SENTINEL

Traditional threat intelligence reacts to attacks that already landed somewhere else. SENTINEL operates earlier — in the staging phase, while adversaries are still building the infrastructure they intend to use. The output is not retrospective IOCs but Preemptive Threat Intelligence (PTI): pre-disclosure records of staging infrastructure, each with a lifecycle, a confidence basis, and a recommended customer action.

PTI is delivered through SENTINEL Edge — a local intelligence node, physical or virtual, that sits inside your environment. Three delivery shapes on one appliance: firewall EDL pull, DNS resolver, or passive observation via upstream tap. Pick one, two, or all three. Three deployment modes — Community, Private, Sovereign — define what flows back to CICS, with Sovereign running fully offline.

PTI is CICS-owned and held in Switzerland, beyond the reach of foreign access law. We do not warehouse our corpus into third-party tooling — neither into yours nor anyone else’s. The methodology is proprietary and OPSEC-bounded; the work behind it took years of focused engineering. We do not serve marketing numbers. Live detection statistics are public at sentinel.cics.ch — count for yourself.