Frequently Asked Questions
Everything you need to know about how SARSI works, internal traffic protection and the sovereignty of your data.
SARSI is a cyberdefense appliance that monitors your network's internal traffic — what happens between your machines. It detects abnormal behavior (movement from one workstation to another, secret extraction, massive login attempts), automatically isolates critical behavior before it spreads, and generates a timestamped evidence report at every detection.
No, SARSI complements them. The antivirus protects each workstation and the firewall filters traffic in and out of the network. SARSI acts where those tools have little visibility: inside the network, between machines, where an attack progresses once the first door has been opened.
SARSI analyzes the behavior of network traffic and compares it to how your environment usually works, rather than looking for a known signature. A connection never seen before, an administration tool used from an unauthorized workstation or an abnormal burst of login attempts are detected even if the program used is legitimate or brand new.
SARSI runs locally, within your environment. The appliance analyzes traffic on site: your data does not leave your network and is not sent to a third-party cloud. It's a sovereign approach, designed for sensitive organizations and consistent with data minimization.
The behavior is configurable. Depending on the policy you define, SARSI can automatically isolate a workstation during critical behavior, or simply propose isolation and notify your team for validation. In all cases, a timestamped report is generated to confirm or lift the isolation.
SARSI aims for a low false-positive rate and a threat score that prioritizes truly critical alerts (orange, red). The figures observed in testing (around 1%) depend on the environment and are not a contractual guarantee: they calibrate to how your network actually works.
SARSI connects to your network to observe internal traffic, without requiring an agent on every workstation. The goal is simple commissioning, accessible to organizations that don't have a dedicated cyber team.
Yes, in support. Each timestamped report documents what happened, when, from which machine and what action was taken. These elements support your documentation and incident-notification obligations (GDPR, NIS2) and your exchanges with an insurer, a large client or an authority. Compliance is a benefit that flows from detection, not a promise on its own.
For SMEs, local authorities, healthcare facilities, industrial environments and sensitive structures (including the defense industrial base) that may not have an internal SOC but need to reduce the exposure window and have usable evidence.
Contact the SARSI team via the 'Schedule a call' button. We review your context and show you how SARSI fits into your environment.