In Development

RAVEN Shield

Lightweight DLP built for DoD and the air gap

A standalone Data Loss Prevention product for small-to-mid-size businesses and DoD programs. A Rust endpoint agent paired with a Node.js/React server, running entirely on-premises with air-gap support and classification-aware policy from UNCLASSIFIED through TS/SCI.

Stay Informed

Get cybersecurity compliance updates, CMMC news, and security insights delivered to your inbox.

We will only email you when RAVEN Shield is generally available. No spam, ever.

Capabilities

What RAVEN Shield Delivers

Data-at-rest scanning, data-in-motion enforcement, and a block-and-request-approval workflow — classification-aware from day one.

Data-at-Rest Scanning

Scheduled and on-demand filesystem scanning with streaming content processing. Detects PII, CUI, and admin-defined custom patterns across documents, archives, and email files.

Data-in-Motion Enforcement

USB and removable-media interception, Outlook/MAPI and SMTP email attachment monitoring, and inline block of sensitive transfers with per-classification policy.

Block-and-Request-Approval

Blocked transfers become real-time approval requests. Approvers see file details, detected classification, destination, and requestor context — with required justification.

Classification-Aware Detection

Recognizes the full US classification hierarchy (U, CUI, C, S, TS, TS/SCI) with portion markings, banners, dissemination controls (NOFORN, REL TO, ORCON), and SCI compartments.

Offline Resilience

The Rust agent keeps a signed, encrypted local policy cache and queues findings and approval requests when disconnected, syncing in batches on reconnect.

Cross-Platform Coverage

A single Rust agent binary targets Windows, Linux, and macOS endpoints and reports to one management console for unified policy, findings, and approval handling.

Why RAVEN Shield

Enterprise DLP Without the Weight

On-premises only. No cloud dependency. No external telemetry. Suitable for SCIFs, classified enclaves, and commercial environments that reject SaaS DLP.

FIPS 140-3 by Default

aws-lc-rs on the agent, OpenSSL 3.x FIPS provider on the server. Both refuse to start if FIPS validation fails in production builds.

Lightweight Rust Agent

A single memory-safe binary per host. Target: under 100 MB idle, under 300 MB during active scan. Managed by systemd, Windows SCM, or launchd.

Priced for SMBs and Programs

Positioned below enterprise DLP so small businesses and small government programs can still enforce CUI and classification controls.

Roadmap

v1.0 Design

Server-side authentication scaffold and audit/findings infrastructure are in progress. The Rust endpoint agent and the full pattern-detection pipeline are the next implementation phase.

Rust endpoint agent (Win / Linux / macOS)Planned

Data-at-rest filesystem scanningPlanned

USB & removable-media interceptionPlanned

Outlook/MAPI & SMTP attachment monitoringPlanned

PII, CUI, and classification pattern detectionPlanned

Block-and-request-approval workflowPlanned

Offline policy cache & queued syncPlanned

Append-only hash-chained audit logPlanned

Ed25519 / RSA-4096 binary & policy signingPlanned

Optional RAVEN connector (post-v1.0)Planned

Evaluate RAVEN Shield

RAVEN Shield is in active development. Contact us to discuss pilot deployments, or sign up to be notified when v1.0 ships.