Technical Overview

How MagnetMesh works

Behavior-driven micro-segmentation that does not require touching your devices. We work at the network layer, learning what normal looks like and enforcing it.

01

Discovery

MagnetMesh passively observes traffic on your network. Within hours, it builds a complete inventory of every device - manufacturer, type, protocols used, and communication patterns.

  • No agents required on devices
  • Automatic device classification
  • Complete network visibility in hours
device_discovery.log

# Device discovered at 10.0.4.187

Type: Medical infusion pump

Vendor: Baxter Healthcare

MAC: 00:1A:2B:3C:4D:5E

Protocols: HL7, HTTPS (443)

First seen: 2024-01-15 09:23:41

Communication targets:

- 10.0.1.50 (EMR server)

- 10.0.1.75 (Pharmacy system)

[OK] Device added to inventory

02

Behavior Baseline

Over time, we build a behavioral profile for each device and device type. What ports does it use? What is the normal traffic volume? Who does it legitimately need to communicate with?

  • Machine learning on traffic patterns
  • Per-device and per-type profiles
  • Continuous baseline updates
behavior_profile.json

# Behavior profile: Infusion Pump

Normal ports: [443, 2575]

Avg daily traffic: 2.4 MB

Peak hours: 06:00-22:00

Expected peers: 3

Never observed:

- SMB (445)

- SSH (22)

- DNS tunneling patterns

- Lateral movement

[OK] Profile confidence: 94%

03

Isolation & Enforcement

Devices are automatically grouped into micro-segments based on function and behavior. If a device deviates from its baseline - new protocols, unusual traffic patterns, unexpected connections - it gets isolated immediately.

  • Sub-second response time
  • Network-level containment
  • Zero disruption to compliant devices
security_alert.log

# ALERT: Anomaly detected

Device: Infusion pump #47

IP: 10.0.4.187

Time: 2024-01-15 14:32:07

Anomaly: SSH connection attempt

Target: 10.0.1.100:22

Severity: HIGH

[ACTION] Isolated to quarantine

[ACTION] Alert sent to SOC

Status: Awaiting investigation

Architecture

How it integrates with your network

MagnetMesh deploys as a virtual appliance that integrates with your existing infrastructure. No rip-and-replace required.

Network Tap / SPAN

Passively mirrors traffic from your switches. No inline deployment, no latency impact, no single point of failure.

Switch Integration

Pushes ACLs and VLAN assignments directly to your managed switches. Works with Cisco, Arista, Juniper, and others.

SIEM / SOAR Export

Sends alerts and telemetry to your existing security stack. Native integrations for Splunk, Sentinel, and others.

See the technical details in action

Schedule a live demo with our engineering team. We will walk through deployment, integration, and real anomaly scenarios.

Request technical demo