Veramine Platform

Advanced capabilities for reactive intrusion response and proactive threat detection.


Intelligent, lightweight (<1% CPU) host-based sensor that collects and forwards all security-relevant information from Windows-based hosts to cloud-based or self-hosted server. Details


Advanced detection engine to detect Mimikatz-style password dumping, kernel-mode exploitation (local EoP), process injection, unauthorized lateral movement, and other attacker activity. Uses advanced rule-based and machine-learning algorithms. Details


Easily search all collected data to provide answers for reactive intrusion response investigations and proactive threat detection. Details


From a central console, easily terminate processes or delete regkeys. Instantly search process memory for a yara expression across all hosts. Details

Unique value

Contextualized Data

Good analysis begins with good data. Events collected by our platform are enriched with context information from the system. For example, each network connection is associated with its originating process, user, time, etc.

Low Overhead

Continuous monitoring without compromising overall system performance. The Veramine sensor is aggressively optimized to minimize system overhead. After an initial enumeration period, the sensor consumes < 1% CPU.

Open Platform

Veramine provides the raw or contextualized collected data to analysts for bespoke search or analysis operations via inbound API access or outbound syslog. Connect clients to the default Veramine-hosted server or manage it yourself.


Veramine's intelligent sensor and advanced detection algorithms
detect common and sophisticated attacks

Kernel exploits

New Windows kernel 0day exploit in the wild? Our system can generically detect both known and unknown kernel exploits on all supported platforms!

Process migration and injection

More advanced attackers blend their malicious activities with normal system activities via remote thread injection. Our platform automatically tracks and detects such activities.

Credential dumping / pass-the-hash / lateral movement

Attackers commonly dump, collect, and reuse user credentials to gain further access in your network. We automatically detect these activities.

Download-and-run trojans

Want to know which users downloaded a "greetingcard.exe" from Outlook and executed it? We can instantly provide the answer.


Ever wonder which users don't encrypt their HD? What about those who don't lock their machines or have a screensaver set? We can tell you the answer and save you money on the compliance audit and energy bill.

Tailored analysis

All data in our platform is fully searchable so you can slice and dice it as as you see fit. Want to process our data with your own Apache Hadoop or Spark analysis framework? We can stream the events to your system in real time.

Selected events stored forever

The Veramine free product displays the current day of activity. Our paid product allows browsing and search across as long a time range as the sensor is running.

The Veramine Team

The founding team's background and expertise spans kernel development, cryptographic engineering, vulnerability analysis, and incident response.

The team has experience operating in very large academic, military/goverment, and enterprise environments. We have analyzed the most sophisticated attacks and built the Veramine platform to defend against determined adversaries. The team previously worked at Microsoft in security engineering roles.

Jonathan Ness


Bruce Dang


Michal Chmielewski

Windows sensor

Sergiusz Fonrobert

Windows sensor

Lan Nguyen

Detection & Machine Learning

Veramine 1.4

Two versions of the Veramine cloud-hosted service are currently available


Same collection client as paid product. Detection limited to four rule-based detections. Events are collected from up to 20 hosts per organization. Browse and search over the current day's collected events.


Paid product uses more extensive rule-based detections and additional advanced machine-learning enabled process profiling, network data exfiltration detection, and user logon anomaly detection.

Subscription priced based on number of hosts on which client is installed and duration you would like the data retained for search and browse.

Terms and Conditions Privacy Policy

© 2018 Veramine Inc.