OmniDLP
Watches what leaves your network. From below the OS.
The Problem
Conventional DLP agents run in userspace, which means sophisticated malware can bypass them by hooking system calls or disabling the agent. They weigh 500MB+, carry hundreds of inherited CVEs, and are primarily designed for Windows. Linux servers — where most data lives — get limited coverage.
The Solution
OmniDLP monitors outbound connections and detects sensitive data patterns (credit cards, IDs, data dumps) from below the OS level. Running at bare-metal means malware in userspace cannot see, hook, or disable it. The ~30KB binary has zero dependencies and zero inherited vulnerabilities.
Why Bare-Metal Matters
DLP that runs in the same layer as malware is a race condition. OmniDLP runs below the OS — it monitors network traffic via raw syscalls that userspace malware cannot intercept. There are no hooks to bypass because there is no userspace framework to hook into.
Technical Specifications
| Feature | Value |
|---|---|
| Binary Size | ~30KB |
| Detection | Credit cards, IDs, data dumps |
| Monitoring | Outbound connections |
| Dependencies | None |
| Level | Below OS — malware cannot hide |
| Pattern Engine | Bare-metal regex |
| Evasion Surface | Zero (no userspace hooks to bypass) |
Comparison
| OmniDLP | Symantec DLP | McAfee DLP | |
|---|---|---|---|
| Agent size | ~30KB | 500MB+ | 400MB+ |
| Dependencies | None | Windows/.NET | Windows/proprietary |
| Evasion possible | No (below OS) | Yes (userspace hooks) | Yes (userspace hooks) |
| Supply chain CVEs | 0 | Hundreds | Hundreds |
| Linux support | Native | Limited | Limited |
| Cost | $20K one-time | $50K+/year | $40K+/year |
Use Cases
PCI-DSS Data Protection
Monitor for credit card data leaving your network. Bare-metal detection that malware cannot bypass or disable.
Insider Threat Detection
Detect unauthorized data exfiltration by employees or compromised accounts. The agent is invisible to userspace tools, including those used to circumvent monitoring.
Regulatory Compliance
Meet DLP requirements for financial regulations with an agent that is itself zero-risk — 30KB, zero dependencies, zero inherited CVEs.