Policy engine
Signed egress rules distributed to every managed device. Allow / block per app, per destination CIDR, per port, or set a bytes-out threshold before flagging.
Admin console preview
See the surface before you buy.
This is a sample data preview — no live tenant data is shown. The same surface is what your tenant gets post-purchase, with your fleet, your policies, and your SIEM destinations.
Sample data — demo console previewNo live tenant dataSame shell as the real /admin/enterprise
Two lenses on the same telemetry
Personal + admin, same data plane.
Every device runs the same Pro client. Enterprise tenants get an admin console on top of the same flow records — no second agent, no schema fork.
Pro
Device
workstation-001 · sarah.mitchell@example.com · macOS 14.5
Healthy · Pro tier
Anomaly detectedCursor — 7.2x bytes-out baseline at 14:23
| App | Bytes | Verdict |
|---|---|---|
ChatGPT Desktop | +2.4 MB/min | |
Claude Desktop | +1.8 MB/min | |
Slack | +6.4 MB/min | |
Dropbox | +14.2 MB/h | |
Spotify | +0.9 MB/min |
bytes_out · last 24h
Sample only — not a live control
Enterprise
Tenant
TechProf Ltd
techprof.netinsightpro.com
Healthy · Enterprise Cloud
Seats142 / 250
| Hostname | Last seen | Status |
|---|---|---|
| workstation-001 | 2 min ago | active |
| mbp-finance-04 | 5 min ago | active |
| devbox-01 | 14 min ago | active |
| pos-store-12 | 47 min ago | idle |
Choose your shape
Same console. Three trust boundaries.
The admin console preview above is identical across all deployment shapes. What changes is where your audit data lives and how SIEM events flow.
Hybrid
SaaS admin · private data plane
Private
Air-gapped · fully sovereign
All tiers run the same bit-identical client binary · Licences come from the server, not the client.
Live preview
The admin console your fleet gets.
Sample data only. Your tenant sees this surface with your devices, your policies, and your SIEM destinations.
Tenant
TechProf Ltd
techprof.netinsightpro.com
Healthy · Enterprise Cloud
Seats142 / 250
Active devices
142
Policies enforced
4
Incidents · 24h
12
SIEM events · 24h
48,210
Recent incidents
| When | Host | Signal | Severity |
|---|---|---|---|
| 2026-04-28 09:42 | workstation-001 | Unrecognised TLS SNI to 185.220.x | Medium |
| 2026-04-28 09:31 | mbp-eng-23 | Outbound to known C2 list | High |
| 2026-04-28 09:18 | pos-store-12 | Long-lived TCP to non-payment endpoint | Medium |
| 2026-04-28 08:55 | devbox-01 | AWS access-key shape in HTTP body | Critical |
Identity
SSOOkta · SAML 2.0
SCIMProvisioning · 142 users
MFAEnforced for all users
Compliance evidence
SOC 2 Type II2025 report ready
ISO 27001Pack last generated 2026-04-21
GDPRDPA signed · Art.30 record current
Platform capabilities
What the console gives you.
Audit log
Immutable audit trail: 90 days on Cloud, 7 years on Hybrid, custom retention on Private. Exportable as OCSF JSON for your SIEM or compliance auditor.
SCIM provisioning
Automated seat provisioning and de-provisioning from Okta, Azure AD, Google Workspace, or any SCIM 2.0-compliant IdP. Off-board a user; the device licence revokes automatically.
BYOK encryption
Customer-managed encryption keys for audit data at rest. Supply your AWS KMS, Azure Key Vault, or GCP KMS ARN — we never hold the key.
Intelligence layer
Anomaly detection. Built-in.
Smart alerts fire when outbound bytes deviate from a device's 7-day EWMA baseline. Per-tenant threshold tuning via policy — no rules to write for the common case.
- Flags the app, new destinations, and excess byte volume
- OCSF-formatted anomaly events forwarded to your SIEM automatically
- Fleet-wide thresholds pushed via policy engine
FAQ
Questions about the demo
Enterprise questions? Email enterprise sales or request DPA / MSA templates.
Want this for your fleet?
Enterprise Cloud rolls out in hours. SSO, SIEM, policy engine, MDM-ready installers — same surface as this preview, with your tenant, your IdP, and your data.
Three deployment shapes. One client. One licence model.
Standard DPA + MSA available · Response within 1 business day