Your perimeter is watched. Your internal network isn't. Intrudect surfaces the reconnaissance, lateral movement, and outbound paths that firewalls and endpoint tools never see — running entirely on your own infrastructure.
Agents collect metadata and raise alerts in your environment. You work in a single central Web UI — triage, investigate, configure, done.
Passive SPAN analysis: port, ARP and DNS scans, lateral movement, DNS tunnelling and C2, rogue DHCP/DNS, unauthorized services, Suricata rules, and IOC matching against aggregated threat feeds.
Decoy TCP/UDP services on chosen IPs and ports, emulating real protocols from SSH to SMB. Detects SYN and connect scans — any contact is a high-signal alert, with full PCAP captured on connection.
Runs 24/7 actively trying to reach the outside from segments that should be sealed — DNS, IPv4/IPv6, ICMP, proxy abuse. Tells you exactly which segment leaked, and how.
Regex monitoring across syslog, web, database and audit logs. SQL-injection patterns, unexpected password logins, honeyfile access — your rules, your severities.
Alert triage, search and dashboards, per-agent configuration, MFA (TOTP + YubiKey), role-based access and a full audit log. Route alerts by weekday, work hours, category and priority to Slack, Teams, Discord, e-mail, or JSON export into Elastic, Wazuh and Security Onion — plus a public REST API for search, export and automation.
So far, every deployment has surfaced something the client didn't know was there.
Inter-network flows between segments the client believed were isolated — quietly running for months before anyone looked.
Hosts still reaching for long-deprecated endpoints — dead services, forgotten integrations, and the questions those raise.
Public endpoints forwarded straight into the workstation LAN instead of an actual DMZ — a wide-open door nobody had drawn on the map.
No feature tiers — every agent ships with its full detection capability, and the Web UI and all integrations are in every plan. Tiers differ in which agents, and how many, they include.
Partner and volume pricing, multi-site and SaaS-capable, with central remote updates across every deployment. And because every install surfaces real findings, each engagement writes the case for the next one — the discoveries do the selling.
Deploy on your own hardware and see what Intrudect surfaces on day one.