Enterprise

Security that scales with
your infrastructure

Everything in the core platform, plus behavioral fingerprinting, adaptive DDoS protection, multi-host correlation, and compliance reporting. Built for teams that run production servers and need more than detection.

Talk to us Start free

~100MB

Total RAM for 5 services

eBPF kernel hooks

Kill chain patterns blocked

<1s

Detection to block

Stateful detectors

Response skills

Built on a battle-tested core

The free tier is not a demo. It is a complete security platform used in production. Enterprise adds layers on top.

22 eBPF kernel hooks with CO-RE portability

36 stateful detectors (brute force, ransomware, rootkits, C2, and more)

8 kill chain patterns blocked at kernel level via LSM

XDP wire-speed IP blocking (10M+ packets/sec)

Mesh collaborative defense between servers

AI triage with 12 provider options (bring your own key)

Honeypot with interactive SSH and HTTP decoys

Dashboard with real-time threat visualization

ISO 27001 control mapping and compliance tab

Telegram, Slack, and webhook notifications

Full audit trail with SHA-256 hash chain

All of the above is source-available under BUSL-1.1 — free for non-production use.
No feature gates. No telemetry. No cloud dependency.

What Enterprise adds

Capabilities that go beyond detection and response. Built for organizations that need deeper visibility, stronger protection, and audit-ready documentation.

Behavioral Fingerprinting

Threat DNA

Identify attackers by how they behave, not by their IP address. Threat DNA builds behavioral profiles from syscall sequences, timing patterns, and interaction styles. The same attacker from different IPs, VPNs, or Tor exit nodes gets the same fingerprint.

Attribution beyond IP addresses

Adaptive DDoS Protection

Shield

Multi-layer DDoS mitigation that adapts in real time. XDP kernel-level packet filtering at wire speed, SYN flood detection, automatic escalation from normal to critical, and Cloudflare edge failover. Rate limits tighten dynamically under attack and relax when the threat subsides.

Wire-speed protection, zero downtime

Kill Chain Across Servers

Multi-Host Correlation

Track attack chains that span multiple servers. Redis-based event correlation connects the dots when an attacker pivots laterally, reuses credentials, or stages data across your infrastructure. See the full campaign, not isolated events.

See the campaign, not just the incident

Threat Data as a Service

Intelligence Feed

Export blocked IPs, attacker fingerprints, and threat indicators via API. Feed your existing SIEM, firewall, or security stack with high-confidence indicators generated from real attacks against real servers. Not scraped from public lists. Observed firsthand.

Real indicators from real attacks

Audit-Ready Documentation

Compliance Reports

Generate PDF reports mapping your security posture to ISO 27001 Annex A controls. Includes hash-chain verified audit trails, data retention policies, incident response timelines, and evidence of automated enforcement. Ready for your next audit.

From detection to documentation

Direct Access, Fast Response

Priority Support

Dedicated support channel with guaranteed response times. Architecture reviews for your deployment. Custom detection rules for your specific threat landscape. Assistance with integration into your existing security stack.

Your security team, extended

Ready to protect your infrastructure?

Start with the core platform today. When you need behavioral fingerprinting, DDoS protection, or compliance reports, the enterprise layer is built on the same codebase. No migration. No data export. Just enable.

Contact sales Install free version

Security that scales withyour infrastructure