Network Traffic Control

Context is what
firewalls don’t have.

PacketViper’s traffic control engine evaluates who, what, where, when, and why – then enforces inline. Not allow/deny. Not binary. Contextual.

Firewalls start blocked and open up. PacketViper starts open and narrows in.

See It in Action Full Platform Overview
20–30%
Immediate traffic reduction
from Global Network Lists
0
New connections/sec
evaluated with full context
0
CPU idle at peak
with full security stack
0
Concurrent sessions
tracked simultaneously
The Problem

Allow everything or block everything. That’s not security.

A financial services firm has 47 country blocks configured on their perimeter firewall. One morning, a legitimate vendor relationship in one of those blocked countries needs to complete a transaction. The firewall doesn’t know it’s a vendor. It only knows the country code. The choice is: accept all traffic from that country or block all of it.

Firewalls make binary decisions – allow or deny – without understanding why traffic exists. They see source, destination, port, protocol. They don’t see who the source actually is, whether the destination makes sense given the time of day, or whether this pattern has occurred before.

PacketViper Traffic Control Dashboard

Traditional Firewall

Source IP + port – nothing else
Block entire country or allow entirely
No awareness of who the source is
No time-of-day context
Block is the end of the story
VS

PacketViper Context Engine

5-dimensional context per connection
ASN-level precision within a country
Organizational identity tied to traffic
Scheduling for business hours vs. off-hours
The attempt is the beginning – not the end
Context Engine

Five dimensions. Every connection. Wire speed.

Every connection attempt is evaluated against five dimensions before enforcement fires. Context collapses “allow everything” and “block everything” into something much more precise.

PacketViper Investigation Interface
01
WHO
Country, ASN, organization – isolate a specific business without blocking their neighbors
02
WHAT
Application layer awareness – enforce at Layer 7, not just the port it’s using
03
WHERE
Network segment destination – different policies per zone without duplicate rules
04
WHEN
Time-of-day scheduling – different posture for business hours, maintenance windows, weekends
05
WHY
Behavioral pattern – has this occurred before? Does the pattern match the port? What changed?
Day One Value

20-30% noise reduction. No tuning. No rules. Just enable it.

Global Network Lists are years of accumulated intelligence about known scanners, cloud-hosted pen testers, and automated adversarial infrastructure. Turn them on and a significant portion of your unwanted traffic disappears immediately.

18-27M
Uninvited scans per year absorbed by the average enterprise network from “do-gooder” internet scanning services
2,301
Active threat intelligence ipsets loaded and enforced in real time on every connection
0
Custom rules needed to get immediate traffic reduction. GNLs work out of the box.

What Gets Blocked

GNLs contain curated lists organized by vendor, service, and threat category:

Known botnet command-and-control infrastructure
Tor exit nodes and anonymous proxy networks
Mass scanning services (Shodan, Censys, etc.)
Known spammer and phishing networks
Cloud-hosted penetration testing infrastructure

What Gets Allowed

Legitimate vendor traffic is identified and explicitly permitted:

Microsoft (Azure, Office 365, Windows Update)
Google (GCP, Workspace, APIs)
Amazon (AWS, CloudFront)
Cloudflare (CDN, DNS protection)
Your custom vendor and partner lists
Key Capabilities

Context-aware enforcement for every scenario.

Global Network Lists

Years of accumulated intelligence about known scanners, cloud-hosted pen testers, and automated adversarial infrastructure. Enable on day one – 20–30% noise reduction immediately. No tuning required.

ASN-Level Targeting

Isolate specific organizations within a country without blocking the entire country. Allow this vendor’s ASN. Block that hosting provider’s ASN. Same country, different treatment.

DNS Intelligence

Domain-based enforcement before connections complete. If the domain was registered 48 hours ago and is already showing high query volume, that pattern flags before any traffic flows.

Context Groups

Build custom population definitions – segment your network by function, sensitivity, or trust level. Apply differentiated policies without managing hundreds of individual rules.

Scheduling

Automatic policy changes for shifts, maintenance windows, and operational periods. No manual rule toggling. No human error at 2 AM.

Quarantine & Containment

Quarantine a source for six hours while investigation runs – then automatically release or escalate. Inline enforcement from the investigation interface.

Why It Matters

Stop choosing between a country block and an open door.

For Security Teams

Stop choosing between blocking a country and accepting all of its traffic. Enforce at the level of precision that matches the actual threat.

For OT Operators

OT networks have very specific, predictable traffic patterns. Context-aware enforcement catches deviations from those patterns – unknown protocols, unexpected connection sources, after-hours activity – that a firewall rule would miss entirely.

For Leadership

Fewer false positives, fewer manual exception processes, fewer help desk tickets from legitimate business traffic getting caught in broad blocks. Context enforcement means precision at scale.

See what your firewall never told you.

Book a live demo – we’ll show you in your environment, not ours.

Book a Demo Run a POC
What is a Global Network List (GNL) in PacketViper?

Global Network Lists are curated, continuously updated sets of IP ranges grouped by category - hostile infrastructure, nation-state attack platforms, botnet networks, cloud providers, and global business networks. PacketViper uses GNLs to make enforcement decisions before individual packet inspection, typically reducing inbound traffic volume by 30–70%.

Can PacketViper block traffic by country or business entity?

Yes. PacketViper can enforce traffic policies at the country level, ASN level, and business entity level - meaning you can block traffic from a specific hosting provider or cloud platform without blocking the entire country it operates in. This granularity was the original patent insight behind PacketViper.

What throughput does PacketViper support?

PacketViper handles 34,622 new connections per second, 2 million concurrent sessions, and processes 171 billion events in 26.94 GiB - with 46% CPU idle at peak load. This is enterprise-class throughput on commodity hardware.

How does PacketViper handle DDoS and flooding attacks?

PacketViper's rate limiting evaluates traffic from each individual source. When a source exceeds the allowed request rate it is placed on hold. Rate limiting can be scoped by country, ASN, business network, IP, or port - providing targeted defense against flooding without impacting legitimate traffic.