NetSpectra: Formally Verified Bot Detection at the Edge
NetSpectra is a formally verified edge security platform — the rest of the market makes real customers prove they are not bots through CAPTCHAs that kill conversion, JavaScript checks that burn round-trips, probabilistic blocks that quietly drop paying users. We chose another way. Passive TLS, TCP and HTTP signals. Decided in microseconds. No friction visible to the visitor.
Why we turned deep engineering into a
product.
Too much trust in black boxes
Security teams are asked to trust scores they cannot inspect, thresholds they cannot explain, and decisions they cannot defend. That may be acceptable for experimentation. It is weak infrastructure for production.
Too little signal before HTTP
Most products wait until JavaScript runs, headers arrive, or behaviour accumulates. By then, the session has already consumed application logic, origin capacity, and business risk. We made the call before HTTP.
Too much friction for real users
Challenge-heavy protection shifts the cost of detection onto legitimate traffic. CAPTCHAs, scripts and browser checks slow down real buyers while better bots route around them. The market normalized friction. We did not.
Too little proof for security teams
When a platform blocks traffic, the question is no longer whether it scored highly. The question is whether the decision can be traced, explained and audited. Most products optimize for detection. Serious teams also need defensibility.
We built our own TLS stack — in Ada/SPARK, the language used in flight control and nuclear safety systems. Every line that touches a connection has been mathematically verified.
That is what prove means here.
You can audit every verdict. You can explain every decision. You can defend every block — in audit, in compliance review, in front of a security architect.
No retraining cycles. No model drift. No “the AI decided” excuses.
Five minutes from zero to edge.
Point DNS
Create a free account and add one A-record pointing to an edge node. No SDK, no library, no server-side change.
Tunnel up
WireGuard tunnel comes online between the edge and your origin. TLS is terminated at the edge; your backend stays on a private IP.
Passive scoring
Every TCP/TLS handshake is fingerprinted and scored. Four signal layers fused into one deterministic verdict — under 500 microseconds.
Origin hidden
Verified humans reach your app. Automated traffic gets blocked or filtered at the edge. Your real IP never appears in DNS, headers or logs.
We don’t just filter your traffic. We protect your backend too.
Edge filtering matters only when the edge is the only way in. Your origin sits behind a private tunnel, your filter never sleeps, and the verdict gate covers every request — paid traffic, login form, checkout, API endpoint, everything.
Bot clicks, scrapers, credential stuffing — filtered at the TLS handshake before any HTTP processing runs. The decision is made at the protocol layer, in microseconds.
Your origin never appears in public DNS. Direct attacks on your CMS or framework hit a closed door. Edge is the only valid path to your application — even if your IP leaks elsewhere.
The same verdict gate guards every endpoint, every minute. No downtime windows for rule updates, no DDoS-driven outages. The filter does not sleep, and neither does your store.
Built for four very different
traffic problems.
Pick a tier.
Block automated, pass humans.
- 3 sites
- Verdict at handshake
- Read-only API
Differential delivery.
- 10 sites
- Real users see your real page
- <500 µs decision
Full API + webhooks.
- 10 sites
- Conversion tracking
- 99.9% SLA
▸Compare all features
// FEATURE | Lite Free | Identify $199 | Adaptive $499 | Adaptive PRO $999 | Enterprise Custom |
|---|---|---|---|---|---|
| Sites included | 1 | 3 | 10 | 10 | ∞ |
| Extra sites | — | +$49/site | +$29/site | +$29/site | — |
| Passive fingerprinting | ● | ● | ● | ● | ● |
| Automated traffic filtering | — | ● | ● | ● | ● |
| Scoring threshold control | — | ● | ● | ● | ● |
| Differential delivery | — | — | ● | ● | ● |
| Response shaping | — | — | ● | ● | ● |
| X-AE-* headers | — | ● | ● | ● | ● |
| Read-only API | — | ● | — | ● | ● |
| Full API + webhooks | — | — | — | ● | ● |
| Conversion tracking | — | — | — | ● | ● |
| Dedicated edge nodes | — | — | — | — | ● |
| Custom scoring rules | — | — | — | — | ● |
| Support | — | priority | priority | TAM | |
| SLA | — | — | 99.9% | 99.9% | 99.99% |
// NO CONTRACTS · NO SETUP FEES · CANCEL ANYTIME · START WITH LITE AND UPGRADE WHEN YOU NEED