P/01
Nothing moves unless it's safe
Cyber gating is sacred. Every restore, failover, and replay passes integrity, provenance, and behavioral checks before a single byte is committed.
No bypass without trace.
SENTINEL/RX is a mission-control platform that orchestrates cyber recovery for telco workloads — BSS, OSS, 5G core, billing, IMS — with AI-powered RTO and RPO.
Operators see the entire telco recovery posture in real time — and the AI assist suggests the next safe move.
Suspected ransomware on BSS-CRM-04. Encryption entropy +812%.
The non-negotiable rules that govern every decision the platform — and its operators — are allowed to make.
Cyber gating is sacred. Every restore, failover, and replay passes integrity, provenance, and behavioral checks before a single byte is committed.
Every recommendation ships with its reasoning, evidence chain, and confidence band. Operators can override, amend, or escalate — always.
RTO and RPO are not slides — they are live counters. Every panel surfaces the cost of waiting and the budget remaining.
Minimum Viable Service first: restore the dial-tone path, then expand outward in deterministic, reviewable waves.
AI suggestions, operator clicks, system effects — all sealed in a tamper-evident ledger. Auditability is the substrate, not a report.
Built specifically for the operational reality of telco infrastructure under nation-state pressure.
Every restore action signed, verified, and isolated. No implicit trust between vault, network, or operator.
Models trained on telco kill-chains recommend least-impact recovery paths in seconds, not hours.
Air-gapped, WORM-locked snapshots with cryptographic chain-of-custody for every byte.
Native understanding of BSS, OSS, 5G core, IMS, charging, and HSS dependencies.
Every operator click, AI suggestion, and system action sealed in tamper-evident ledger.
Synthetic attacks rehearse RTO/RPO daily — your recovery posture is proven, not promised.
A deterministic playbook, executed by humans and machines as one team.
AI signal fusion across IDS, EDR, NDR, and behavioral telemetry.
Zero-trust segmentation severs blast radius automatically.
Assist proposes recovery protocol with confidence score.
Mount immutable snapshot in clean enclave; verify hash chain.
Synthetic transactions confirm BSS/OSS/5G integrity.
Subscriber traffic re-cut. RTO met. Audit sealed.
A visual runbook pipeline. Six stages, four gates each. Nothing advances unless every gate is green — and every block has evidence.
Hash chain mismatch on shard 14 of subscriber DB. Expected 9af3…c7e1, got 11b2…8ddf. Suspect tampering — escalate to forensics before mount.
ResilienceAI fuses backup lag, replication health, infra contention, change rate, and restore throughput into a live forecast — and tells you exactly how to stay inside the SLA.
Increase replication bandwidth by 20%
Reduce snapshot interval from 30m → 10m
Pre-warm clean enclave on EU-W3
Throttle non-critical batch jobs (06:00–08:00 UTC)
Not every snapshot is safe. RecoveryPointAdvisor ranks every restore point by confidence — fusing EDR/XDR, file integrity, behavior, and timeline correlation — so you mount the past, not the attacker.
0 alerts across all sensors · last scan 11:18:42Z
All hashes match signed manifest · SHA-512 OK
Baseline behavior · no outliers in 24h window
45m pre-attack · before earliest IoC observed
Every restored workload lands in Quarantine. Promotion to Staging and Production is gated by validation, approval, and zero-trust posture — enforced, not requested.
DependencyGraphAI maps 5G Core (AMF/SMF/UPF), IMS, OSS/BSS, and DNS/DHCP into a live topology — auto-generating restore order and surfacing dependency conflicts before they detonate.
Depends on 7 upstream services. They must be healthy before this node can be restored.
Circular promotion risk: BSS declares dependency on IMS which is restored in a later wave. AI proposes deferring BSS startup probe by 30s.
When the network is on fire, restore the dial-tone first. MVSOrchestrator brings up only what's critical, then expands in waves as KPIs prove green.
ServiceValidator runs config-compliance checks and synthetic Attach / Call / SMS / Data transactions. The runbook stays open until every probe is green.
ApprovalSystem enforces role-based, separation-of-duties approvals for production promotions and AI overrides — every decision FIDO2-witnessed and written to the audit trail.
Promote workload from Staging → Production. Validation passed (7/7). Microsegmentation enforced.
“Forensic taps clean. Integrity hash matches vault-seal.”
ExplainabilityPanel surfaces the top contributing signals, the analysis window, the model's confidence and the supporting telemetry — for every action the AI takes.
No EDR/XDR alerts within window. File-integrity hash chain unbroken across 184 monitored paths. Behavioral baseline within ±1.2σ. Snapshot predates first observed encryption-entropy spike by 14 min.
ControlPlane runs multi-site HA with cross-region quorum, gracefully degrades when sites fall, and ships signed offline runbooks so operators stay in control even when the cloud isn't there.
All sites healthy. Quorum 4/4. AI fully online, full telemetry pipelines.
SENTINEL/RX is engineered to be precise, transparent, and advisory. It never issues commands; it surfaces reasoned recommendations with confidence scores so a human always owns the call.
Every statement is grounded in a measurable signal, a named source, or a numeric threshold.
“Looks suspicious. Maybe revert?”
“Snapshot SS-218 (T-42m) shows entropy 7.91 bits — exceeds 4.0 threshold on 3 of 14 volumes (vol-eu-07, vol-eu-09, vol-na-02).”
Every operator click and every AI inference lands in a tamper-evident ledger. Bundles export pre-mapped to NIS2, DORA, ISO 27001/27031 and GDPR — no spreadsheet archaeology required.
Watch the platform, the AI assist, and the human operators play their parts — from first IoC to a sealed evidence bundle.
EDR + entropy spike + DNS exfil pattern correlated across 14 nodes. INC-44219 opened, blast-radius scoping started.
Opinionated choices, not laundry lists. Each layer earns its place by what it survives — process death, region loss, silent data corruption — not by what it ships in a brochure.
Detection needs deterministic numerical models; explanation needs natural language. We split the brain in two and chain them — fast classifiers feed a small LLM that narrates the why.
Every action is cryptographically witnessed. Regulators don't ask twice.
{
"incident": "INC-44219",
"ts": "2026-05-08T12:04:21Z",
"actor": "ai.assist::v4.2",
"action": "RESTORE_FROM_SNAPSHOT",
"target": "BSS-CRM-04",
"snapshot": "vault-09::8201994",
"operator": "k.lindqvist@telco.eu",
"fido2": "ok",
"hash": "9af3...c7e1",
"prev": "1d0b...44a9",
"rto_sec": 214,
"rpo_sec": 18
}Pin this to the wall. Everything in SENTINEL/RX is judged against it.
“Build a real-time, AI-assisted cyber recovery control plane with strong visual orchestration, explainable AI decisions, strict security gating, and telco-aware dependency intelligence.
The experience must feel like a mission-critical NOC + AI assist, optimized for speed, trust, and auditability during high-pressure incidents.
Every screen answers the operator's first question in under a second. No spinners on critical paths. Defaults are the safe action.
The AI explains itself or stays silent. Confidence scores are visible. Humans always own the irreversible step.
Every click, every signal, every decision lands in a tamper-evident ledger — pre-mapped to the frameworks regulators will ask about.
Schedule a 30-minute mission-control walkthrough with our telco resilience architects.