Frequently Asked Questions

Detection-based security alerts you after an attacker is already in your environment. Preemptive security acts at first contact, before an attacker can complete reconnaissance or reach target systems. The difference is not just speed, it is philosophy. One assumes you will catch the attacker. The other assumes the attacker will try and makes sure they fail at the first step.

No. PacketViper is completely agentless. It operates at the network layer, which means it protects every device on the network including legacy OT equipment, PLCs, and embedded systems that cannot run security software.

PacketViper sits transparently on the network without touching the devices it protects. It monitors all traffic, deploys deceptive responders to engage and expose attackers, applies AMTD to continuously shift the attack surface, and enforces inline blocking without disrupting operations. It supports OT protocols including BACnet, DNP3, Modbus, and S7COMM.

Inline enforcement means the security solution sits in the actual traffic path and can block threats at wire speed. Most security tools are out-of-band, meaning they see traffic but cannot stop it without sending an alert to a separate system. Inline enforcement eliminates that gap. The test to ask any vendor: does it enforce inline, or only alert?

PacketViper complements and extends what a firewall does. Firewalls start blocked and open up. PacketViper starts open, profiles what is normal, and narrows in. It sees what the firewall never told you, specifically the attempts and behaviors that happen within permitted traffic. Most customers run PacketViper alongside their existing firewall.

A deceptive responder is a fake service that appears real to an attacker. When something unauthorized interacts with it, PacketViper captures the behavior, engages the attacker to waste their time and reveal their tools, and triggers enforcement actions. Unlike traditional honeypots, deceptive responders are purpose-built for network-layer AMTD and work at scale across IT and OT environments.

Once PacketViper has profiled normal network behavior, any east-west movement that falls outside that profile triggers sensors and deceptive responders. Rather than waiting for an attacker to reach a crown jewel asset, PacketViper exposes and blocks lateral movement at first contact within the environment.

PacketViper protects IT networks, OT/ICS/SCADA environments, hybrid IT/OT convergence zones, air-gapped networks, data centers, and critical infrastructure including energy, water, manufacturing, healthcare, and government networks.

Most deployments are measured in hours, not weeks. Because PacketViper is agentless and transparent to the network, there is no endpoint rollout, no device configuration, and no operational disruption. It sees traffic from day one.