Catalog

Straightforward descriptions of cybersecurity products. You're welcome.

Product Categories
  • appsec
  • cloud
  • desktop
  • edr
  • email
  • identity
  • network
  • soc

Socket

An estimated 90-95% of malicious open-source packages never receive a CVE. Registries silently remove them with no advisory and no notification. Socket is a supply chain security platform that clones every major package registry in real time and runs static analysis and LLM-based code inspection on every new package within seconds of publication, catching malware, backdoors, and protestware that traditional SCA tools miss entirely.

Cape

A US mobile carrier built from scratch around privacy and security. No SS7, no data sales, no ID required. IMSI rotation, signaling firewalls, and enterprise SIEM integration for organizations that need to protect workforce mobile communications.

Island

Most enterprise work happens in a browser that was built for consumers. Island is a Chromium-based enterprise browser that replaces it with one where identity-based policy, inline DLP, session recording, and last-mile data controls are native. Because the browser sits after TLS decryption but before screen rendering, it can enforce policy at the presentation layer without touching the applications themselves.

Corelight

Purpose-built hardware that runs Zeek sensors at massive line rates, from 2 to 200 Gbps. Corelight started as a way to operationalize Zeek at scale, then expanded into full NDR with Suricata, YARA, and ML detections on top.

Sondera

Sondera is a platform designed to apply deterministic policies to nondeterministic AI agents. The core of the platform is a harness that integrates with agent frameworks like LangGraph and Google ADK. It has hooks for evaluating Cedar policies before an LLM message is sent, before a response is handled, and before and after all tool call executions. The idea is to steer as well as block undesired behavior.

Knocknoc

Knocknoc is a just-in-time network access control platform that ties SSO authentication to firewall rules. Users authenticate via a web-based SSO flow, and Knocknoc dynamically adds their IP address to firewall allow lists for a configured duration.

Nebulock

Nebulock is an autonomous threat hunting platform that uses AI agents to continuously test for malicious activity hiding in your environment. It pulls raw telemetry via API from EDR and identity platforms, runs behavioral hunts across that data, surfaces findings to human analysts, and can translate successful hunts into detections for your CICD pipeline.

Airlock Digital

Airlock Digital is an application allowlisting platform for Windows and macOS. It enforces execution control by permitting only approved binaries to run.

Sublime Security

Sublime Security is an email security platform built on a programmable detection engine. Instead of a black box ML model shared across every customer, Sublime deploys a detection engine per customer environment.

SpecterOps BloodHound Enterprise

BloodHound Enterprise is an attack path management tool for Active Directory and Entra ID (formerly Azure AD) environments. It ingests data from your directory services, builds a graph of all identities, permissions, group memberships, GPO applications, and trust relationships, then computes every attack path from any user or computer to your most critical assets (domain controllers, tier zero servers, global admin roles, tenant objects).