AsplenzAsplenz
Back to Evidence

This perspective is about Evidence, Asplenz's proof infrastructure.

Looking for Knowledge (agent guardrails & decision governance)? Go to Knowledge

Security Perspective

For CISOs and security teams responsible for post-incident integrity.

The reality of your role

You operate in environments where compromise is assumed.

Attackers escalate privileges. Logs are erased, altered, or selectively preserved. By the time the incident is contained, traces are already incomplete.

Your challenge is not detection. It is establishing which facts still exist after the systems have been touched.

Where Evidence fits

Evidence provides a passive, external layer of proof.

It does not detect attacks. It does not block actions. It does not secure infrastructure. It records declared facts outside the execution path and seals them in a way that makes later modification detectable, even if the originating systems are fully compromised.

Evidence exists to preserve post-incident integrity, not to prevent incidents.

What Evidence provides to Security

  • A passive channel to declare security-relevant facts
  • Evidence sealed independently from security tooling
  • Append-only integrity that survives administrative access
  • Proof that remains verifiable after system compromise

Nothing more.

What Evidence does not do

  • Does not prevent or detect attacks
  • Does not replace SIEM, EDR, or logging platforms
  • Does not harden infrastructure
  • Does not qualify intent or responsibility

Evidence is not part of the defensive stack. It is the witness that remains when defenses fail.

After an incident, you can establish

Using Evidence, you can verify:

  • Which facts were declared before, during, or after the incident
  • When those facts were sealed
  • Whether any trace was altered afterward

You no longer depend solely on logs that may have been cleaned or reconstructed.

Why this matters for Security

Security tools operate inside the system they protect. When that system is compromised, their output becomes suspect.

Evidence introduces an external point of truth. It does not claim immunity. It provides detectability of tampering, which is the only property that survives total compromise.

This shifts post-incident discussions from "what do we believe?" to "what can we verify?".

What Evidence changes

Before Evidence:

  • ×Traces are mutable
  • ×Integrity is assumed
  • ×Forensics depends on trust

With Evidence:

  • Facts are sealed externally
  • Integrity is verifiable
  • Forensics starts from proof, not belief

Discover Evidence in depth

Decision proof infrastructure: how it works, modules, product status, and vision.

View how facts are sealed

This example shows a post-incident timeline composed of sealed facts, their timestamps, and their integrity hashes, exactly as reviewed during security forensics.