NetApproveSee · Learn · Shield
AI Network Detection & Response

Self-learning network defense.
No signatures. No noise.

NetApprove watches every conversation on your network, learns what "normal" looks like for your business, and surfaces only the anomalies that matter, then takes action automatically. Built on machine learning and large-language-model reasoning, not yesterday's rule sets.

The continuous detection loop
Visibility feeds the AI · the AI feeds containment · containment closes the loop
Book a Live Demo → See It In Action
NDR Detect
SOAR Respond
AI Reasoner Explain
Compliance Report
NetApprove SEE — real-time 3D traffic globe
100%
Passive · Zero Downtime
<5s
Detection → Containment
0
Signatures · Self-learning
30+
Protocols incl. OT/IoT
A–F
Realtime Security Grade
The NetApprove Method

Three disciplines, one continuous loop

Visibility feeds the AI; the AI feeds containment; containment closes the loop with new ground truth.

See

See everything first

A real-time 3D globe traces every connection from source to destination — direction (inbound / outbound / internal), destination country, protocol and volume. Whole-network risk on a single screen.

  • Passive deep packet inspection + device fingerprinting
  • Real-time 3D traffic visualization & network graph
  • Top countries / services + a live event feed every second
  • Security Grade A–F summarises posture at a glance
SEE — 3D globe
Learn

Learn what matters

A 7-layer ML ensemble baselines every host, service and flow. An AI-powered reasoner triages alerts in plain English and scores per-host anomalies over a rolling 5-minute window — turning "suspicious" into "evidence" in a few clicks.

  • Self-learning anomaly detection — no signatures
  • Identity graph: NTLM · Kerberos · LDAP · RADIUS
  • MITRE ATT&CK & ATT&CK-for-ICS mapping
  • Risk Score A–F weighting Ransomware · Anomaly · Notice · Auth-fail
LEARN — risk overview
Shield

Shield in seconds

Confirm a threat and cut the session instantly with passive TCP-RST through an inject NIC — or let an Auto-Rule contain critical events automatically. Dry-Run, Allowlist and a full Audit log keep every action safe and accountable.

  • One-click containment — TCP-RST on both sides
  • Automatic response on Ransomware-critical events
  • SOAR adapters: firewall · switch · RADIUS · EDR · DNS
  • Dry-Run + Allowlist + append-only Audit trail
SHIELD — status
Capabilities

Core capabilities

Everything to see, reason and respond — built for modern SOC and network teams.

3D Realtime Visualization

Every connection on a live globe — direction, volume and destination country.

Self-Learning Anomaly

Baselines normal behaviour and scores per-host anomalies — no signature updates.

Ransomware Behavioral

Catches mass rename / delete / encrypt on SMB before the whole estate is locked.

SOAR Auto-Response

Cut sessions via TCP-RST in <5s across 5 adapters, with Dry-Run and Allowlist.

OT / IoT Visibility

Full CISA ICSNPP suite: Modbus, S7Comm, DNP3, BACnet, OPC-UA and more.

Identity Graph

Correlates accounts and devices across NTLM/Kerberos/LDAP/RADIUS to spot lateral movement.

Security Grade A–F

Whole-org risk distilled to a single grade — readable by engineers and executives alike.

PQC Readiness

Surfaces TLS versions, ciphers and curves on the wire for the post-quantum era.

Secure Cloud Uplink

Ships Zeek logs to the cloud over an encrypted WireGuard tunnel for long-term history.

Ransomware Watch
Ransomware Defense

Stop ransomware by behavior, not signatures

NetApprove watches per-host file activity on SMB shares over a rolling 5-minute window and scores risk — weighting dangerous behaviour heavily and routine work lightly. It catches the real thing while keeping false alarms low.

score = (delete×3) + (suspicious rename×5) + (dangerous write×10) + (MB written÷10) + …

Detects critical Mass Rename · Worm Fanout · Shadow Copy Tampering (T1490) and high Ransom Note Drop · Extension Write · Mass Delete → enable an Auto-Rule and Shield contains the source automatically.

Deep Protocol Coverage

See 30+ protocols, deep

From web and authentication to industrial control systems (ICS/SCADA) — covering both IT and OT.

Network & Web
Conn · DNS · HTTPTLS/SSL · QUIC · PQCDHCP · Files · Notices
Identity & Remote
NTLM · KerberosLDAP · RADIUSSSH · RDP · WireGuard · IPsec
File & Ransomware
SMB Open / WriteRename / Delete / ModifyRansomDetect::*
OT / ICS (CISA ICSNPP)
Modbus · S7Comm · DNP3BACnet · EtherNet/IP · OPC-UAEtherCAT · PROFINET · Genisys · Synchrophasor
Suricata IDS (sev-1 · ET Open) MITRE ATT&CK + ATT&CK-for-ICS (ACID) bzar behavioral detections GeoIP realtime enrichment
How it works

Deploy passive — never touch live traffic

One SPAN port and NetApprove sees the whole network, with no single point of failure.

01 · OBSERVE

Mirror / SPAN

Copy traffic off the switch into the sensor silently — never in the data path.

02 · REASON

AI · ML analysis

The Zeek engine + analyzers parse every protocol and score anomalies in real time.

03 · SEE/LEARN

Visualise & investigate

A 3D dashboard and live tables drill down to root cause in seconds.

04 · ACT

Contain

Cut the session with TCP-RST, or let an Auto-Rule respond within <5 seconds.

Management — engine
Ready when you are

See your network like never before

Book a live demo and let NetApprove see, learn and shield your network within minutes.

Request a Demo → netapprove.sran.net
/ Contact

Talk to us — from sizing to production rollout

Address

SRAN CyberTech
48/6 Soi Chaeng Watthana 14, Thung Song Hong
Lak Si, Bangkok 10210

Phone

02-982-5445
02-982-5454
063-080-5004

Email

info@sran.net

Connect

Facebook · srannews
LINE Official
YouTube · @srantech1727

Distribution Partner
Tunable Project Co., Ltd.
Email
info@tunableproject.com
Website
web.tunableproject.com