Real-time

Security

We monitor your resources at 1-second resolution. That means we see everything that runs. Security isn't a separate tool—it's what happens when you're actually watching.

Process Visibility · Every PID tracked Persistence Detection · Launch agents, daemons, cron 30-Day History · Trace back to origin

The Opinionated Take

Traditional security tools scan for known threats. They maintain databases of malware signatures, update them constantly, and still miss zero-days. We think this is backwards.

Signature-based security
  • • Requires constant database updates
  • • Misses unknown threats (zero-days)
  • • False sense of security
  • • Reactive, not proactive
Visibility-based security
  • • See what's actually running
  • • Detect ANY new process
  • • Know when something persists
  • • You decide what's legitimate

Our position: We don't care what it is. We care that it appeared. If something new is running on your machine, you should know about it. If something persists across reboots, you should have approved it.

How It Works

Security is a byproduct of our monitoring architecture. We're already watching everything— security detection is essentially free.

1

Probe monitors resources

Our probe scans CPU, GPU, memory, disk, and network at 1-second resolution. This includes every running process.

2

Process inventory maintained

We maintain a live inventory of all PIDs. When something new appears, we see it immediately.

3

Persistence locations watched

LaunchAgents, LaunchDaemons, login items, cron jobs—anything that survives a reboot is tracked.

4

History retained for 30 days

Full timeline of everything that ran. Trace any process back to exactly when it first appeared.

Process Visibility

Every process running on your machine is tracked. New processes are detected within 1 second.

New Processes (Last 24h) 3 new
node
/usr/local/bin/node
2 hours ago
developer
suspicious-bin NEW
/tmp/suspicious-bin
5 hours ago
root
postgres
/opt/homebrew/bin/postgres
Yesterday
developer

Developer installs something? You see it. User input compromises machine? You see it. Nothing hides.

Persistence Detection

Like Little Snitch monitors network, we monitor persistence. If something installs itself to run on startup, you'll know.

LaunchAgents 1 new

~/Library/LaunchAgents

12 items

LaunchDaemons 0 new

/Library/LaunchDaemons

8 items

Login Items 0 new

System Preferences

5 items

Cron Jobs 0 new

/var/cron/tabs

3 items

Recent persistence detected

~/Library/LaunchAgents/com.unknown.agent.plist added 2 hours ago

Anomaly Detection

We track resource usage over time. When a process suddenly behaves differently, that's a signal worth investigating.

Behavioral Changes Last 7 days
chrome CPU spike to 95%
Usually 5-10%
node Network: 500MB/hr
Usually 10MB/hr
postgres Memory: 2GB
Usually 500MB

Not every anomaly is malicious. But you should know when your processes start behaving unexpectedly.

30-Day History

Full timeline of every process that ran. When something suspicious appears, trace it back to the exact moment it first showed up.

Timeline for suspicious-bin
Today 14:32

Process terminated

Today 09:15

CPU spike to 80%

Yesterday 23:41

First network connection to 45.33.x.x

Yesterday 23:40

Process started by root

Yesterday 23:40

Binary appeared in /tmp

Forensics built-in. No separate tools needed.

Real-time Alerts

Configure what matters to you. Get notified when something unexpected happens.

New process detection

Alert when any new process appears

Persistence changes

Alert when LaunchAgents, daemons, or login items change

Root process spawned

Alert when a process runs with root privileges

Resource anomalies

Alert when process behavior deviates from baseline

Note: We don't block anything. We don't quarantine. We tell you what's happening. You decide what to do about it. This is security for people who know what they're doing.