Skip to main content
Founding Customer: 50% off year 1 — first 50 customers · code FOUNDING50
Per-app data-egress control

See what your apps are sending. Stop the ones you don't trust.

Apps you trust open connections in the background — to servers you didn't pick, in countries you never approved. NetInsightPro names every app, shows where it sends data, and lets you cut the connection in one click.

No card · Windows / Linux / Android · Your data stays on your device

NetInsightProTenant: techprof
live
Apps observed (last 5 min)🔔 2 anomalies
chrome
google.com4.2 MB
slack
slack.com423 KB
cursor
openai.com25 KB
ollama
localhost1.8 MB
unknown
185.220.101.x73 KB
0+endpoints monitored
0.0%uptime SLA
0/7AI threat detection

Supported platforms & integrations

  • Windows 11
  • Windows Server 2022
  • Ubuntu 20.04+
  • Debian 12
  • Fedora 38+
  • Android 7.0+
  • macOS (soon)
  • WFP
  • Netfilter
  • VpnService
  • OCSF
  • SCIM 2.0
  • OIDC
  • .NET
  • Python
  • Node.js
The gap

What existing tools miss

The problem

  • Firewalls block ports, not apps
  • Wireshark shows packets but can't act
  • Cloud SIEMs see what they see, not what you lose
  • Mercenary/Pegasus-class spyware egress hides in normal traffic
  • AI-worm / LLM-exfil traffic slips past signature-based tools

How NetInsightPro closes it

  • Per-app attribution at the kernel level
  • One-click block — instant, no reboot
  • Local-first: data stays on your device
  • Spyware Shield: desktop egress matched to lab-attributed infra — indicators, not diagnosis (Pro, early access)
  • AI-worm heuristics flag LLM egress + C2 polling (early access)
AI-era threat detectionEarly Access

First per-app firewall that catches AI-powered worms

AI-augmented malware now queries ChatGPT and Claude during live attacks to generate recon commands and evade detection. NetInsightPro is the first per-app firewall with dedicated detection for LLM-orchestrated threats — at the network layer, without reading your prompts.

  • LLM API egress monitoring — alerts when malware queries ChatGPT/Claude/Gemini from non-browser processes
  • Lateral move detection — flags follow-up internal connections within 60s of LLM contact, signal of LLM-orchestrated reconnaissance (H5)
  • Swarm detection — escalates when 3+ hosts in your network show the same unknown process hash making LLM API calls within a 5-minute window (H7)
  • Your network data stays on your device. Insight is local. Control is yours.

    — NetInsightPro design principle
  • AI threats need AI defense — on every endpoint, not in the cloud.

    — NetInsightPro design principle
  • Compliance is enforced, not promised. EU/UK data residency by default.

    — NetInsightPro design principle
Pro — Defensive security

Spyware Shield: surface connections attributed to mercenary spyware.

NetInsightPro correlates your Windows and Linux desktop egress against lab-sourced indicators published by Amnesty International Security Lab and Citizen Lab — the same STIX2 feeds that power Amnesty's Mobile Verification Toolkit. When your device opens a connection to infrastructure previously attributed to Pegasus-class spyware, Spyware Shield flags it — as an indicator, not a confirmed infection.

This is desktop network-egress monitoring. It complements, and does not replace, expert forensic analysis tools such as Amnesty MVT. A finding means a connection was observed to attributed infrastructure — it does not diagnose an infection. For confirmation, contact Amnesty Security Lab.

Lab-sourced indicators

Indicator feed sourced from published Amnesty International Security Lab and Citizen Lab STIX2 bundles — the same attribution data used by forensic researchers investigating Pegasus-class mercenary spyware.

Auto-updating indicator feed

Indicators refresh automatically from upstream lab publications. New infrastructure attributions are incorporated on a nightly cadence, so your egress is checked against current, published threat intelligence without manual updates.

Tiered, responsible reporting

Findings are surfaced with confidence tiers — not a binary infected/clean verdict. Each indicator report cites the source attribution and refers you to Amnesty Security Lab for expert forensic confirmation. Spyware Shield raises a flag and points to the right experts.

Pro tier · Windows & Linux desktop · Indicators only, not a diagnosis

Desktop-first: Windows and Linux egress matching is available now. Mobile destination-level monitoring requires a separate VPN-layer component not yet built. Spyware Shield does not detect on-device iOS or Android infections — for mobile forensics, use Amnesty MVT.

Platform features

Six capabilities. One lightweight agent.

From raw packet attribution to enterprise SSO — all without sending your flow data to anyone.

Per-app visibility

Every outbound connection tagged to the process that opened it — not just the IP or port. See exactly which app is talking to which server.

Byte-level monitoring

Real-time byte counts, connection timelines, and destination breakdowns per app. Nothing is aggregated away.

Allow / block rules

One-click block any app at the kernel level. Rules persist on your device — no reboot, no service restart, no cloud sync required.

Enterprise

SIEM forwarder (OCSF)

Push structured OCSF events to your SIEM via webhook. Integrate with Splunk, Elastic, or any webhook-capable endpoint.

Hybrid

Hybrid deployment

Keep raw telemetry on your own infrastructure. Cloud sees only Ed25519-signed daily digests. BYO object storage + KMS.

License-only telemetry

The only signal we receive: your licence key + a hardware fingerprint hash. No flow data, no app names, no destinations — ever.

How NetInsightPro works

From endpoint signal to operator alert — one unified pipeline, fully on-host or hybrid.

  1. Data Sources
    Endpoints · Firewall · DNS
  2. Collectors
    On-host · Hybrid · Cloud
  3. Analytics Engine
    Stream · Enrich · Index
  4. Threat Detection
    Anomaly · AI-Worm · Lateral
  5. Dashboards & Alerts
    Per-tenant · SIEM · Pager
Intelligence layer

Anomaly detection on per-app egress.

Smart alerts fire when outbound bytes deviate from your 7-day EWMA baseline. Per-tenant threshold tuning via policy.

  • Flags the app, new destinations, and excess byte volume
  • Side-by-side baseline vs. spike comparison
  • One-click block + optional OCSF SIEM forwarding
Dashboard

Real-software proof.

The same dashboard view — web admin for fleet ops, device client for personal control.

NetInsightPro web admin dashboard showing per-app egress monitoring
0apps monitored
0.0GB out today
0anomalies this week
0data leaks
Installersv1.0.0+42 · via /download
Build 42
Android 7.0+
arm64 · arm32 · x86_64
71.0 MB
Coming soon
macOS
Apple Silicon + Intel

All installers sha256-verified · account required · Download page →

LivePublished 5 Jul 2026
Windows
x64
Current
Version
v1.0.0+42
Size
12.0 MB
Built
Linux
x86_64
Current
Version
v1.0.0+42
Size
11.9 MB
Built
Android
arm64 · arm32 · x86_64
Current
Version
v1.0.0+42
Size
71.0 MB
Built
macOS
Apple Silicon + Intel
Soon
Version
Coming soon
Size
Built
sha256 —

Full SHA-256 manifest at releases.netinsightpro.com/latest.json · Download page

Security & compliance

Built for enterprise trust.

Security architecture

  • Ed25519-signed daily digests (Hybrid tier)
  • mTLS between agent and collector
  • RBAC — per-seat role enforcement
  • Immutable audit log
  • On-prem Hybrid deployment (your infra, your keys)
  • BYO KMS — encryption keys never leave your account

Compliance & standards

  • SOC 2 Type II (Enterprise)
  • SAML 2.0 / OIDC SSO
  • SCIM 2.0 provisioning
  • UK GDPR · EU GDPR
  • DORA · BSI C5 · NIS2 alignment (Hybrid)

No banned dates. SOC 2 Type II report available on request for Enterprise customers.

SIEM integration

Sample OCSF event forwarded to your SIEM

Network Activity · Established (class_uid 4001)
{
  "metadata": {
    "version": "1.3.0",
    "product": { "name": "NetInsightPro", "vendor_name": "NetInsightPro Ltd" }
  },
  "class_uid": 4001,
  "category_name": "Network Activity",
  "activity_name": "Established",
  "severity_id": 3,
  "time": 1717862400000,
  "src_endpoint": { "ip": "10.0.4.17", "hostname": "ws-eu-014" },
  "dst_endpoint": { "ip": "104.18.32.7", "hostname": "api.openai.com" },
  "connection_info": { "protocol_name": "tcp", "direction": "outbound" },
  "observables": [{ "name": "ai_threat_subtype", "value": "llm_exfil_suspect" }]
}
FAQ

Frequently asked questions

More questions? Email support or see the Glossary.

How we compare

NetInsightPro vs. the alternatives

Wireshark shows packets but cannot block. Firewalls block ports but cannot see which app sits behind them. Only NetInsightPro gives you per-app control across Windows, Linux, Android — plus enterprise SSO.

NetInsightPro vs. alternatives — feature comparison
ProductPer-app granularityWindowsLinuxmacOSAndroidReal-time blockingEnterprise SSOData stays localSpyware-egress detectionAI-worm detection
NetInsightProSoon
Wireshark
Little Snitch
PortMaster
OpenSnitch

Scroll to compare →

macOS support is in development (notarisation pending). Enterprise SSO = SAML 2.0 / OIDC built-in. Spyware-egress detection: Pro tier, Windows/Linux desktop — flags connections to infrastructure attributed to mercenary spyware by Amnesty/Citizen Lab (network indicators, not on-device forensics). AI-worm detection: early access.

Start in 60 seconds. Your data never leaves.

Free tier — no account needed. Install and see your app traffic in minutes.

No card required · Windows / Linux / Android · Your data stays on your device

NetInsightPro

See which apps are sending your data — and stop the ones you don't trust. Local-only, per-app, on the devices you already own.

TechProf Ltd
Suite 27 Chessington Business Centre
Cox Lane, Chessington
Surrey KT9 1SD, United Kingdom

Product

Legal

Support

© 2026 TechProf Ltd. NetInsightPro is a registered trademark of TechProf Ltd.

All systems operational
Made in the UKUK GDPR · EU GDPR · CCPA