Trust & Security
Clear boundaries for a focused security service.
Ghostlight Security LLC provides Capture through direct, remote-first delivery with documented customer separation and operating boundaries.
Company and service
Ghostlight Security LLC is an Illinois limited liability company. Capture is a managed deception service covering discovery, design, deployment, alert integration, validation, documentation, and agreed ongoing refresh.
Capture is not MDR, a 24/7 SOC, guaranteed detection, containment, full digital forensics and incident response, or a compliance certification.
Customer separation and management
The standard Capture model uses a Ghostlight-managed console with documented customer separation. Customers receive agreed alerts and reporting without console-administration responsibility. Ghostlight access, alert recipients, permissions, retention, and offboarding responsibilities are documented before production deployment.
Data-handling principles
- Collect and retain only the business, technical, alert, and placement information needed to provide the service.
- Do not place real customer secrets or functional customer credentials in deception assets.
- Use named accounts and multifactor authentication where available.
- Keep confidential vendor, customer, contract, and banking material out of public repositories and collateral.
- Document retention, access, export, removal, and offboarding requirements in customer agreements.
Alert and response ownership
Every deployment identifies primary, backup, and any after-hours alert owners. The customer retains responsibility for investigation, incident declaration, containment, remediation, legal notification, and recovery unless a separate written agreement states otherwise. Alert delivery is tested before acceptance.
Technology and service providers
Ghostlight selects established technology and service providers based on security, reliability, support, isolation, data handling, and offboarding considerations. Relevant provider details and contractual dependencies are disclosed during qualification, contracting, security review, or implementation when needed.
Report a concern
Security and service-boundary questions can be sent to [email protected].