Gatewatcher Threat Detection System (Trackwatch) is a Network Detection and Response (NDR) platform that provides network traffic analysis and threat detection for IT and OT environments. The system operates in bypass mode using TAP technology to monitor network communications without impacting production environments. The platform analyzes network traffic using multiple detection engines including static analysis, heuristic analysis, and machine learning. It performs protocol analysis and examines packets to detect known attack signatures, shellcodes (including polymorphic variants), and encoded payloads. The system can analyze encrypted traffic and conduct file analysis using multiple anti-virus engines, with capacity to examine up to 6 million files per 24 hours. Trackwatch aggregates alerts and assigns risk scores to facilitate triage and decision-making for SOC teams. The platform provides access to complete metadata from network communications analysis, enabling security analysts to investigate incidents and conduct proactive threat hunting. It supports retro-analysis of files flagged as suspicious after initial passage through the system. The system can operate in connected mode or completely offline (air gap) for restricted and confidential networks. It features a hardened operating system developed with a "Secure by Design" approach to resist corruption attempts and reduce attack surface. The platform integrates with multiple Threat Intelligence sources and can accommodate additional custom sources.