The Complete
Microsegmentation Platform
From traffic discovery to policy enforcement — every capability you need to implement zero trust at the network layer.
See Everything. Miss Nothing.
Real-time telemetry from every managed endpoint. TCP, UDP, inbound, outbound — with full process and user context.
Flow Telemetry
Every TCP and UDP connection is captured with source/destination IP, port, protocol, direction, bytes transferred, process name, and user identity.
Process Fingerprinting
SHA-256 hashes, Authenticode signatures, parent process lineage, integrity level, and user account for every network-active process.
Device Inventory
Automatic hardware fingerprint, installed services, scheduled tasks, OS details, network shares, and installed packages — collected at registration.
Interactive Network Map
D3 force-directed topology map with label filtering, enforcement-state color coding (Learning / Unsegmented / Segmented / Quarantined), and connection drill-down.
Unmanaged Workloads
Devices that can't run agents are auto-discovered from observed traffic and tracked as unmanaged workloads with IP, MAC, and last-seen timestamp.
Agentless Gateway
For IoT, OT, and legacy systems — deploy agentless gateways that proxy policy enforcement for devices that cannot run native agents.
Label-Based Policy, Not IP-Based Rules
Define policies using multi-dimensional labels — Environment, Role, Location, Application. Rules survive re-IPs, migrations, and scaling.
Multi-Dimensional Labels
Assign labels across dimensions — Environment (Prod/Staging), Role (Server/DC/Web), Location (HQ/Cloud), Application (custom). Policies compose across all dimensions.
Illuminated Mode
Stage rules against live telemetry before enforcement. The simulation engine runs what-if analysis, risk scoring, and impact assessment — so you know exactly what will happen.
ML Rule Recommendations
DBSCAN-based application group clustering and traffic pattern analysis automatically generate recommended segmentation rules. Review, tune, and promote.
IP Lists & Templates
First-class IP list objects (IPs, CIDRs, FQDNs) and pre-built policy templates for ransomware prevention, domain controller isolation, and database protection.
Policy Rollback
Every deployment creates an automatic snapshot. One-click rollback restores the previous ruleset and pushes it to all affected devices instantly.
Time-Based Rules
Schedule firewall rules with active time windows. Allow RDP during business hours, block it at night. Enforcement is automatic.
Detect Threats in Real Time
Behavioral anomaly detection, scan pattern recognition, and deception technology — built into the platform.
Behavioral Baselines
Welford's algorithm builds per-device z-score baselines. Deviations from normal traffic volume trigger anomaly alerts automatically.
Scan Detection
Port sweep, host sweep, and fan-out detection using sliding-window analysis. Catches reconnaissance before lateral movement begins.
Honeypot Decoys
Fake TCP/UDP listeners on unused ports with configurable banners. Any connection is proof of malicious intent — instant critical alert.
Emergency Response
One-click quarantine isolates a compromised device — blocks everything except the management channel. Plus disable/enable/restore firewall commands.
Built for Security Teams
RBAC, audit trails, SIEM integration, scheduled reports, and staged rollouts — enterprise operations from day one.
Scoped RBAC
Admin, Operator, and Viewer roles — scoped globally, by device group, or by label. SSO via OIDC and service account API keys for automation.
Policy Audit Trail
Every policy change, rule promotion, device state transition, and emergency command is logged with user, timestamp, IP, and before/after JSON diff.
SIEM Forwarding
Forward alerts to external systems via Syslog (RFC 5424) or Webhook (JSON POST). Filter by severity and alert type. Integrates with Splunk, Sentinel, and more.
Compliance Reports
PCI-DSS segmentation proof, HIPAA isolation, NIST ZTA mapping, and ransomware readiness. Scheduled delivery via email with PDF export.
Staged Agent Rollouts
Wave-based upgrade orchestration by device group. Automatic rollback on failure. Monitor progress per wave with a visual dashboard.
AI Virtual Advisor
Built-in NL assistant answers questions about your segmentation posture, recommends actions, and optionally routes to OpenAI for complex queries.
Windows · Linux · macOS · Kubernetes · Cloud
Native agents for every major OS. Plus Kubernetes NetworkPolicy generation, cloud security group sync, and ZTNA connectors.
Windows (WFP)
ETW-based telemetry, WFP rule enforcement, MSI installer with central auto-update and rollback. Runs as a Windows service.
Linux (nftables)
/proc/net polling, nftables enforcement (iptables fallback), systemd service, dpkg/rpm/pacman package inventory. Self-contained single-file publish.
macOS (pf)
Anchor-based pf enforcement, netstat monitoring, sw_vers/sysctl/launchctl fingerprinting. Mirrors the Linux agent architecture.
See the Platform in Action
Start your 14-day free trial. Full platform access. No credit card required.
Start Free Trial