ProProof by EugeneZonda
Trust must be earned. Not assumed.
ProProof continuously verifies that your cybersecurity controls are actually working and produces evidence your leadership team can trust.
Evidence Score
94
Verified today
Recovery
Verified
Backups
Encrypted
Identity
Protected
Endpoints
Healthy
Email security evidence collected
Cloud controls checked
Board report ready
The evidence
The risk is measurable. The control gap is real.
The reason to buy is simple: organisations already spend money on security, but still need
evidence that protection is working when it matters.
Platform
ProProof turns cyber spend into evidence, action, and assurance.
Connects to approved tools and turns control signals into clear assurance evidence.
Gives leaders a simple view of what is protected, weak, unproven, or urgent.
Shows how risk, controls, backups, and response readiness change over time.
Keeps board reports, audit history, source evidence, and approved actions together.
Solutions
Built for leaders who need control, not noise.
Give the board evidence that cyber controls are working and recovery is proven.
Show teams which controls are missing, stale, misconfigured, risky, or unproven.
Validate backup encryption, isolation, freshness, and restore evidence.
Route serious issues to the right owner, with vCISO escalation when judgement is needed.
How to get started
Start with a no access discovery conversation.
A EugeneZonda Principal Partner discusses your objectives, cyber footprint, current tools, risk appetite, and priority concerns. No technical access is needed.
If there is a fit, we connect approved tools, collect control evidence, and produce your first ProProof baseline report.
ProProof then monitors the evidence, highlights gaps, tracks action, and escalates serious risk through the agreed route.
What the client sees
One view of protection confidence.
Urgent
0
risk score
How it works
A simple protection assurance process.
Link Microsoft 365, identity, endpoint, backup, email, and other tools already in use.
Read live signals about users, devices, files, alerts, backup jobs, and restore tests.
Compare the evidence against the protection checks a firm should have working every day.
Turn noisy alerts into plain English tasks with urgency, owner, evidence, and next step.
Send serious issues to a vCISO or incident partner when judgement is needed.
Where it sits
ProProof sits above the existing stack.
Microsoft 365
Entra ID
Defender
Intune
Backup
Email security
Firewall
AI assurance layer
ProProof
Checks if the controls are present, working, recoverable, and ready to respond.
Client dashboard
Action plan
vCISO escalation
Evidence report
Device coverage
A typical 500 person company can easily have 1,000 things to protect.
Windows laptops, desktops, macOS devices, Linux workstations, and contractor machines.
iPhones, Android phones, tablets, and personally owned devices allowed by policy.
File servers, app servers, database servers, virtual machines, and cloud workloads.
Firewalls, routers, switches, wireless access points, VPN, and SD WAN appliances.
Printers, scanners, meeting room screens, phones, cameras, door access, and storage boxes.
EDR sensors, backup repositories, admin consoles, log collectors, and recovery stores.
Internet
Remote users
Cloud apps
Firewall and VPN
ProProof
Identity and email
Office network
laptops, desktops, phones, printers, meeting rooms
Server and data layer
files, apps, databases, backup, recovery
Security tools
EDR, email security, firewall, logs, device management
ProProof does not replace these tools. It checks whether they are present, working, monitored,
recoverable, and ready to respond.
Technical operating model
Connect to tools, collect evidence, manage action.
Microsoft 365, Entra ID, Defender, Intune, backup, email security, firewall, and EDR tools connect through approved API access.
The system stores control evidence, timestamps, source tool, tenant, asset, user, device, and backup status.
Evidence is checked against the control library, then scored as protected, action needed, urgent, or escalated.
AI reduces noise, explains the issue in plain English, groups related alerts, and recommends the next action.
Safe actions are prepared from agreed rules, such as isolate endpoint, revoke session, remove sharing, or open vCISO review.
The client sees status, evidence, actions, owner, due date, progress, and escalation history in one dashboard.
Monitor
Read new evidence from connected tools on a schedule.
Compare
Check evidence against the required protection controls.
Decide
Prioritise risk, suppress noise, and choose the correct route.
Manage
Create actions, track progress, and escalate serious risk.
Prove
Keep reports and evidence for leadership, insurance, and audit.
Technical build
The private platform sits behind secure login and controlled connectors.
Public site
The current website explains the offer. It should stay public, fast, and simple.
Private dashboard
Client users sign in before they can see tenant data, evidence, findings, actions, or reports.
Protected API
The dashboard talks to a backend API. The API checks identity, tenant access, role, and audit rules.
Secure login
AWS Cognito
Email, password, MFA, Microsoft, Google, Apple, passkeys
Private app
Dashboard
Status, findings, evidence, actions, reports
Backend
API service
Tenant checks, role checks, audit logs, workflow
Automation
Evidence workers
Scheduled checks against client tools and backup systems
Storage
Evidence store
Encrypted database, encrypted exports, separate tenant records
Application structure
Use a small web app for the client dashboard, an API service for business logic, worker jobs for connector checks, PostgreSQL for structured evidence, and S3 for encrypted report exports.
Data model
Start with tenants, users, roles, assets, connectors, evidence records, control checks, findings, actions, backup tests, malware decisions, and audit events.
Connector rules
Store no client passwords. Use OAuth, API tokens, or vendor app registrations. Secrets live in AWS Secrets Manager, and connector permissions start read only wherever the vendor allows it.
Check engine
Convert every tool signal into common evidence, run it through a control library, score the result, create a finding, and attach the source evidence.
Action engine
Low risk items become client tasks. Serious events can request approval for actions such as revoke session, isolate endpoint, disable sharing, or escalate to a vCISO.
Audit trail
Every login, connector change, evidence pull, finding update, export, approval, and response action gets written to an audit log with user, time, tenant, and source.
Secure login blueprint
Recommended first login design
Use AWS Cognito managed login for the private dashboard. Require MFA for local users, allow Microsoft Entra ID for business customers, allow Google and Apple where appropriate, and add passkeys for Windows Hello, Touch ID, and Face ID style sign in.
GET
/api/dashboard
Return tenant status, score, open findings, recent evidence, and urgent actions.
GET
/api/evidence
Return filtered evidence by tenant, tool, asset, control, date, and severity.
POST
/api/connectors
Create or update a connector after the client approves access to a source tool.
POST
/api/actions/approve
Approve a staged action, record the approval, and queue the playbook task.
Implementation order
- Put the public website on HTTPS once the domain points to this server.
- Create a protected app subdomain, for example app.proproof.tech.
- Create the AWS Cognito user pool, app client, callback URLs, MFA rules, and identity providers.
- Build the private dashboard and API with JWT token validation on every request.
- Add tenant separation, role based access, encrypted database storage, and full audit logging.
- Connect Microsoft 365 first, then backup proof, then endpoint response and quarantine workflow.
Security boundary
Show what can be accessed, viewed, and leave the environment.
Access
- MFA required for every user.
- Role based access for client, vCISO, and admin users.
- Connector permissions start read only where possible.
- Response actions require approved playbooks.
Client tools
ProProof
Client dashboard
Viewing
- Users see only their own tenant.
- Evidence is linked to source tool and timestamp.
- Findings show status, owner, action, and escalation.
- Every important change is written to an audit trail.
Information leaving
The default model avoids moving client data. ProProof collects control evidence and security status, not file contents, emails, or full documents unless the client explicitly approves that scope.
Allowed: metadata, control status, alert summaries, backup proof, audit evidence
Restricted: raw files, mailbox content, personal data, secrets, full document content
Protected: encrypted transport, tenant separation, audit logs, export approval
Benefits
Less noise, clearer risk, faster response.
Uses tools the client already owns, then adds a simple AI monitored proof layer.
Shows where sensitive data is, who can access it, and whether recovery is proven.
Checks encryption, isolation, freshness, and restore evidence rather than trusting job success alone.
High confidence malware alerts can stage endpoint isolation and vCISO escalation.
Turns technical findings into status, business impact, action, and evidence.
Designed for firms that need serious protection without a large internal security team.
Pricing
Annual assurance pricing for firms up to 1,000 endpoints.
Principal Partner discovery, cyber footprint review, tool map, and first control evidence report.
Ongoing evidence monitoring, security tests, backup proof, gap tracking, and executive reporting.
Optional EugeneZonda led escalation for serious findings, response decisions, and board questions.
Resources
Evidence clients can read, challenge, and trust.
A live view of findings, controls, source systems, timestamps, actions, and owner status.
A board ready report showing what is working, what is exposed, and what needs action.
A simple snapshot that shows the latest validation status across identity, endpoint, cloud, email, and recovery.
Security model, access rules, data handling, audit trail, and assurance answers for client review.
Features
The first version checks the essentials.
Identity
MFA, admin accounts, stale users, break glass accounts, and access review evidence.
Endpoint
Managed devices, endpoint protection health, encryption, operating system support, and patch age.
Data and email
External sharing, suspicious inbox rules, forwarding, DMARC, audit logs, and sensitive data inventory.
Backup and response
Encrypted backups, recent restore tests, isolation, malware decisions, and escalation records.
Protection loop
Assess, verify, act, escalate, prove.
Security gaps
Identity, endpoint, email, logging, and data controls are checked from evidence.
Backup proof
Recovery confidence is measured by encryption, isolation, freshness, and restore tests.
Malware action
High confidence malware alerts stage endpoint isolation and vCISO escalation.
Priority findings
Critical issues first
Backup proof engine
Prove recovery, not just backup success.
The first report flags the finance file server because the job is stale, backup encryption is missing, immutability is not confirmed, and the restore test is overdue.
Recent backup job
Backup encryption
Isolation or immutability
Restore test within 90 days
Malware response
Quarantine decision staged
Alert mal 2026 0001 on LAPTOP FIN 09 is staged for device isolation in dry run mode, with vCISO escalation attached.
Start discovery
Talk to EugeneZonda about ProProof.
Start with a no access discovery conversation. We will discuss your objectives, cyber footprint, current tools, risk appetite, and the right route to a baseline assessment.