SOC
Operations centers that need their intelligence to feed detection without the platform becoming a maintenance burden.
OpenCTI and MISP, sovereign and operated.
Kverno builds and operates the dedicated infrastructure that OpenCTI and MISP run on: documented, rebuildable and with its recovery already proven, under European jurisdiction. It is not a shared service, and not an install one person keeps alive.
THE PROBLEM
Where it breaks in production.
OpenCTI and MISP work the first month. Then come the updates, the connectors that break, the fragile MISP sync, the database that grows unchecked, the identity with no second factor, and backups nobody has tried to restore. The organization's most sensitive intelligence ends up depending on one person and on a server no one knows how to rebuild.
WHO IT'S FOR
Teams that operate threat intelligence.
CSIRT and CERT
Response teams that share indicators with communities and partners, and can't afford an opaque or unrecoverable platform.
CTI teams
Analysts running OpenCTI and MISP in production who would rather spend their time on analysis than on maintaining the infrastructure.
ISACs and sectoral groups
Sharing groups that operate MISP nodes and need synchronization, taxonomies and strict control over who has access to what.
WHAT WE DEPLOY
The intelligence platform, dedicated to a single client.
Dedicated infrastructure per client, described in code and rebuildable: OpenCTI and MISP in production, with identity, storage and network separated from any other client. The rest of the security tooling runs on top, defined with the client. Here are some of the components we already integrate.
MatrixForgejoOpenCTIMISPVaultwardenAuthentikTheHiveWazuhNextcloudMattermostKasmWiki.js
ZERO TRUST ACCESS
Every access is verified.
Kverno grants access by verification, not by trust. No port is left open to the internet: everything goes through a Zero Trust gateway. People who use the applications pass through a single identity gate with a second factor. People who operate the platform reach the controls through a private channel, with just-in-time credentials signed at each session and revoked when it ends; no standing keys or passwords sit on the servers. Every session is tied to a person, logged, and revocable in one place. The two planes, operation and use, are separated by design.
WHAT KVERNO GUARANTEES
Four properties.
Dedicated
OpenCTI and MISP run for one client only. No shared servers, storage or network with anyone else.
Rebuildable
The whole platform is described in code. It comes back up from its description, identical, with no manual steps.
Recovery tested
Before delivery a real recovery is run: the platform is rebuilt, data is restored, and the time is measured. Proven, not assumed.
Documented exit
The client can take the platform whenever they want, documented and rebuildable, without Kverno and with no vendor lock-in. The guarantee is in writing.
INTEGRATION
Connected to the rest of the operation.
An intelligence platform is only useful if it connects to the rest. Kverno leaves OpenCTI and MISP running with their standards (STIX 2.1, TAXII, MISP sync, taxonomies and TLP) and connected to the client's SIEM, SOAR or XDR, with production and test environments kept separate. Intelligence comes in, correlates and feeds detection, without the team having to handle the maintenance.
WHERE THE LINE IS
What we don't do.
- 01
We don't replace your SOC or your CERT
We operate the infrastructure your team works on. Detection, analysis and response remain theirs.
- 02
We don't sell intelligence feeds
We build and operate the platform. The sources and the content are the client's to choose and bring.
- 03
We don't do incident response by default
Unless explicitly contracted, the scope is the platform, not the investigation of the incident.
HOW TO START
Three steps.
- 01
Review
A technical review of the current OpenCTI or MISP platform, or the one to be deployed: architecture, dependencies, backups, identity, connectors and recovery.
- 02
Build
The construction of the dedicated infrastructure, with the real recovery test before delivery.
- 03
Managed
Ongoing operation: updates, external monitoring, verified backups and periodically tested recovery.
QUESTIONS
Before you write.
- Is this managed hosting?
- No. Hosting gives you a machine. Kverno delivers a dedicated platform, rebuildable and recovery-tested, with its identity, its documentation and its operating manuals. The difference is the operation and the responsibility, not the server.
- Do we get locked in with Kverno?
- The opposite. Everything is described in code, on open-source software, on infrastructure the client controls. The platform can move to another provider or to its own hardware. The exit guarantee is in writing from the start.
- Can you run it isolated or air-gapped?
- Yes. For regulated environments there is a bespoke variant on exclusively dedicated hardware, with disk encryption and verified boot. The build method and the recovery test are the same.
- Where does Kverno operate?
- In Europe. Based in Madrid and under European jurisdiction, with no foreign provider in the chain that another country's law could compel to hand over the data. Other jurisdictions on request.
01
02
03
04
Tell us your case.
If your OpenCTI or MISP fits what we do, we say so. If it doesn't, we point you to someone who does.