Catch Intruders Already Inside Your Network

No, Blacksight Protect does not see, interfere or log any of your network behavior. We cannot see to what sites people on your network are visiting. We only act on received requests to the Blacksight Protect device.

Blacksight Protect is a device that will detect hacker activity on your network and will notify you of unusual activity on your network.

We monitor normal network behavior and detect abnormal hacker activity immediately.

Not necessarily. Our Cloud plan deploys directly to AWS, GCP, or Azure — no hardware required. For on-site protection, the Pro and Pro+ plans include a physical device installed in your office, home, or any location with an internet connection. Our Enterprise version is a standalone on-premise installation.

It is 7 years.

It gives access to the dashboard and configuration settings with notifications and all future updates of the device and monitoring software.

There is no limit.

No, Blacksight Protect Pro only has outbound connections - no public open internet ports are needed.

Cloud deploys to your AWS, GCP, or Azure environment with no hardware. Pro and Pro+ use a physical device hosted by Blacksight. Enterprise is an on-premise installation with no internet required.

Yes. Our Cloud plan supports deployments with Docker and Kubernetes (Helm charts included) on AWS, GCP, and Azure. The Enterprise version also supports on-premise cloud and container deployments.

Our Global Security Operations Center located in the USA is getting notified of any alarm our product will launch and will contact you in a way you configure and we will be there to assist you with the next steps should an alarm occur. This service is included in all plans at no extra cost.

We provide a pre-built, signed Docker image available from our private container registry. Once you receive access credentials from our onboarding team, you can pull the image and deploy it on AWS Fargate, AWS ECS, Google Cloud Run, Azure Container Instances, or any Docker-compatible runtime. The image is lightweight, hardened according to CIS benchmarks, and requires only a single environment variable — your unique deployment token — to connect securely to the Blacksight platform. All communication is outbound-only over HTTPS, meaning no inbound ports or firewall rules need to be opened. The container starts monitoring within seconds of launch and automatically registers itself in your Blacksight dashboard.

Yes. We publish official Helm charts that work with Amazon EKS, Google GKE, Azure AKS, and any self-managed Kubernetes cluster running version 1.24 or later. The charts are fully configurable via a values.yaml file and include resource limits, horizontal pod autoscaling, namespace isolation, network policies, and pod security standards. You can install Blacksight Protect into your existing cluster with a single helm install command, and our charts are compatible with GitOps workflows such as ArgoCD and Flux. We also provide example overlays for common configurations like high-availability mode, restricted namespaces, and service mesh integration with Istio or Linkerd.

Blacksight Protect follows the principle of least privilege. On AWS, it needs read-only access to VPC Flow Logs and, optionally, CloudTrail event logs — we provide a ready-to-use CloudFormation template and Terraform module that creates a scoped IAM role with exactly these permissions and nothing more. On Azure, it requires a Reader role on NSG Flow Logs and Network Watcher resources. On GCP, it needs the Logs Viewer role scoped to your VPC subnets. In all cases, the only network requirement is outbound HTTPS (port 443) to our platform endpoints. No inbound access, no VPN tunnels, and no peering connections are needed. Your security team can audit the exact permissions in our open-source infrastructure-as-code templates before deploying.

Absolutely. Our Docker image is built and tested for both AWS Fargate and traditional ECS with EC2 launch types. For Fargate, we provide a complete task definition and service configuration that you can deploy through the AWS Console, CLI, or your existing CI/CD pipeline — there are no servers to manage, patch, or scale. For ECS on EC2, the image runs alongside your other workloads and can share an existing cluster. In both cases, deployment takes just minutes: pull the image, set your deployment token as an environment variable, and launch the task. The container handles all registration, health checks, and connectivity to the Blacksight platform automatically. We also include a CloudFormation template that provisions the ECS service, task definition, IAM roles, and CloudWatch log group in one step.

Cloud deployments receive updates through our container registry whenever a new version is released. For Kubernetes, our Helm charts support rolling updates with zero downtime — new pods are brought up and health-checked before old ones are terminated, so there is no gap in monitoring coverage. If you use a GitOps workflow with ArgoCD or Flux, updates are detected and applied automatically. For AWS Fargate and ECS, new image versions can be applied by updating the task definition and redeploying the service, either through your CI/CD pipeline or with a single AWS CLI command. We publish a changelog with every release so your team can review what changed before applying updates, and all images are signed and include a software bill of materials (SBOM) for compliance auditing.

Yes. Our Cloud and Enterprise plans fully support multi-region and multi-cloud deployments. You can run Blacksight Protect in every region and availability zone where you have workloads — spanning AWS, Azure, and GCP simultaneously if needed. Each deployment instance reports back to the Blacksight platform, where all of your environments are visible from a single unified dashboard with consolidated alerting and reporting. This gives your security team one pane of glass across your entire cloud footprint, regardless of how many providers or regions you operate in. There is no additional per-region licensing — your plan covers all deployment instances, making it straightforward to expand coverage as your infrastructure grows.

Yes. Blacksight Protect is designed to complement your existing security stack, not replace it. On AWS, it integrates with CloudTrail, GuardDuty, and Security Hub. On Azure, it works alongside Microsoft Sentinel and Defender for Cloud. On GCP, it connects with Chronicle and Security Command Center. Beyond native cloud integrations, alerts from Blacksight Protect can be forwarded in real time to any SIEM platform (Splunk, Elastic, Datadog, etc.) as well as incident response tools like PagerDuty, OpsGenie, Slack, and Microsoft Teams via webhooks. All alert data is available through our API for custom integrations, and we provide pre-built dashboards for Grafana and Datadog so your operations team can correlate Blacksight detections with your other infrastructure metrics.

The Blacksight Protect container is designed to be lightweight and efficient. For small to medium environments, a minimum of 512 MB RAM and 0.25 vCPU is sufficient — roughly the size of a Fargate task at the lowest tier or a single small Kubernetes pod. For larger networks processing higher volumes of traffic data, we recommend 1-2 GB RAM and 0.5-1 vCPU, though our Helm charts include horizontal pod autoscaling that adjusts resources automatically based on actual traffic volume so you never over-provision. There is no persistent storage requirement — the container is stateless, with all detection data, configuration, and alert history managed by the Blacksight platform. This means you can freely restart, reschedule, or scale pods without worrying about data loss. On AWS Fargate, this translates to a very low monthly compute cost, typically under $15/month for a single monitoring instance.