Stop Lateral Movement.
Before It Starts.
Segmentaur enforces microsegmentation at the OS firewall level — Windows WFP, Linux nftables, macOS pf — giving you complete network visibility and policy enforcement without network changes.
Everything You Need to Segment Your Network
Built from the ground up for enterprise microsegmentation — not bolted onto a firewall or SD-WAN product.
Illuminated Mode
See all traffic flows before enforcing a single rule. Staged policies run against live telemetry with risk scoring and what-if analysis — so you know the impact before you commit.
Native OS Enforcement
Policies are enforced by the OS itself — WFP on Windows, nftables on Linux, pf on macOS. No inline proxies, no network redesign, no single point of failure.
ML-Powered Rule Generation
Machine learning analyzes observed traffic patterns to automatically recommend segmentation rules. DBSCAN clustering groups applications. You review and promote — or reject.
Multi-Dimensional Labels
Policies are defined by identity and labels — Environment, Role, Location, Application — not IP addresses. Labels decouple policy from topology so rules survive re-IPs and migrations.
Threat Detection
Real-time detection of port sweeps, host sweeps, lateral movement attempts, and privileged-protocol first contacts. Behavioral baselines using Welford's z-score algorithm flag anomalies instantly.
Live Network Map
Interactive D3 force-directed topology map with label-based filtering, enforcement-state color coding, and drill-down to individual connections. See your entire network at a glance.
Control Plane + Data Plane
A centralized policy engine computes and distributes rules. Lightweight agents enforce them at each endpoint using the native OS firewall.
Policy Compute Engine
Ingests telemetry, computes per-workload policies, distributes to agents. Multi-tenant with RBAC. Deployed as containers on your infrastructure.
Host Agents
Lightweight agents program WFP / nftables / pf. Report flow telemetry, process info, and fingerprints. Never inline — zero packet-path latency.
Customer Portal
Full-featured management console with device inventory, policy editor, network map, reports, alerts, and AI-assisted rule recommendations.
Deploy in Minutes, Not Months
No network changes. No VLAN redesign. No inline appliances. Just install agents and start seeing traffic.
Sign Up
Register for a free trial. Your isolated environment — API server, database, and portal — is provisioned automatically.
Deploy Agents
Install the lightweight MSI on Windows, the systemd service on Linux, or the launchd agent on macOS. Central updates handle the rest.
Illuminate
Agents report all TCP/UDP flows with process, user, and signature data. The ML engine recommends segmentation rules automatically.
Enforce
Stage rules, run what-if analysis, then promote to enforcement. The OS firewall blocks unauthorized lateral movement instantly.
Enterprise-Grade Capabilities
Beyond basic segmentation — deception, compliance, identity-aware policy, and cross-platform support.
Process Fingerprinting
SHA-256 hashes, digital signatures, parent lineage, and integrity levels for every process that touches the network.
Honeypot Decoys
Deploy fake listeners on unused ports. Any connection triggers a critical alert — instant proof of reconnaissance or breach.
JIT Access
Approval-based, time-limited port access for privileged protocols. No standing access — every session is explicitly authorized.
Compliance Reports
PCI-DSS, HIPAA, NIST ZTA, and ransomware-readiness frameworks. Automated evidence generation with policy-change audit trails.
Ready to Eliminate Lateral Movement?
Start your 14-day free trial. Full platform access. No credit card required.
Start Free Trial