Hilt is a behavioral data governance and data exfiltration prevention platform designed for security teams. It aggregates signals from cloud, endpoint, and network sources to provide a unified view of data movement activity across an organization. How it works: - Collects runtime telemetry from cloud environments (Cloud Feed) - Gathers behavioral sensor data from endpoints (Endpoint Feed) - Captures wire-level network traffic (Network Feed) - Correlates these three signal sources into a single investigation view, enabling analysts to trace data movement patterns that span multiple environments Core problem it addresses: Organizations often have DLP, EDR, SIEM, UEBA, and CASB tools deployed, but each operates within its own scope. Data exfiltration frequently occurs across cloud workloads, endpoints, network boundaries, and SaaS applications in patterns that no single tool is designed to detect. Hilt focuses on identifying behaviors that are individually permissible but collectively suspicious — such as valid credentials being used in anomalous patterns, or authorized users accessing files in ways that deviate from normal behavior. Detection capabilities: - Confidential file exfiltration by departing employees - Unauthorized copies of data or models to personal cloud storage - Shadow data pipelines that bypass approved workflows - Abnormal file access patterns associated with insider threats Investigation features: - Step-by-step investigation replay of data movement activity - Explainable investigation paths for analyst review - Audit-ready reporting output Deployment options: - Kubernetes (via Helm rollout) - Container (using hardened baseline and least-privilege profile) - Linux VM (via signed installer or package path)