Network Agents

Protect traffic, segmentation, and communication paths.

Network Agents monitor traffic, segmentation, routing, DNS, firewall events, and inbound and outbound connections. They detect command-and-control, exfiltration paths, scanning, unusual traffic patterns, and policy violations.

Request early access →

The Ollandi defense loop

Every agent follows the same cycle, producing auditable, coordinated response.

01

Observe

Ingest domain-specific signals in real time with full telemetry fidelity.

02

Reason

Correlate local evidence with the shared threat model and adjacent agents.

03

Validate

Check policy boundaries, blast radius, and consensus before acting.

04

Act

Execute bounded, reversible actions through approved control interfaces.

05

Evidence

Record every observation, decision, and action in an auditable bundle.

What it protects

  • Perimeter and internal network traffic
  • DNS, DHCP, and routing infrastructure
  • Firewall and security group rules
  • Network segmentation boundaries
  • East-west and north-south flows

What it monitors

  • Flow logs and packet metadata
  • DNS queries and responses
  • Firewall allow and deny events
  • VPN and remote access connections
  • Anomalous volume or destination patterns

What it detects

  • Command-and-control communication
  • Data exfiltration and tunneling
  • Lateral movement across segments
  • Port scanning and reconnaissance
  • Policy violations and shadow IT

What it can do

  • Block malicious destinations at firewall or DNS layer
  • Quarantine hosts showing C2 or exfiltration behavior
  • Enforce segmentation policies dynamically
  • Share flow context with Endpoint and Cloud agents
  • Produce network evidence timeline

What evidence it generates

  • Flow record and connection summary
  • DNS query timeline and resolved domains
  • Firewall rule matches and changes
  • Quarantine action and scope
  • Correlation with endpoint and identity events

One working agent experience

See how an network agent moves through the defense loop on a real incident.

1

Observe

Unusual outbound HTTPS session to a rare domain with high data volume.

2

Reason

Destination has no baseline presence; volume matches staged exfiltration pattern.

3

Validate

Endpoint Agent confirms suspicious process; Cloud Agent rules out approved backup job.

4

Act

Block domain, isolate source host, preserve flow evidence.

5

Evidence

Flow records, domain reputation, and cross-agent validation stored.

Part of a coordinated defense

Network Agents provide the connective tissue for cross-domain incidents, revealing how threats move between identity, endpoint, and cloud boundaries.

Identity
Cloud
Endpoint
Network
Runtime