Self-hosted NDR · No telemetry · EU-built

The threats that matter are already inside.

Your perimeter is watched. Your internal network isn't. Intrudect surfaces the reconnaissance, lateral movement, and outbound paths that firewalls and endpoint tools never see — running entirely on your own infrastructure.

// no cloud dependency · runs fully air-gapped
// illustrative — representative alert types
Why Intrudect

Not another dashboard to babysit. Not a six-figure enterprise contract.

The difference

The only NDR that ships a network honeypot and egress-isolation verification as native components — not add-ons, not separate products.

vs. enterprise NDR

Vectra · Darktrace · ExtraHop · Corelight
  • Comparable internal visibility at a fraction of the price
  • Deploys in hours, not quarters — operational the same day
  • No cloud dependency, no call-home, no vendor lock-in
  • Transparent, published pricing instead of "contact sales"

vs. open-source stacks

Security Onion · Zeek · Suricata · Snort
  • Works out of the box — far less custom integration
  • Fewer moving parts, lower day-two maintenance
  • Behaviour-based alerts with metadata context to act on
  • One managed system instead of a stack you assemble
The platform

Five components. One place to run them.

Agents collect metadata and raise alerts in your environment. You work in a single central Web UI — triage, investigate, configure, done.

01 · network agent

Sees the movement

Passive SPAN analysis: port, ARP and DNS scans, lateral movement, DNS tunnelling and C2, rogue DHCP/DNS, unauthorized services, MISP IOC matching.

02 · honeypot

The tripwire

Decoy TCP/UDP services on chosen IPs and ports. Nothing should touch them — so any contact is a high-signal alert, with full PCAP captured on connection.

03 · egress agent

Proves isolation is real

Runs 24/7 actively trying to reach the outside from segments that should be sealed — DNS, IPv4/IPv6, ICMP, proxy abuse. Tells you exactly which segment leaked, and how.

04 · log agent

Watches your logs

Regex monitoring across syslog, web, database and audit logs. SQL-injection patterns, unexpected password logins, honeyfile access — your rules, your severities.

05 · central web ui

Where you actually work

Alert triage, search and dashboards, per-agent configuration, MFA (TOTP + YubiKey), role-based access and a full audit log. Route alerts by weekday, work hours, category and priority to Slack, Teams, Discord, e-mail, or JSON export into Elastic, Wazuh and Security Onion.

What we find

So far, every deployment has surfaced something the client didn't know was there.

FINDING 01

Traffic that shouldn't exist

Inter-network flows between segments the client believed were isolated — quietly running for months before anyone looked.

FINDING 02

Devices calling the past

Hosts still reaching for long-deprecated endpoints — dead services, forgotten integrations, and the questions those raise.

FINDING 03

The DMZ that wasn't

Public endpoints forwarded straight into the workstation LAN instead of an actual DMZ — a wide-open door nobody had drawn on the map.

Pricing

Every detection feature. Every plan.

All detection features and integrations ship in every plan — you scale by agent count, not by unlocking capabilities. Lower tiers simply include fewer agents.

Pay yearly and get 12 months for the price of 11.
PlanNetworkHoneypotLogEgressPer month
SOHOtier 111€399
SOHOtier 2115€499
SMBtier 12210€699
SMBtier 244201€999
Enterprisetier 11010505€1,999
Enterprisetier 2€2,999
// columns show included agents · prices excl. VAT · self-hosted on your hardware · all detection modules included at every tier
Built to be trusted

Your data never leaves your building.

self-hosted — your infrastructure no telemetry — no call-home, ever EU-built runs air-gapped — no internet needed MFA + RBAC — TOTP, YubiKey full audit log GPG-signed updates

Built for resellers & MSPs

Partner and volume pricing, multi-site and SaaS-capable, with central remote updates across every deployment. And because every install surfaces real findings, each engagement writes the case for the next one — the discoveries do the selling.

Become a partner
See your own network

What's moving inside your network right now?

Deploy on your own hardware and see what Intrudect surfaces on day one.