode, with vCISO escalation attached.

Start discovery

Talk to EugeneZonda about Protection Proof.

Start with a no access discovery conversation. We will discuss your objectives, cyber footprint, current tools, risk appetite, and the right route to a baseline assessment.

hello@proproof.tech security@proproof.tech support@proproof.tech