Security & Trust
Security only works if the program is auditable, explainable, and operationally safe. Nythrix products -- the Active Defense Engine, NetWatch, and Multi-tor -- are designed to reduce risk without adding unnecessary data exposure or opaque logic.
Design Principles
Security outcomes improve when detections are deterministic and response actions are governed. Our posture is simple: collect less, explain more, and keep control with the enterprise.
Minimal Data
We minimize telemetry to what's required to produce high-confidence signals. The goal is to reduce risk, not expand collection.
Explainable Detections
Deterministic signals mean every alert is defensible. Analysts can explain why it fired, what it means, and what action is justified.
Governed Response
Pre-authorized containment is executed with guardrails: tiered authorization gates, cross-functional approvals, and scope limits. Fast, but safe.
Enterprise Control
Integrate with your identity, SIEM, and response stack. You own policies, access, and how actions are executed.
Security Controls
| Control Area | What it means |
|---|---|
| Access control | Role-based access with clear privilege boundaries and operational auditability. |
| Audit trails | Action + detection history is preserved for incident review, audit, and executive reporting. |
| Encryption | Protect data in transit. Deployment models support outbound-only communication from protected environments. |
| Isolation | Per-tenant isolation with row-level security. Tenant boundaries and operational segmentation reduce blast radius of platform access. |
| Integration safety | SIEM/SOAR integrations are structured so actions are governed and auditable, not fire-and-forget. |
The objective is to enable **governed active defense**: high-confidence signals that justify specific, pre-approved actions — and produce evidence that stands up to scrutiny.
Deployment Model
Designed to integrate with enterprise controls and reduce exposure. Your environment remains the source of truth; the platform is the operating model and signal pipeline.
Collector + Control Plane
Lightweight collectors generate and transport signals while the control plane manages policy, routing, and reporting.
Outbound-Only Options
Support architectures where protected environments initiate outbound connections to reduce inbound exposure.
SIEM/SOAR Ready
Alerts and artifacts are structured for ingestion and response orchestration — with governance and auditability in mind. Webhook delivery in JSON, CEF, and syslog formats with HMAC signing.