Local decision engine
Local decisions analyse behavioural signals.
Trigger policy pathways.
TechnologyArchitecture overview
Local control. Policy scope.Audit-ready operation.
Architecture choices prioritise local decisions, clear controls, and safe change discipline.
On-device controlSigned updatesRollback readyLocal logs
Policy control plane (on-device)
On-device policy defines control boundaries.
Restriction, containment, segmentation, escalation.
Signed updates + rollback
Signed updates.
Rollback ready.
Local audit logs
Local logs preserve reviewable decisions.
Operational traceability stays available.
Governance-first control
- Policy boundaries are explicit.
- Approvals define action scope.
- Escalation paths stay operator-owned.
Audit-first outputs
- Decision trails are a core deliverable.
- Actions link to policy triggers.
- Review stays clear under pressure.
Safe change discipline
- Signed updates.
- Rollback ready.
- Controlled rollout windows.
Operational discipline first
- Local authority remains primary.
- Policy defines control boundaries.
- Change discipline supports safe rollout.
- Audit records support governance review.
Core mode avoids payload inspection
- No raw traffic export by default.
- Opt-in sharing only when policy allows.
- Reviewable actions remain local.
Stage before you automate
- Start alert-only.
- Run guided actions with review.
- Move to enforcement when approved.
Core mode avoids payload inspection requirements.
See CyberSiren in a pilot
- Clear scope.
- Reviewable outputs.
- Measurable outcomes.