G8KEPR sensors deploy inside your own VPC alongside your applications. Threats are detected locally before any telemetry crosses your boundary. Your API traffic, request bodies, and customer data never leave your environment.
Sensors run inside your perimeter. Only scrubbed telemetry crosses the mTLS boundary to the G8KEPR Control Plane.
Most security vendors route your traffic through their cloud. We don't.
Findings are detected locally inside your VPC. Only scrubbed telemetry — not raw payloads — is sent to the control plane. Your API traffic, request bodies, and customer data stay on your infrastructure.
Run sensors in any region or cloud. Comply with GDPR data residency requirements, US government on-prem mandates, or HIPAA data handling rules without routing sensitive traffic through a third party.
The sensor runs inside your network boundary. No egress round-trip for every request. Threat detection adds ~5ms overhead on the cached path — not 30–100ms from an out-of-band cloud inspection hop.
Sensors use bandwidth for aggregated telemetry, not mirrored traffic. No dependency on G8KEPR being reachable for detection to work — sensors spool findings locally for up to 24h during control plane outages.
No agents to install. No code changes. No firewall rules to open. One docker compose up command.
Create your G8KEPR account and choose your plan. No credit card required for the 30-day trial.
Pull your pre-configured docker-compose.yml and .env template. Your tenant token is embedded — no manual config.
Run docker compose up in your environment. The sensor starts monitoring immediately and registers with the control plane over mTLS.
Open the G8KEPR dashboard. Your first threat detections appear as your services receive traffic — no tuning required.
# Pull your pre-configured compose file
$ curl -fsSL https://api.g8kepr.com/deploy/sensor | bash
# Start the sensor
$ docker compose up -d
✓ Sensor registered — first findings in secondsEvery data flow across the boundary is authenticated, signed, and scrubbed.
Every threat pattern update is signed with Sigstore Cosign (Ed25519). Sensors verify the signature before applying any update. An invalid signature causes the sensor to reject the pack and continue running its last verified version.
All telemetry travels over mutual TLS with a customer-private certificate authority. The sensor and collector authenticate each other — no unauthenticated inbound connections from G8KEPR to your VPC.
Before any finding leaves your VPC, the sensor scrubs known PII fields (email addresses, SSNs, credit card patterns) from evidence payloads. You control which fields are redacted via sensor configuration.
Every finding is written to the sensor's local tamper-proof audit log before it is submitted to the collector. You can inspect, export, or retain local findings independently of G8KEPR.
If the control plane is unreachable, the sensor spools findings to local disk (up to 500 MB / 24 h). When connectivity is restored, the sensor replays at a throttled rate (100 events/s default) to prevent collector overload.
Questions a security or infrastructure buyer typically asks before approving a deployment.
Scrubbed finding metadata: threat category, confidence score, timestamp, endpoint path, and correlation ID. Raw request/response bodies do not leave your VPC. The exact fields are documented in our wire format spec (ADR-003).
We don't need access to your VPC. Sensor updates are delivered as a new container image via your own registry pull — the same Kubernetes rolling update or docker compose pull workflow you use for your own services. Pattern pack updates are pushed as cosign-signed bundles over the existing mTLS channel the sensor already uses for telemetry.
Sensor compromise: sensors have no credentials beyond their mTLS certificate and tenant token — neither grants access to other tenants or to G8KEPR internal infrastructure. Control plane compromise: sensors reject any pattern pack that does not validate against the pinned public key, so a compromised control plane cannot push malicious patterns. We publish our DR runbook for key compromise at /trust.
Yes. Deploy one sensor instance per cluster or region. Each sensor registers independently with the control plane. Findings from all sensors are correlated in a single dashboard view. Multi-region compound detection — catching attacks that spread across regions — is available on Pro and Enterprise tiers.
Partial support today. Sensors spool locally for 24h and can be configured to disable the telemetry upload path entirely if you need full air-gap. You lose the G8KEPR dashboard and pattern updates but keep local detection and audit logs. Full air-gap with a self-hosted collector is on the roadmap for Enterprise. Contact sales@g8kepr.com to discuss.
30-day free trial. Full access. Your data never leaves your VPC.
Questions about your specific environment? Contact our engineering team