Threatmatic's Zero Trust Edge maps directly to SOC 2, NIST RMF, ISO 27001:2022, and NIS2 Article 21 — turning months of manual control-building into a 14-day pilot regardless of which framework your auditors require.
Threatmatic was built around Zero Trust principles that align naturally with SOC 2 requirements. Here's how each Trust Services Criterion maps to the platform.
CC — Security
SOC 2 CC6 requires logical access controls that restrict access to only what is needed. Threatmatic enforces app and user ID-based least-privilege policies at the endpoint — not the perimeter. Microsegmentation via software-defined bulkheads stops lateral movement cold, satisfying CC6.1 through CC6.8 with zero manual intervention.
A — Availability
SOC 2 Availability criteria (A1) require systems to meet committed uptime and support recovery objectives. Threatmatic's fail-open design separates the control plane from the data plane, so users stay connected even if the cloud goes down. Last Known Good policy ensures business continuity without sacrificing Zero Trust posture.
C — Confidentiality
SOC 2 Confidentiality (C1) mandates protection of information designated as confidential. QSChannel™ creates direct, encrypted micro-tunnels between users and apps using asymmetric path isolation — independent encryption keys on separate tunnels make session hijacking and man-in-the-middle attacks mathematically impossible.
PI — Processing Integrity
SOC 2 Processing Integrity (PI1) requires complete, accurate, and timely processing. Threatmatic's Gen-AI powered analytics provides a natural language interface for audit log analysis, real-time access mapping, and visual policy topology — so auditors and CISOs see exactly what every user can access at any moment.
P — Privacy
SOC 2 Privacy criteria require that personal information is collected, used, and disclosed in accordance with your commitments. Threatmatic enforces granular user-level access policies, integrates with any IAM provider, and ensures no unauthorized program execution — giving you data segregation at the workload level.
Whether you're preparing for a Type I or Type II audit, these are the controls your auditor will scrutinize — and where Threatmatic delivers out of the box.
Automated least-privilege enforcement across all users, devices, groups, and time intervals. Policies deploy at the endpoint — not a centralized proxy that can become a bottleneck or single point of failure.
Compromised devices are isolated in under 50ms — no admin action required. Continuous ingestion from FBI InfraGard, CISA, and global threat intelligence feeds blocks known threats before they reach your network.
QSChannel™ delivers quantum-resistant asymmetric encryption on every session. Independent tunnel keys make it impossible for a compromised key to expose both directions of a session.
Every access event is logged in real time. Gen-AI powered audit log analysis lets your team query logs in plain English, dramatically reducing the time to produce evidence for auditors.
Fail-open architecture means your users stay connected even during a cloud outage. Last Known Good policy kicks in automatically — no manual recovery runbooks required.
No proprietary hardware, no vendor lock-in, and no specialized certifications required. Any IT generalist can operate Threatmatic — removing single-vendor risk from your control environment.
The NIST RMF is the gold standard for federal and enterprise risk management. Threatmatic maps directly to all seven steps — from initial preparation through continuous monitoring.
Prepare
Build a Baseline From Reality, Not Guesswork
The 14-Day Silent Discovery Pilot deploys in non-blocking mode and silently records every user connection. At the end, Threatmatic generates a suggested Zero Trust whitelist based on actual behavior — giving your organization an accurate access baseline before you write a single policy.
Categorize
Map Every Flow Across Your Environment
Visual Policy Topology maps every user, app, and access path in real time. Understand exactly what data flows where across cloud, private, and hybrid environments — enabling accurate impact-level categorization aligned to FIPS 199 without manually interrogating firewall logs.
Select
Auto-Generate Least-Privilege Control Baselines
Threatmatic's policy engine recommends least-privilege controls based on observed traffic patterns. Select and tailor from a pre-built Zero Trust baseline aligned to NIST SP 800-53 — no spreadsheets, no manual control mapping across siloed tools.
Implement
Deploy in Minutes Across Every Platform
A single lightweight agent on Windows, macOS, Linux, iOS, and Android implements your selected controls instantly. ZTNA is infused into the architecture — not bolted on. No hardware. No lengthy configuration. No proprietary certifications required to operate.
Assess
Query Your Control Posture in Plain English
Gen-AI powered audit log analysis lets your security team assess control effectiveness without writing complex queries. Ask natural language questions about user access, policy violations, and threat events — and get audit-ready evidence in seconds, not weeks.
Authorize
Give Your AO a Complete Picture — Fast
Full access logs, policy topology maps, and threat response timelines are always available for your Authorizing Official. Threatmatic turns the ATO package from a months-long manual effort into an on-demand export — with real-time data your AO can trust.
Monitor
Continuous Monitoring That Runs Itself
Sub-50ms policy updates keep your controls current as threats evolve. Automated threat intel ingestion from FBI InfraGard, CISA feeds, and global threat exchanges means your network's immune system updates continuously — zero admin action required.
ISO 27001:2022 reorganised its Annex A controls around technical and organisational domains. Threatmatic satisfies the highest-impact controls out of the box — no custom integrations required.
A.8.22
QSChannel™ microsegmentation creates encrypted software-defined bulkheads between workloads, users, and applications — satisfying ISO 27001's network segregation control without hardware VLAN reconfiguration or firewall rule sprawl.
A.8.24
QSChannel™ implements post-quantum asymmetric encryption with independent keys per session direction. Satisfies ISO 27001's cryptographic controls requirement and provides forward secrecy against harvest-now-decrypt-later attacks.
A.8.15 / A.8.16
Every access event, policy decision, and threat response is logged in real time and exportable to SIEM via webhook or syslog. Gen-AI audit log analysis enables rapid evidence gathering for ISMS internal audits and certification reviews.
A.8.3
Least-privilege ZTNA enforces app and user ID-based access policies at the endpoint. Users access only what they need — by verified identity, device posture, and context. No policy grants implicit network-wide trust.
A.5.30 / A.8.14
Fail-open architecture separates the control plane from the data plane, maintaining connectivity and Last Known Good policy even during cloud outages — directly addressing ISO 27001's ICT continuity and redundancy controls.
A.8.7
Executable whitelisting ensures only approved applications run on managed devices. Compromised devices are isolated in under 50ms — stopping malware propagation before it spreads laterally to adjacent systems.
NIS2 mandates that essential and important entities implement proportionate technical and organisational measures across ten security domains. Threatmatic addresses each one.
Art. 21(a)
Risk Analysis
Continuous Risk Visibility Across Your Environment
Visual Policy Topology maps every user, app, and access path in real time. The 14-Day Silent Discovery Pilot builds an accurate access baseline from observed behaviour — giving your team the visibility NIS2's risk analysis requirements demand without manual interrogation of firewall logs.
Art. 21(b)
Incident Handling
Automated Containment in Under 50ms
NIS2 requires entities to detect, analyse, contain, and report incidents. Threatmatic isolates compromised devices in under 50ms — automated, with no admin action required. Incident timelines and full event logs are always available for mandatory reporting to national authorities.
Art. 21(c)
Business Continuity
Fail-Open Architecture, Zero Single Points of Failure
Fail-open design separates control and data planes. Last Known Good policy maintains Zero Trust posture and user connectivity even if the cloud management plane is unreachable — satisfying NIS2's business continuity and crisis management requirements.
Art. 21(d)
Supply Chain
Zero Trust for Every Vendor and Third Party
Third-party vendor access is scoped precisely to what is needed. Compromised vendor credentials cannot grant broad network access — directly addressing NIS2's explicit supply chain security requirements and vendor risk obligations.
Art. 21(h)
Cryptography
Quantum-Safe Encryption on Every Session
QSChannel™ implements quantum-resistant encryption with asymmetric path isolation on every connection. Satisfies NIS2's requirement for policies on the use of cryptography and encryption across all network communications.
Art. 21(i)
Access Control
Continuous Identity Verification and Asset Management
Continuous identity mapping verifies every network flow on user and application axes. Device inventory, app discovery, and real-time policy topology provide the asset visibility NIS2 requires for human resources security and access control policies.
Art. 21(j)
Authentication
MFA Integration and Continuous Session Verification
Threatmatic integrates with any IAM or MFA provider and continuously validates session context beyond initial login. Stolen credentials from an unrecognised device are blocked before network entry — aligning to NIS2's multi-factor and continuous authentication requirements.
Start a 14-day Silent Discovery Pilot. Threatmatic learns your environment without touching your existing firewall rules — then generates a Zero Trust whitelist based on actual behaviour, ready for your SOC 2 auditor, ISO 27001 certification body, or NIS2 competent authority.
Start Free Pilot