• 24x7 live Support
    • (202) 792-7325

Where to Start

Which System Type Do You Have?

Understand Your Network Environment to Enable a Fast and Accurate Response

Before we can deploy the Streaming Defense Attack Operations Theater (SD AOT) or deliver a Health Check, we must know what kind of environment you operate. This helps us deliver the right solution with minimal disruption.

Before we can deploy the Streaming Defense Attack Operations Theater (SD AOT) or deliver a Health Check, we must know what kind of environment you operate. This helps us deliver the right solution with minimal disruption.

While our system is agentless, fast, and powerful, it still needs one thing to operate: a port from which network traffic can be mirrored. This can be a SPAN port, network TAP, or virtual traffic mirroring service.

Let’s walk through the most common environments we encounter so you can identify your configuration.

1. Traditional Server or LAN Environment

You likely have this setup if:

  • ECR bullet You operate a central office with on-premises servers
  • ECR bullet Your internet traffic passes through a firewall or router on site
  • ECR bullet Your devices are connected via Ethernet switches or internal Wi-Fi

What We Need:

  • ECR bullet A SPAN port or Network TAP on a switch or firewall that can mirror outbound traffic.
  • ECR bullet Optional: Port-mirroring on internal segments to watch lateral movement.

Typical Locations:

  • ECR bullet Behind the firewall at the network edge (near the demarcation point).
  • ECR bullet On core switches or in the server room.

Ideal For:

  • ECR bullet Small-to-medium businesses
  • ECR bullet Local government offices
  • ECR bullet Financial institutions with local server rooms

2. Fully Cloud-Based Environment

You likely have this setup if:

  • ECR bullet All assets are hosted in AWS, Azure, Google Cloud, or other cloud platforms
  • ECR bullet You don’t manage physical infrastructure or on-prem networking

What We Need:

Virtual network traffic mirroring, such as:

  • ECR bullet AWS VPC Traffic Mirroring
  • ECR bullet Azure Virtual Network TAP
  • ECR bullet Google Cloud Packet Mirroring

Ideal For:

  • ECR bullet SaaS companies
  • ECR bullet Remote-first enterprises
  • ECR bullet Startups using only cloud-based workloads

Note: Cloud-native visibility is just as actionable as on-prem—SD AOT can analyze mirrored cloud traffic in real time.

3. Hybrid Environments (The New Normal)

Most organizations today are hybrid - mix of on-prem infrastructure, cloud-hosted services, and isolated environments. Each requires a unique approach:

(a) LAN + Cloud Mix

  • ECR bullet On-prem workstations, printers, or file servers PLUS cloud apps and services
  • ECR bullet We deploy one probe for LAN and configure cloud mirroring separately

(b) Closed LAN / Enclave

  • ECR bullet Air-gapped or semi-isolated networks used for sensitive systems
  • ECR bullet Often no internet connectivity
  • ECR bullet Requires internal port mirroring to see east-west traffic and detect lateral movement

Examples: R&D labs, forensics facilities, special enclave environments

(c) IT/OT Mixed Environment

  • ECR bullet Supervisory Control and Data Acquisition (SCADA), ICS, or PLCs on the same network as IT systems
  • ECR bullet Often used in utilities, manufacturing, defense, or smart buildings
  • ECR bullet We detect protocols like Modbus, DNP3, OPC-UA and watch for unauthorized control attempts or lateral movement between segments

4. Other Configurations You Might Have

Satellite Office with VPN Tunnel

  • ECR bullet We deploy at either the main site or cloud landing point
  • ECR bullet Useful to detect anomalies across encrypted tunnels

Co-Located Servers (Data Center)

  • ECR bullet Tap traffic from your firewall or edge device
  • ECR bullet Evaluate both inbound and outbound services

Virtual Desktop Infrastructure (VDI)

  • ECR bullet Monitor backplane traffic or the connection brokers to detect unusual access patterns

Wireless Mesh or SD-WAN Edge Networks

  • ECR bullet Mirror traffic from the central controller or appliance interface

Which Should You Request?

When you're ready to schedule a deployment or health check, just indicate:

  • ECR bullet Whether you are Traditional, Cloud, or Hybrid
  • ECR bullet If you have port mirroring or TAP capabilities
  • ECR bullet Which segment(s) you want us to evaluate: internal, external, or both

We’ll take care of the rest.

Need Help Identifying Your Setup?

If you're not sure which applies, no problem. Our experts can guide you in a short pre-deployment call.

Request Environment Evaluation Now

Let us match the right response to your real-world configuration.

Related Service

Beyond Detection - Full-Spectrum Support When It Matters Most.

Cyber Law

Cyber Law

Develop an attorney-client relationship with specialized cyber law counsel well in advance of a serious incident. Enveloping investigative data with privilege is critical in litigation.


Continue Reading...
Incident Response

Incident Response

Establish a pre-incident relationship to have a ready team experienced in digital forensics and incident response to investigate, contain and remediate a serious cyber-attack.


Continue Reading...

Cyber Insurance

Cyber Insurance

Third-party insurance experts providing industry leading and affordable insurance for cyber-related exposures and expenses including data breaches, legal defense costs, ransomware attack assistance, and system disruption recovery.

Continue Reading...