Everything the Zedmos engine does, laid out on one page.
Each capability below has a dedicated deep dive with architecture notes and, where relevant, benchmark numbers. Click any card to read more.
Pick any block. It runs on the same pipeline.
Each capability below is a live feature of the engine, documented and deployable today. Click any card for the deep dive — architecture, config snippets, and benchmarks.
Shared-memory packet rings bypass the kernel socket path. ~14 Gbps on a single core.
SNI extraction, full client and server fingerprinting, forward-proxy bumping with a short-lived CA.
200+ application protocols, category pairs, encrypted traffic heuristics — all on the fast path.
allow / drop / reset / shape / redirect / quarantine / tarpit / scan / rewrite / exec / mark / escalate / route / log.
Route per app / category / SNI / user / geo. Strategy-pattern TX with SNAT and kernel FIB.
IP, domain, URL, and TLS-fingerprint blocklists. Suffix-trie matching. Atomic hot-swap via control socket.
AD DC agent, Azure Graph pull, SCIM hook, ARP/DHCP fingerprinting. Per-flow user tags.
ICMP / HTTP / DNS probes, composite health score, atomic peer swap. Hysteresis-aware.
SIGHUP and UNIX-socket commands swap policies, feeds, and routes with zero packet loss.
Protocol-aware payload reassembly across web, mail, and file-sharing traffic with content-type inference and per-flow deduplication.
Block or downgrade encrypted bypass paths per policy. 90% QUIC, 85% DoT effective.
Kernel driver patched so encrypted overlay peers can join the same fast path. Opt-in on bare-metal deployments; standard SASE still defaults to the kernel socket path.
Lock-free shared-memory ring into a dedicated writer daemon. File, syslog, SQLite, and Elasticsearch sinks today — with write-ahead log, circuit breaker, and adaptive sampling under load.
Intel 1/10 GbE multi-queue, NIC preflight, CPU affinity — 10× cache-miss reduction.