Validity detects security compromises of your Certified IP addresses. When this happens, the following actions take place:
- Validity determines whether the security breach is legitimate.
- When suspicious activity is detected, the IP address is temporarily suspended while Compliance analysts initiate an investigation. If Compliance analysts determine that the report was a false positive, the suspension is lifted within minutes of detection and the IP address is reactivated. (You are notified if it was a false positive.)
- Type of security alert
- Affected IP address and domain
- Message subject line
- You are notified through email about the suspension after the Compliance analysts complete the investigation and a legitimate security compromise is suspected. In the email notification, you are provided information about the:
- If your IP address has been compromised, the Certification team will request additional information in a follow-up email.
- Depending on the cause of the compromise, a Certification analyst will provide remediation recommendations and identify the next steps required to clear the security event and get the suspension lifted.
- Validity lifts the suspension. The suspension is lifted if you have implemented all of Validity's requirements and no further issues are present. The Certified IP address then regains full Certification benefits as soon as compliance thresholds are met.
Even though a security suspension has been lifted, the IP address may remain suspended due to non-compliance with Certification performance thresholds. The time it takes for performance metrics to normalize varies depending on the scale of the compromise.
Severe security compromises may take 30 days or more for performance metrics to return to compliance with Certification thresholds. Only when Certification thresholds are met will Certification benefits be restored.
