01detection
Detect breaches.
Cyber attacks must communicate over the network. Network communication has observable shape. Prophet models that shape at enterprise scale and detects when your network has been breached with near-zero false positives.
01post-breach detection layer
Network breachdetectioninfrastructure,built fromfirst principles.
Catches modern breaches with near-zero false positives.
Autonomous. Delivered as a service.
- detection
- modern breaches
- false positives
- near-zero
- delivery
- as a service
- operation
- autonomous
Prophet is autonomous network breach detection delivered as a service. Customers deploy lightweight collectors wherever traffic exists. Prophet extracts the shape of network communication and streams compact telemetry to Prophet infrastructure, where it is modeled, analyzed, and turned into investigation-ready findings for the SOC.
02operation
Without the burden.
Network detection has carried a heavy infrastructure and human tax. Enterprises had to operate the stack, tune the detections, triage the alerts, and make the SOC expert in the tool. Prophet delivers the network detection and investigation layer as a service.
Prophet uses a distributed collection topology. Lightweight collectors deploy wherever traffic originates: containers, Kubernetes nodes, VMs, cloud environments, physical infrastructure, taps, endpoints, and any OS. They extract the shape of communication as compact telemetry and stream it to Prophet infrastructure, where enterprise communication is unified for search, modeling, detection, and reasoning.
Sign up.
Self-service signup gives your team access to the Prophet console: deploy collectors, ask deep questions about network traffic, and review automated breach investigations. No configuration. No tuning.
IRIS12K targets · 16 investigated
CRITICAL Confirmed malicious activity on Docker Swarm cluster. Off-distribution TLS beaconing from swarm-edge-04.
01:26 PM
Benign — scheduled Veeam backup. Telemetry across upload events is structurally identical.
12:23 AM
Deploy collectors.
Deploy lightweight collectors with a single command across Linux, Windows, Docker, Kubernetes, VMs, cloud environments, endpoints, or taps. Collectors extract communication shape and protocol metadata — DNS, HTTP, TLS, and flow behavior — and stream compact telemetry to Prophet. Configuration is managed centrally in the Prophet console. Prophet's ingest and storage infrastructure scales horizontally to handle any traffic volume.
deploy nodeesc
dockerlinux / macwindowskubernetes
curl -sSL https://dev.prophet.io/install | bash -s -- pt_de4d46fa7e22▣connection status
waiting for node to connect...
approve node
configure
optional configuration
descriptionVMWare virtual switch tap
profilenone (default config)
tagssan-jose DC▌
Autonomously detect breaches.
Prophet models your network-wide communication shape deeply enough to learn what the network produces on its own. Exogenous activity imposed by an attacker becomes visible as a departure from that behavior. When breach signal appears, Prophet builds an autonomous investigation graph with evidence, hypotheses, specialist perspectives, and a verdict your SOC can review.
discriminatorhigh
April upload tooling is statistically incompatible with the March session.
April session: 78 flows, IQR 172–236 MB, mean duration 1.3s — no distributional overlap with March.
verify
April 9 flows to files.slack.comdiscriminatorhigh
Session used a pre-stored Slack token.
No credential acquisition preceded the upload.
verify
DNS queries pre-onset windowcorroboratorhigh
Four never-seen Tailscale IPs aligned with upload escalation.
First contact appeared 4 min 10 s before the upload spike.
Ask Prophet.
Ask Prophet any question about your network traffic. It runs a deep search across months of traffic collected across your enterprise, follows pivots across flow and protocol telemetry, and returns the answer.
what external services is my network sending traffic to?
Thinking3.9s
Good question. I'll fan out across destination organizations, ports/protocols, and application-layer services.
subagent
exploretop destination orgs by upload bytes
got 160,041 hitssubagent
exploretop dest port:protocol pairs by flow count
got 160,111 hitssubagent
exploretop TLS SNIs by flow count
thinking...answerexternal SaaS and cloud destinations dominate the last 15m.ready
context /⌘K
message prophet or type / for commandsA mature cyber attack is an active, distributed adversarial presence living inside the enterprise. After initial breach, it uses the enterprise fabric as the substrate for its own proliferation. It is optimized for stealth, novel expression, leverage, and eventual destruction.
Its power is distributed orchestration: the ability to coordinate communications and activities across a surface too large to reduce to one artifact, one path, one host, or one known technique.
Its weakness is its nervous system: the network communications that keep the system coherent.
Detecting mature cyber attacks requires modeling what the enterprise network produces on its own, so precisely that an adversarial communication system becomes visible as exogenous activity imposed within the network.
Existing cyber architectures are built to detect and prevent initial access. They are poorly suited for the attacker activity that follows breach.
Mature attacks are distributed adversarial systems. Their events are fragments, not the system. Their coherence lives in communication.
Modern defense assumes breach and detects what happens after.
Prophet pricing is built on two credit types. Storage credits buy retention of compact telemetry across your network. Inference credits buy detection model passes over that telemetry. Your monthly cost is the sum of credits consumed.
monitored hosts & collectors
employees with network activity
storage credits48,600
inference credits30,000
total78,600 credits
$3,930/ month
$37,728 billed annually · 20% discount
Estimates assume 6‑month retention and average egress volume. Talk to us to scope retention, traffic, and any specifics for your network.