AMTD Portal
Agent-Enhanced AMTD

Manage your moving target.

Every endpoint becomes a sensor, a decoy field, and a kernel-level attribution engine — rotating minute to minute so reconnaissance fails on every surface. The AMTD Portal is where you watch the fleet work.

Sign in to your portal Request access

Already a PacketViper customer? Sign in. New here? Talk to us about a license pack.

The Problem

Static defenses get mapped. Yours won't.

Every breach starts with reconnaissance. Forty years of static defense has made mapping free, fast, and accurate. AMTD breaks that asymmetry.

Reconnaissance is free

Conventional firewalls, EDR, and honeypots all share one weakness: they sit still. An attacker who maps you Monday is still right on Friday.

Detection comes too late

Industry mean-time-to-detect for sophisticated intrusions is measured in months. By then the attacker has the map, the credentials, and the path.

The endpoint was the gap

Network-layer AMTD has solved the wire. But until now, the workstation always presented the same ports — and attribution stopped at IP and port, not process and user.

What the Portal Gives You

Single pane. Every agent. Every probe.

Agent-Enhanced AMTD turns each endpoint into a moving target. The portal turns the fleet into a single pane of glass.

Live agent fleet

Group endpoints by location, role, or any custom dimension. See online/offline state, decoys active, probes captured — at a glance.

Kernel-level attribution

Every captured probe ships with the process, user, and executable path that opened it. No more "an IP did something" — you know which binary on which host ran by which user.

Centralized rotation policy

Set rotation cadence, decoy profile sets, and federation rules once — the portal pushes them to the fleet. Every endpoint stays a moving target without per-host configuration.

REST API for SIEM & SOAR

Bulk telemetry submission, OpenAPI-documented, idempotent on retry, rate-limited per agent. Ship events to Splunk, Sentinel, Chronicle — or pull them yourself.

By the Numbers

AMTD in production. Measured, not marketed.

From actual customer deployments — not lab benchmarks.

20–30%
Traffic Reduction
malicious + unwanted, day one
503,427
Events Processed
single deployment, no SOAR
46%
CPU Idle at Peak
substantial headroom
4 / 4
Rogue AI Agent Tests
stopped, March 2026
How It Works

From install to attribution — in three steps.

1

Deploy the agent

Install the lightweight Windows or Linux agent. It enrolls with a one-shot token, registers with the portal, and starts surveying its host's port surface.

2

Decoys rotate, sensors fire

The agent binds rotating decoys on free ports — the surface changes minute to minute. Every probe gets captured with kernel-level process attribution.

3

Watch and act

Telemetry streams to your portal. Group, filter, contain — surgically, per host, per process. No subnet bans. No collateral damage.

Licensing

License packs sized to your fleet.

Volume pricing for fleets from a single team to ten thousand endpoints. Pay for what you deploy. Add capacity as you grow.

  • Windows + Linux agents
  • OT-friendly (no agent on PLCs — appliance covers them)
  • Federation across sites
  • Customer-hosted or cloud-managed
Get a quote
Get Started

Ready to make reconnaissance fail?

Sign in to manage an existing fleet, or talk to us about a deployment that fits your environment.

Sign in Talk to an engineer