The OS is the security appliance.
The Security Scale doesn’t bolt security onto your infrastructure — it makes the infrastructure itself the security appliance. Every Tophan node is a sensor, every network path is monitored, and every anomaly is detected and responded to at machine speed.
Traditional security products sit beside your infrastructure and watch it. They’re separate appliances with separate management, separate updates, and separate failure modes. When something gets past them, it has free rein until a human notices.
Tophan’s approach is fundamentally different. The immutable base layer means rootkits can’t persist. Golden images mean workloads are verified at boot. Microsegmentation means compromised workloads can’t spread. The Security Scale ties it all together with detection, analysis, and automated response.
The question isn’t “how do we detect breaches?” — it’s “how do we make breaches irrelevant?”
| Feature | Description | Status |
|---|---|---|
| IDS / IPS | Inline intrusion detection and prevention on all virtual network traffic. | Beta |
| Immutable Detection | Any modification to the read-only base layer triggers an immediate alert. This should be impossible — if it happens, the response is aggressive. | Stable |
| Integrity Checking | Continuous verification of all layers against signed manifests. Bit-rot and tampering detected in real time. | Beta |
| Packet Capture | On-demand or triggered packet capture on any virtual interface. Full pcap export. | Beta |
| Spectrum Analyser | Traffic pattern analysis across the cluster. Detects lateral movement, data exfiltration, and command-and-control patterns. | Planned |
| Zero Trust | Every request authenticated and authorised. No implicit trust based on network position. | Beta |
| WAF | Web application firewall for HTTP/HTTPS workloads. OWASP rule sets, custom rules, learning mode. | Planned |
| Honeypots | Deploy decoy services that alert on any interaction. Attackers reveal themselves by touching things that shouldn’t be touched. | Planned |
| SIEM | Security information and event management. Correlation across all Scales, all nodes, all events. | Planned |
| Vulnerability Scanning | Continuous scanning of all layers and workloads against CVE databases. | Planned |
| Golden Image Scanning | Verify golden images before deployment. No vulnerable base images reach production. | Beta |
| Automated Response | Configurable response playbooks. Isolate, snapshot, alert, or kill — automatically, in milliseconds. | Beta |
The Security Scale is designed for threats that move at machine speed:
The Security Scale runs on every node, processing events locally and correlating cluster-wide:
┌────────────────────────────────────┐
│ SIEM / Correlation │ Cluster-wide analysis
├──────────┬──────────┬──────────────┤
│ IDS/IPS │ Integrity│ Spectrum │ Detection engines
├──────────┴──────────┴──────────────┤
│ Security Scale Agent │ Per-node processing
├────────────────────────────────────┤
│ Networking + Storage Scales │ Data sources
└────────────────────────────────────┘
Detection happens locally. Correlation happens cluster-wide. Response happens automatically unless you configure it otherwise.