Asplenz|Horizon
Back to Perspectives

Security Perspective

For CISOs and security teams responsible for post-incident integrity.

The reality of your role

You operate in environments where compromise is assumed.

Attackers escalate privileges. Logs are erased, altered, or selectively preserved. By the time the incident is contained, traces are already incomplete.

Your challenge is not detection. It is establishing which facts still exist after the systems have been touched.

Where Horizon fits

Horizon provides a passive, external layer of proof.

It does not detect attacks. It does not block actions. It does not secure infrastructure. It records declared facts outside the execution path and seals them in a way that makes later modification detectable, even if the originating systems are fully compromised.

Horizon exists to preserve post-incident integrity, not to prevent incidents.

What Horizon provides to Security

  • A passive channel to declare security-relevant facts
  • Evidence sealed independently from security tooling
  • Append-only integrity that survives administrative access
  • Proof that remains verifiable after system compromise

Nothing more.

What Horizon does not do

  • Does not prevent or detect attacks
  • Does not replace SIEM, EDR, or logging platforms
  • Does not harden infrastructure
  • Does not qualify intent or responsibility

Horizon is not part of the defensive stack. It is the witness that remains when defenses fail.

After an incident, you can establish

Using Horizon, you can verify:

  • Which facts were declared before, during, or after the incident
  • When those facts were sealed
  • Whether any trace was altered afterward

You no longer depend solely on logs that may have been cleaned or reconstructed.

Why this matters for Security

Security tools operate inside the system they protect. When that system is compromised, their output becomes suspect.

Horizon introduces an external point of truth. It does not claim immunity. It provides detectability of tampering, which is the only property that survives total compromise.

This shifts post-incident discussions from "what do we believe?" to "what can we verify?".

What Horizon changes

Before Horizon:

  • ×Traces are mutable
  • ×Integrity is assumed
  • ×Forensics depends on trust

With Horizon:

  • Facts are sealed externally
  • Integrity is verifiable
  • Forensics starts from proof, not belief

View how facts are sealed

This example shows a post-incident timeline composed of sealed facts, their timestamps, and their integrity hashes, exactly as reviewed during security forensics.