How Bear Works

Transparent Connected Device Security

Security is notoriously intrusive, reaching into all system layers.

Bear is architected to run transparently at the lowest possible level on each device, which means that it has no impact on applications, systems or networks. 

Because Bear runs transparent to applications and systems, changes can be made in real time at any frequency without business disruption.

 Bear starts by putting an agent, that enables a virtual Security Kernel, on every device.  This embedded Security Kernel consists of a low-level driver and no UI. The Security Kernel consists of a collection of workflow engines completely controlled by policies which are managed at many levels through a visual device management portal.

Because Bear uses workflow engines, rather than hard-coded behavior, it is able to deliver dynamic security through policies. All of the behaviors of the virtual security kernel are controlled by policy.


Bear leverages it proprietary secure device blockchain technology to register every endpoint and prevent breaches in transit.  Using a lightweight blockchain, Bear ensures complete protection from device to cloud without the cumbersome overhead. Bear enables autonomous endpoint enforcement which provides the scalability required by largescale deployments.

Bear normalizes data at the device level by capturing a robust set of log files as well as health and event data from each device and normalizing this information with dynamic mappings controlled through policy. Cleaning data at the point of collection ensures that all data looks the same during analysis to provide more accessible, deeper insights and superior clarity in terms of anomaly detection.

If you are interested in discussing what Bear can do further, please contact us!