Netapprove
AI Network Detection & Response

Self-learning network defense.
No signatures. No noise.

Netapprove watches every conversation on your network, learns what "normal" looks like for your business, and surfaces only the anomalies that matter, then takes action automatically. Built on machine learning and large-language-model reasoning, not yesterday’s rule sets.

The continuous detection loop
Visibility feeds the AI · the AI feeds containment · containment closes the loop
Book a Live Demo → See It In Action
NDR Detect
SOAR Respond
AI Reasoner Explain
Compliance Report
LIVE · 3D FLOW · SRAN.NETAPPROVE Netapprove 3D traffic globe showing real-time inbound and outbound network flows with active threat cards
The Operating Loop

See · Learn · Shield

Three disciplines, one continuous loop. Visibility feeds the AI; the AI feeds containment; containment closes the loop with new ground truth.

01 / SEE

See everything first.

You can’t defend what you can’t see. Netapprove fingerprints every device, decodes every protocol, and renders the full conversation graph in real time.

  • Passive deep packet inspection (Zeek 8)
  • Device inventory + identity graph
  • 3D global flow + 2D network graph
  • File audit, auth audit, IoT/OT discovery
Explore visibility →
02 / LEARN

Learn what matters.

A 7-layer ML ensemble baselines every host, every service, every flow. A Claude-powered reasoner triages alerts in plain English, drastically cutting false positives.

  • Self-learning anomaly detection, no signatures
  • Ensemble: peer, time-series, sequence, graph
  • LLM triage in natural language
  • MITRE ATT&CK + Cyber Kill Chain mapping
Explore the AI →
03 / SHIELD

Shield in seconds.

Detection without response is just paperwork. Netapprove ships SOAR adapters that quarantine, block, and hunt, across firewalls, switches, identity, and EDR.

  • 5+ active-response adapters built in
  • RADIUS Change-of-Authorization
  • RBAC, audit trail, dry-run by default
  • Auto-firing playbooks with rollback
Explore active response →
0Signatures shipped
7ML layers in ensemble
<5sDetect to contain
100%Passive, zero downtime
Why Netapprove

An AI-Native NDR. Not a re-skinned IDS.

Most "AI security" is a signature engine with a chatbot bolted on. Netapprove starts from the opposite end: the AI is the detector, and every other layer exists to serve it.

Self-Learning Anomaly. Not a Rule.

Netapprove doesn’t need someone to write a rule for every new attacker technique. It builds a living statistical model of every host, every peer, every service, and every protocol, then lights up when reality diverges.

  • Per-host peer graphs & service baselines
  • Time-series anomaly on bytes, packets, fan-out
  • Sequence model for kill-chain progression
  • Identity graph anomalies on auth + access
UEBANDRgraph MLpeer baselinekill-chain
/ai-flow-traffic Live AI flow lattice visualizing host-to-service-to-port relationships ranked by anomaly score

An LLM Triage Loop That Talks Back.

Every incident gets a plain-English narrative, a confidence score, and a recommended next step, written by a Claude-powered reasoner that has the host’s history, peer behavior, and threat intel at hand. Analysts read stories, not packet dumps.

  • Per-incident "What happened & why" summary
  • Confidence + suggested response action
  • Auto-tags the MITRE technique & kill-chain phase
  • Closes false positives without human toil
/host-profiles Host risk profile page showing per-asset risk score, peer behavior baseline, and triage narrative

From Detect to Defend in One Pane.

Netapprove is a full SOAR. When the AI is confident, it can fire a response itself: blocking a flow at the firewall, kicking a session off the wireless via RADIUS CoA, or quarantining an endpoint through your switch fabric.

  • Adapters: edge_fw, switch_acl, RADIUS CoA, EDR, DNS sink
  • Dry-run mode by default; one-click promotion to live
  • RBAC + full audit log on every action
  • Auto-rollback on policy expiry
/defend Active Response page listing five response adapters with health status and policy actions
A platform, not a point tool

Twenty live views, one operating model.

Inventory & Identity

Every device, every account, every service, correlated by community-id across logs.

3D Traffic Globe

Inbound vs outbound arcs, geo-sourced from real flow data, in real time.

Network Graph

Force-directed view of who talks to whom, what protocols, and where the anomalies cluster.

Crypto Discovery & Risk

Spots weak ciphers, bad certs, and risky TLS / SSH posture, Remote Access VPN, RDP, IoT / OT and more, integrated by Qsense.

PQC Inventory

Post-Quantum readiness map across every host, also powered by Qsense.

Vulnerability

Software banner × CVE matching with NVD & CISA KEV enrichment.

MITRE ATT&CK

Automatic technique mapping per incident, with coverage heatmap.

Kill Chain

Sequence detector that joins recon → C2 → exfil into a single story.

Compliance

NIST CSF, ISO 27001, PCI-DSS dashboards driven by your real telemetry.

Active Response

Five built-in adapters. Dry-run by default. Audited end-to-end.

Ready to see your network through new eyes?

Book a 30-minute live demo on your own traffic. No agents, no rebuild, just a SPAN port and a coffee.

Request a Demo → How It Works