Desoma’s Demon is a Next Generation
Cyber Defence Software

Demon is based on a gov­ern­ment proven, real time data extrac­tion and ana­lyt­ics engine. Demon offers cus­tomers and part­ners an intu­itive, easy to use inter­face to view and analyze all IP-data transmitted.

The clear aim of Desoma’s Demon is to reduce the man­pow­er and time needed for an analy­sis of vast amount of big data. With the use of our own fully embed­ded Deep Learn­ing algo­rithms we are able to gen­er­ate action­able cyber threat anomaly alarms.

A very wel­com­ing side effect is the sig­nif­i­cant reduc­tion of the false pos­i­tive rate of alarms allow­ing the Analyst to act in a timely fashion as the attack happens!

An Unbi­ased Network Detect & Response


Demon pas­sive­ly plugs into organ­i­sa­tions’ net­works to provide in-depth vis­i­bil­i­ty of the activ­i­ties across the whole organ­i­sa­tion, with Meta­da­ta extrac­tion up to Layer 7.

Demon is archi­tect­ed to be highly avail­able and scal­able via an opti­mised tech­nol­o­gy stack. It pro­vides analy­sis of weeks of data (4 weeks reten­tion by default) allow­ing ultra­fast drill-down to spe­cif­ic rel­e­vant network sessions.

The Demon fron­tend is a highly visual inter­face to assist in manual or auto­mat­ed threat hunting, device dis­cov­ery, traffic trends and highly spe­cif­ic fil­ter­ing. Cases may be created once anom­alies are iden­ti­fied to provide col­lab­o­ra­tive investigations.

Demon pro­vides a com­plete feature set to support the end-to-end process­es of secu­ri­ty teams, includ­ing a secured Appli­ca­tion Program Inter­face (API) to inte­grate with your exist­ing infra­struc­ture to lever­age exist­ing invest­ments. Demon includes a self-doc­u­ment­ed GraphQL API pro­vid­ing data access and gen­er­a­tion of actions in the plat­form. Webhook trig­gers may be created from plat­form events and alerts to third party systems, trig­ger­ing actions in systems such as SIEM, SOAR, Tick­et­ing systems or Firewalls/NAC/EDR etc.

Train – Detect — Investigate


  • Zero-Loss real-time analytics
  • Port and pro­to­col independent
  • Meta-Data Layer 2–7
  • Special focus on Zero-Day attacks and Trojans [single sided session]
  • State of the art Deep Learn­ing algorithms
  • Use of com­mer­cial-of-the-shelf hard­ware (COTS)
  • No active inter­fer­ence with the trans­mit­ted data
  • Gov­ern­ment proven & GDPR compliant
  • Full on prem instal­la­tions – no cus­tomer data is transferred
WordPress Cookie Notice by Real Cookie Banner