Email to schedule an appointment: contact@abatis.ch
STOP CYBER ATTACKS
BEFORE THEY START.
CONTROL WHAT EXECUTES.
CONTROL THE OUTCOME.
Abatis delivers Execution Authority at the operating system layer. DXI ensures only authorised execution paths are permitted, preventing unauthorised software, scripts, persistence mechanisms and attack techniques from becoming operational.
Zero Breaches
in 20+ Years
Ultra-Lightweight
Maximum Protection
Zero Updates
Required
The cost of getting it wrong has never been higher.
If you are responsible for protecting your organisation, the challenges are familiar. Ransomware can halt operations overnight. A single compromised endpoint can become the starting point for a major incident. Zero-day vulnerabilities emerge faster than organisations can patch them, and Artificial Intelligence is accelerating the creation and adaptation of attack techniques. Security teams are overwhelmed by alerts, whilst boards, regulators and customers expect uninterrupted resilience.
At the same time, organisations are being asked to protect increasingly complex environments. Legacy systems cannot always be upgraded, and Operational Technology cannot always be taken offline. Supply chains are growing larger and more interconnected; every software update, third-party application, supplier dependency and trusted tool introduces potential risk. According to IBM's Cost of a Data Breach Report, organisations take an average of 258 days to identify and contain a breach. More than eight months may pass between an attacker gaining a foothold and the incident being fully understood and contained.
This is not because security teams are failing; much of modern cybersecurity was built around a single assumption: attackers will eventually gain access. For more than two decades, the industry has focused on detecting attacks, investigating incidents and responding once unauthorised execution has already occurred. Antivirus, EDR/XDR, MDR, SIEM, threat intelligence and Security Operations Centres all play important roles, but they are fundamentally designed to operate after execution has begun.
As cyber threats continue to evolve, organisations are increasingly looking beyond detection and response towards models that prevent unauthorised execution from becoming operational in the first place.
Every successful cyberattack ultimately depends upon execution. Ransomware must execute. Malware must execute. Living Off The Land techniques, fileless attacks and persistence mechanisms must execute. Without execution, the attack fails. Controlling execution is therefore one of the most important challenges in modern cybersecurity.
Rethinking the foundations of modern cybersecurity.
The global cybersecurity industry now represents hundreds of billions of dollars in annual investment. Yet the economic impact of cybercrime is routinely measured in trillions of dollars each year. Organisations have never invested more heavily in cybersecurity technologies, specialist personnel or regulatory compliance. At the same time, the operational and financial consequences of cyber-attack continue to increase.
This disparity raises an important question: If investment continues to grow whilst disruption becomes more frequent and more costly, are we solving the right problem?
Every significant cyber incident raises familiar questions. How did this happen? Why were existing security controls unable to prevent it? Why did organisations with experienced security teams, mature governance programmes and substantial investment still suffer operational disruption?
For more than three decades, the cybersecurity industry has concentrated primarily on recognising malicious activity. Each new generation of threats has been met by another generation of detection technologies. More telemetry is collected. More behavioural analysis is performed. More intelligence is gathered. Existing security architectures become progressively more sophisticated in an attempt to recognise and respond to the next attack. Despite continual innovation, the economic impact of cybercrime continues to grow.
Whether examining ransomware attacks, supply chain compromises, insider threats, software vulnerabilities or failures involving trusted technology providers, the industry's response has remained remarkably consistent: Detect, investigate, contain, and recover.
Yet the underlying assumption rarely changes.
Modern cybersecurity has largely focused on determining whether software, updates and digital activity appear trustworthy after they have entered the environment. Sometimes the initiating event is malicious. A ransomware payload, an unauthorised script or an Artificial Intelligence generated attack attempts to establish itself within the environment. Sometimes it is not malicious at all. A compromised software update, an operational error or an unexpected failure within trusted infrastructure can produce equally disruptive consequences. Recent events involving SolarWinds, Colonial Pipeline, Microsoft, CrowdStrike, Cloudflare, Marks & Spencer, the Co-operative Group, Jaguar Land Rover, and Harrods demonstrate that the origin of disruption may differ, but the operational consequences are often remarkably similar.
The common factor is not the nature of the event. It is the loss of authority over what becomes operational within the environment.
Once software, updates or system changes become operational, organisations are frequently forced into detection, investigation, containment, and recovery. Whether the event is malicious or accidental, the operational response begins after the initiating change has already taken effect. Security becomes an exercise in managing consequences rather than maintaining authority over execution itself.
We believe this assumption deserves to be challenged.
Rather than continually asking whether software appears trustworthy, perhaps organisations should first determine whether it should be permitted to become operational at all.
This is not simply a different security product. It is a different architectural philosophy. Rather than relying exclusively on probabilistic technologies that attempt to determine whether software may be malicious, it establishes deterministic authority over what is permitted to become operational within the environment. The objective is no longer simply to recognise attacks more quickly. It is to prevent unauthorised execution before operational consequences can occur.
That architectural shift is the foundation of Deterministic eXecution Integrity (DXI).
A new cybersecurity category built around control.
Abatis introduced Deterministic eXecution Integrity (DXI), a cybersecurity category designed to control execution before damage can occur.
For more than two decades, cybersecurity has largely focused on detecting malicious activity after execution has begun, identifying and responding to threats once an attack is already underway. DXI was developed around a different principle. Rather than attempting to determine whether software is malicious, DXI determines whether execution is authorised.
If authorised, execution proceeds. If unauthorised, execution is prevented.
This simple distinction changes the security model. Instead of attempting to predict what an attacker may do, DXI focuses on controlling what is permitted to execute within the environment. By enforcing deterministic control at the operating system layer — applying the same policy decision every time for the same execution context — DXI prevents unauthorised execution paths from becoming operational. These include the paths used by ransomware, malware, zero-day attacks, Living Off The Land techniques, fileless attacks, persistence mechanisms and unauthorised software.
DXI shifts cybersecurity from a model centred primarily on detection and response towards one built on deterministic prevention, operational resilience and execution control.
Better Security. Lower Complexity. Greater Control.
DXI matters because it translates a different technical model into tangible business outcomes. By preventing unauthorised execution before damage can occur, it reduces exposure to ransomware, malware, zero day attacks and other unauthorised execution paths, lowering both the likelihood and impact of major incidents. This directly supports CISOs’ core mandate to reduce operational risk and avoid disruptive security events.
DXI also improves SOC efficiency. Instead of asking analysts to sift through high volumes of suspicious activity, it shifts focus onto enforcing a smaller, well defined set of authorised execution paths. That in turn helps reduce alert fatigue, analyst burnout and operational overhead, while improving mean time to detect and respond and stabilising day to day SOC workload.
Deterministic enforcement significantly reduces noise. Because DXI makes a clear, policy driven decision about whether execution is authorised, it can cut unnecessary logging, event generation and “background” security chatter, helping organisations lower SIEM ingestion, storage requirements and monitoring overheads. The result is less operational drag for the same or better security posture.
From a resilience perspective, DXI reduces exposure to operational disruption and downtime caused by malicious code, compromised software, unauthorised change and unintended system modification. Protection does not depend on recognising specific threats, which makes DXI effective against AI generated malware and rapidly evolving attack techniques that may not match known patterns.
For many organisations, legacy system protection is a critical concern. DXI enables them to protect legacy operating systems, Operational Technology and critical infrastructure that cannot easily be patched or replaced, without forcing costly upgrades or disruptive redesign. By avoiding dependence on signatures, behavioural analysis, external threat intelligence feeds and continuous cloud connectivity, DXI reduces the number of moving parts in the security stack and lowers operational burden.
Unlike heuristic and behavioural systems, DXI enforces policy based on authorisation, eliminating much of the uncertainty associated with probabilistic detection and allowing organisations to focus on governance, risk management and operational resilience. At the same time, it helps maintain authority over execution and change without relying on external telemetry, third party intelligence or cloud based decision making, supporting broader cyber sovereignty and strategic control objectives.
Cyber Sovereignty
No telemetry.
No external dependency.
No cloud reliance.
Unaffected by AI
As AI accelerates malware creation, detection becomes increasingly difficult. DXI remains effective because it does not need to recognise malware.
Legacy Systems
Protect Windows NT4 through Windows 11 and critical OT systems without modification.
Operational Resilience
Prevent ransomware, unauthorised updates and supply chain compromise.
The practical impact of controlling execution before it occurs.
Stops payload execution regardless of origin or sophistication.
Up to 99% reduction in log noise and unnecessary alerts.
Removes dependency on layered detection tools.
Eliminates overhead from EDR/XDR tooling.
No telemetry.
No data leaves the estate.
Deterministic control at the operating system layer.
Abatis delivers Deterministic eXecution Integrity (DXI) by enforcing control at the operating system layer. Rather than attempting to identify malicious behaviour after execution has begun, Abatis determines whether execution is authorised before it becomes operational, allowing organisations to move beyond a security model based on detection and response towards one centred on prevention and control.
Lightweight (<100KB), deployable to endpoints, servers, OT and legacy systems.
DXI is introduced as a practical process that most security teams will recognise. Abatis is deployed across the estate with a lightweight footprint of less than 100KB per endpoint and can be installed on endpoints, servers, operational technology, critical infrastructure and legacy environments, including unsupported systems. It operates without dependence on cloud connectivity, external threat intelligence or continuous signature updates and is managed through centralised policy control, making it suitable for connected, disconnected and fully air gapped environments.
Audit mode (1–2 weeks)Full visibility of all software, binaries and activity across the estate.
Once deployed, Abatis begins with an audit and discovery phase. It observes the environment and builds a complete picture of software execution across the estate, providing visibility into applications, processes and execution paths without disrupting operations. This gives organisations a clear understanding of what is running within their environment before any enforcement is introduced.
Using the information gathered during this audit phase, organisations define trust by identifying and approving authorised execution paths. This creates a trusted operational baseline aligned with business requirements. Instead of trying to catalogue or classify every piece of malicious software, Abatis focuses on defining what is authorised to execute and treats everything else as untrusted.
Policy enforcementAuthorised execution is defined and locked.
After the trusted baseline is established, Abatis transitions into enforcement. Authorised execution proceeds normally, while unauthorised execution is prevented, regardless of whether the attempt comes from malware, ransomware, zero day exploits, compromised software updates, removable media, Living Off The Land techniques, fileless methods, persistence mechanisms or other unauthorised execution paths. By controlling execution at the operating system layer, Abatis prevents many attack chains from becoming operational, including those involving ransomware, general malware, zero day attacks, LOTL activity, fileless techniques, persistence mechanisms, unauthorised software, compromised updates and wider supply chain compromise.
Unauthorised code is blocked at the kernel before execution (sub-millisecond).
This model delivers several practical benefits for buyers. Deterministic prevention ensures unauthorised execution is blocked before damage can occur. Operational simplicity follows from the absence of reliance on signatures, heuristics, behavioural analysis or threat intelligence feeds. Legacy protection extends from Windows NT4 through to Windows 11, all versions of Linux and Android devices, and across servers, embedded platforms and operational technology, giving organisations a way to harden systems that cannot easily be patched or replaced. Operational resilience is strengthened by reducing exposure to malicious code, compromised software and unintended system change. Above all, Abatis restores execution control to the organisation, ensuring that authority over what is permitted to operate within the environment resides with the owner, not with external vendors or opaque detection pipelines.
Supports Legacy Systems
From NT4 to modern OS, Abatis protects it all.
Cost-negative Impact
Reduces OPEX, simplifies security stack.
Self-protecting Code
Cannot be disabled, even by privileged users.
Trusted where failure is not an option.
For more than two decades, the technology underpinning Abatis has been independently tested, operationally deployed and continuously renewed across high-assurance environments where security, resilience and operational continuity are critical. Independent validation includes assessments and evaluations by organisations such as Airbus, Lockheed Martin, Armasuisse, Bank of America and 3B Data Security.
Operational deployments span air traffic control systems, critical national infrastructure, defence environments, financial services, ports and logistics, and a wide range of operational technology.
Abatis has more than 20 years of development and deployment, with no reported successful compromise of an Abatis protected endpoint and no published CVEs, and has been proven in connected, disconnected and fully air gapped environments.
Defence and Financial Services
Tested, validated and trusted by leading global defence and financial organisations.
Government and National Infrastructure
Used within UK Government environments, including nuclear infrastructure.
Air Traffic Control Systems
Successfully deployed in operational environments for more than a decade.
Port of Hamburg
Protecting critical operations through 17 years of continuous renewal.
Ownership does not always mean authority.
Across the world, organisations are increasingly focused on cyber sovereignty, resilience and reducing strategic dependency. Governments, critical infrastructure operators and enterprises are investing heavily in secure infrastructure, resilient supply chains and greater control over digital assets, yet an important question often remains unanswered: who ultimately controls what is permitted to execute?
Modern organisations invest heavily in governance and risk management. Financial transactions require approval, access to sensitive information is controlled, intellectual property is protected and physical facilities are secured. Critical infrastructure is monitored and operational processes are subject to oversight and accountability. Almost every aspect of the organisation is governed through policies, controls and authorisation.
Yet when it comes to software operating at the heart of the business, a different model often applies. Operating systems, security products, applications and third party software are routinely granted privileged access to critical systems. Updates, patches, configuration changes and new code are frequently introduced into production environments, often based on trust rather than direct authority over what is permitted to execute. This creates a paradox: organisations maintain strict governance over their most valuable assets whilst often relying on trust when software is allowed to alter the systems that support them.
Whether disruption originates from a cybercriminal, a compromised supply chain, human error, a software defect or a trusted third party, the outcome is often the same: someone else determines what executes inside the environment. This is why cyber sovereignty must extend beyond ownership, geography and jurisdiction. An organisation may own its infrastructure, control its data and operate within a sovereign jurisdiction, yet still depend upon vendors and third parties to determine what software is permitted to execute within its environment. Ownership alone does not guarantee control; true cyber sovereignty requires authority over execution and change.
DXI was designed to address this challenge. By enforcing deterministic control at the operating system layer, DXI helps organisations retain authority over what is permitted to execute inside their environment, regardless of where software originates or how it arrives. Security becomes a matter of control rather than trust, and execution becomes a matter of authorisation rather than assumption.
Authority Over Execution.
Control Over Change.
Sovereignty Through Control.
DXI protects any system where control, resilience and security matter.
Cyber threats do not respect industry boundaries; wherever software executes, there is potential for unauthorised execution, operational disruption and compromise. DXI provides deterministic control across modern enterprise infrastructure, legacy systems, operational technology and critical national infrastructure. Whether protecting a single endpoint or a globally distributed estate, the principle remains the same: only authorised execution should be permitted.
Built for a future where authority matters as much as visibility.
Organisations today face a rapidly changing threat landscape. Artificial intelligence is accelerating the creation of malware. Software supply chains have become increasingly complex. Dependence on external services, cloud telemetry and third-party intelligence continues to grow.
As these dependencies increase, so does the importance of maintaining control over critical systems and data. DXI was designed for organisations that require certainty, resilience and cyber sovereignty. By preventing unauthorised execution at the operating system level, DXI provides protection that is independent of signatures, behavioural analytics and external intelligence feeds.
When security becomes a matter of sovereignty, prevention matters.
Our FAQ page has you covered.
Discover Proven Strategies for Cyber Protection
This site uses cookies to provide you with the best experience on our website. Please, accept cookies for optimal performance. For full details, see our Privacy Policy