FeaturesHybrid detection with guardrails

Hybrid detection for governed edge defence

Self-learning signals with context-aware, policy-scoped response.

Pilot BriefingView Architecture
Hybrid context Policy-scoped Safe rollback
Operator outcomes

Controls operators can run

  • Adaptive local baselines per environment.
  • Drift signals for operator triage.
  • Policy-gated containment and segmentation.
  • Audit-ready decision and approval records.
  • Staged rollout and rollback controls.
Deployment posture

Built for constrained environments

  • No raw traffic export by default. Sharing is opt-in.
  • Works where payload visibility is limited or unavailable.
  • Approvals define response scope and escalation paths.
  • Decision records support operators, governance, and IR review.

Core mode does not depend on payload inspection.

Detect

Adaptive local baselines

Blends multiple self-learning signals to model local norms and flag drift for review.

Detect

Encrypted and opaque endpoints

Adds temporal, behavioural-sequence, and relationship context when payload visibility is limited.

Govern

Policy-gated responses

Restriction and containment run only inside approved policy scope.

Govern

Approval and escalation paths

Named owners, clear escalation routes, and controlled enforcement.

Review

Case-ready records

Decision, approval, and action context for SOC and incident review.

Operate

Staged rollout discipline

Signed updates, rollout windows, and rollback-ready changes.

High-risk posture

For targeted threat environments

  • Tighter egress policy and device boundary controls
  • Faster drift triage and escalation routing
  • Reduced exposure through controlled communications

High-risk posture tightens action scope and speeds operator review.

Operator reality

Phones and IoT stay opaque

  • Payload inspection is often unavailable or unreliable
  • Behaviour still signals compromise and drift
  • Policy gates turn signals into controlled response
Shared hardening

Opt-in collective hardening

Selected indicators and aggregated updates can be shared only under local policy.

  • Share selected indicators and aggregated updates
  • Local policy controls what leaves, when, and how much
  • No raw traffic export by default

Sharing is optional. Local policy remains authoritative.

Sharing posture
Mode Explicit opt-in
Export Policy-limited only
Default No raw traffic
Pilot deliverables

What operators receive

  • Decision logs and review notes
  • Policy actions and approval records
  • Weekly operator summary pack
Operating model

Stage before enforcement

  • Start alert-only
  • Guided actions with operator review
  • Move to enforcement under approval
Next step

Request a pilot briefing

  • Defined scope
  • Operator workflow validation
  • Evidence-based expansion decision
Pilot Briefing View Use Cases