Security Protocols

Notice

This document contains Neuro Building Systems, LLC proprietary information. The information contained herein is provided solely for the purpose for which it was submitted. No part of this document or its contents may be reproduced, published, or disclosed to any third party without the express written permission of Neuro Building Systems, LLC.

While the information is provided in good faith and believed to be accurate, Neuro Building Systems, LLC disclaims all implied warranties, including those of merchantability and fitness for a particular purpose, and makes no express warranties unless otherwise stated in a written agreement with the customer.

In no event shall Neuro Building Systems, LLC be liable for any direct, special, incidental, or consequential damages. All information and specifications in this document are subject to change without notice.

Trademarks

NeuroCore and NeuroEdge are registered or pending trademarks of Neuro Building Systems, LLC.

Support and Contacts

For technical assistance or further information, please contact us at [email protected].

Related Documentation

For a complete list of publications and documents related to this application, please contact us at [email protected]

Introduction

NeuroCore is a unified platform designed to monitor, control, and optimize building systems across any number of properties. Built with a multi-tenant, scalable architecture, NeuroCore serves as a central nervous system for modern building portfolios—enabling real-time monitoring, automated fault detection, global control, and seamless integration with IoT, BMS, PMS, and GRMS systems.

Audience

This document is intended for individuals and organizations seeking to understand the security measures implemented by NeuroCore to protect its cloud-based platform and services. It outlines the core cybersecurity practices, protocols, and infrastructure safeguards that ensure the integrity, confidentiality, and availability of the NeuroCore application.

Solution Design

The NeuroCore platform is a cloud-native application hosted on Amazon Web Services (AWS), purpose-built to provide secure, scalable, and centralized control of building systems across diverse property portfolios. From a single, unified interface, NeuroCore enables real-time monitoring and management of HVAC, lighting, thermostats, water systems, energy meters, and a wide array of IoT devices.

Building data is securely transmitted to the NeuroCore cloud via encrypted internet APIs, ensuring confidentiality and integrity across all communications. The platform adheres to modern cybersecurity best practices, including encryption at rest and in transit, role-based access controls, Multi-Factor Authentication (MFA), Single Sign-On (SSO), and comprehensive audit logging, offering full visibility and compliance support for IT and operations teams.

At the field level, NeuroEdge devices serve as secure on-premises gateways for site-level system integration. Each NeuroEdge is provisioned through a streamlined and authenticated onboarding process and is centrally managed through a secure container orchestration platform, allowing for encrypted remote access, configuration, and updates—without requiring local intervention.

The NeuroCore platform supports standard industry protocols including BACnet/IP, Modbus, MQTT, LoRaWAN, and Zigbee, ensuring vendor-agnostic integration with both legacy and modern systems.

With real-time fault detection, fleet-wide control enforcement, and centralized energy optimization, NeuroCore and NeuroEdge together form a secure, intelligent foundation for next-generation building management.

Sample Deployments

Cybersecurity Design and Implementation

NeuroCore integrates cybersecurity at every layer of its architecture, from secure development practices to hardened cloud infrastructure and field-deployed NeuroEdge Gateway (NEG) devices. Designed to support modern building operations at scale, NeuroCore enforces strict controls around data access, network segmentation, and system integrity—both in the cloud and at the edge.

Secure Development and Cloud Architecture

NeuroCore follows a Secure Software Development Lifecycle (SSDLC), applying security best practices during requirements gathering, development, testing, and deployment. All components undergo regular code reviews, vulnerability scans, penetration testing, and version-controlled release management.

The NeuroCore platform is hosted in Amazon Web Services (AWS) and leverages AWS’s enterprise-grade security features, including:

  • Data encryption in transit and at rest using TLS 1.2+ and AES-256 via AWS Key Management Service (KMS)

  • Multi-Factor Authentication (MFA) and Single Sign-On (SSO) for user access

  • Least-privilege IAM policies and service-level identity enforcement

  • DDoS protection via AWS Shield and application-layer firewalls with AWS WAF

  • Comprehensive logging and monitoring using CloudTrail, CloudWatch, and integrated SIEM tools

AWS’s infrastructure meets certifications such as SOC 2, ISO 27001, HIPAA, and FedRAMP, and its data centers are secured with 24/7 surveillance, biometric controls, and layered physical access restrictions.

NeuroEdge Gateway (NEG) Security

The NeuroEdge Gateway (NEG) is a field-deployed, hardened device designed to integrate on-site building systems with the NeuroCore cloud. Each NEG follows a secure provisioning process, during which it is registered and authenticated to the NeuroCore infrastructure. The NEG is not locally accessible, and all management, updates, and configuration are performed exclusively through NeuroCore’s cloud-based orchestration platform.

This design eliminates risks associated with local access, ensuring that:

  • No direct access (e.g., SSH, web UI, or local console) is exposed at the customer site

  • All communication is initiated outbound via secure, encrypted tunnels

  • All updates are cryptographically signed and deployed through NeuroCore’s secure delivery process

  • Configuration changes and health monitoring are centrally controlled, with full logging and auditability

The NEG’s dual-interface architecture supports segmented connectivity:

  • Interface 1 connects to the primary building network with internet access for cloud communication

  • Interface 2 optionally connects to isolated or auxiliary networks for specialized system integration

This network model supports operational flexibility while preserving strict security boundaries between internal systems and external services.

Zero Trust Operations & Continuous Monitoring

NeuroCore enforces a Zero Trust security model across the entire platform:

  • No implicit trust is granted to any device, user, or service

  • All access is authenticated, authorized, and logged

  • No standing administrative access is permitted—elevated privileges are time-bound and audited

All data movement between edge devices, internal services, and user interfaces is encrypted, authenticated, and monitored. Security events and anomalies are centrally aggregated and analyzed, enabling rapid detection and response.

Data Sent to the NeuroCore Application

With NeuroCore, no sensitive or personally identifiable information (PII) is transmitted to the cloud. Only operational and technical data required for system monitoring, control, and optimization is securely sent from the NeuroEdge Gateway to the NeuroCore cloud infrastructure. This data includes:

  • HVAC sensor and controller readings

  • Alarm and event status

  • Equipment performance metrics

  • Building system model data and device states

All transmitted data is encrypted in transit using industry-standard protocols to ensure confidentiality and integrity. NeuroCore is designed with a privacy-first architecture to support secure building management without compromising occupant privacy.

Outbound Traffic Policy for NeuroEdge

For security and operational integrity, customers should not apply application-layer filtering, port restrictions, or SSL inspection to outbound traffic originating from the NeuroEdge device unless such controls have been explicitly reviewed and approved by NeuroCore support.

Access to NeuroCore Application

Access to the NeuroCore application is provided via the URL https://app.neurocore.cloud. This access will be granted through the designated channel partner, who will facilitate account creation, role assignment, and authentication based on the specific needs of the organization. All users will be required to authenticate using Multi-Factor Authentication (MFA) and Single Sign-On (SSO) to ensure secure access to the platform.

PreviousUser ProfileNextPrivacy Policy

Last updated