Observer v1.0 is live — AI-powered log security, free during launch

Learn more
VAULTGUARDIAN
Pre-Order Open — Est. Shipping Summer 2026
VAULTDEC-1

They steal your data
before they encrypt it.

The DEC-1 sits inline between your router and protected server as an invisible Layer 2 bridge. It monitors egress traffic with deterministic thresholds and severs the connection in milliseconds when exfiltration is detected. No cloud. No AI. No guesswork.

Pre-Order — $349Deep Dive: How It Works
< 1ms
Detection response
2.5 GbE
Wire speed
8 GB
LPDDR4X RAM
$349
One-time, no subscription
ATTACK TIMELINE

Where VaultGuardian intervenes

Modern ransomware attacks typically follow the same kill chain. The DEC-1 triggers at Phase 4 — before most companies even know they've been breached, and before encryption begins.

01

Initial Access

Day 0

Stolen credentials, phishing, or zero-day exploit. The attacker gets in.

02

Lateral Movement

Days 1–14

Reconnaissance. Privilege escalation. The attacker maps your network, finds your valuable data, establishes persistence.

03

Data Staging

Days 7–20

Files compressed, archived, staged for extraction. Still silent. Still invisible to most security tools.

04

Exfiltration

⚡ DEC-1 TRIGGERS

The attacker starts uploading your data to external servers. This is the loudest moment in the entire attack — and the first time most companies find out they've been breached.

Connection severed. Alert fired. Response clock starts.

Your team knows the server is compromised while the attacker is still trying to extract data — not days or weeks later.

05

Encryption

✓ PREVENTED

Ransomware deploys. Files encrypted. Ransom note delivered. By now, your data is already in the attacker's hands — unless exfiltration was stopped.

ONE DEVICE, THREE DEFENSES

More than a kill switch

01

Exfiltration Prevention

Deterministic egress monitoring severs the connection the moment upload traffic exceeds configured thresholds. Designed to stop data from leaving your network. No AI. No cloud. No guesswork.

Stops data theft
02

Instant Breach Detection

The kill event IS your alert. You know your infrastructure is compromised at the exact second the attacker acts — not 9 days later, not 7 weeks later, not 3 years later.

Millisecond detection
03

Encryption Prevention Window

Because exfiltration typically comes before encryption in the attack chain, catching the upload gives your team time to isolate systems before ransomware deploys.

Buys response time
SPECIFICATIONS

Built for the edge

PROCESSOR

RK3588S Octa-Core

4× A76 + 4× A55

MEMORY

8 GB LPDDR4X

High-bandwidth packet processing

NETWORK

2×2.5G + 1×GbE

WAN + LAN + Management

DETECTION

5-Rule Engine

Complementary detection mechanisms

RESPONSE

< 1 ms*

Deterministic connection kill

LOGGING

JSONL Forensics

180-day retention, AI-ready format

POWER

USB-C PD (5–20V)

65W adapter included

FIRMWARE

Go + Linux

Memory-safe, single binary

MANAGEMENT

Isolated Dashboard

Dedicated management interface

* Response time measured on development hardware. Production benchmarks on NanoPi R6S in progress.

The DEC-1 stops data from leaving. Want to catch the act itself?

Observer watches your container logs in real time, classifies threats using AI, captures response evidence, and verifies outcomes. Detects the intrusion that triggered the exfiltration.

Meet Observer
$349

Pre-configured. Ready to deploy. One year of firmware updates included.

Firmware renewal: $99/year (optional — device works without it)

Pre-Order NowTechnical Deep Dive