AI-POWERED CYBER DEFENCE FOR EU SMES & PUBLIC SECTOR

On-Prem AI SIEM & SOAR
built for data sovereignty.

Armora unites log collection, AI analytics, and automated response in a privacy-first platform that runs on your infrastructure. Protect critical services, stay compliant with GDPR & NIS2, and keep sensitive data inside your own walls.

Local LLM — no external cloud Designed for SMEs & public organisations On-prem · Hybrid · Cloud
Request live demo
  • Collect and correlate logs from servers, firewalls, cloud and OT edge devices.
  • Let a private LLM explain incidents and suggest next steps in plain language.
  • Trigger playbooks to contain threats in seconds, not hours.
Runs on your servers or private cloud. No sensitive data sent to public LLMs.
Who it is for

Built for real-world teams with limited time and budget.

Cyberfort Armora is designed for security and IT teams that need strong protection, but cannot afford complex, cloud-only SIEMs or external data processing.

Typical Armora customers

SMEs
50–500 employees,
critical data & services.
Public bodies
municipalities, agencies,
education & utilities.
Municipal & public IT

Monitor critical services, citizen portals and email systems with centralised SIEM that respects data sovereignty.

Regulated SMEs

Finance, healthcare, legal and manufacturing organisations that must prove GDPR & NIS2 controls and incident handling.

Energy & OT environments

When combined with Cyberfort EdgeGuard, Armora becomes the central brain for monitoring and controlling OT edge devices.

What Armora does

SIEM, SOAR and private AI in one platform.

Armora collects security logs, correlates events, and turns them into clear, actionable incidents. A local LLM explains what is happening and helps you decide how to respond — or triggers playbooks automatically.

On-prem SIEM

Centralise logs from Windows, Linux, firewalls, cloud services and OT devices. Keep raw and enriched events inside your own infrastructure.

  • Flexible collectors & normalisation.
  • Time-based search and correlation.
  • Hot + archive storage strategies.
SOAR playbooks

Turn repetitive response tasks into reliable automations: isolate machines, block indicators, notify teams and open tickets.

  • Visual playbooks and approval steps.
  • Manual, scheduled or rule-triggered runs.
  • Audit trail for every action taken.
Private AI analyst

A local LLM reads raw logs and incidents, explains what is happening and recommends remediation steps — in plain language.

  • No data sent to public LLM services.
  • Vector search for similar past incidents.
  • EU-friendly data sovereignty by design.
Compliance & reporting made practical

Armora supports your GDPR, NIS2 and ISO 27001 journeys by making security events traceable and understandable for both IT and management.

Incident timelines Evidence exports Policy-to-control mapping
Training & capacity-building

Beyond tooling, Armora comes with structured training content to raise awareness across non-technical staff and help build a security-aware culture.

Guided onboarding Awareness sessions Platform walk-throughs
How it works

From raw logs to decisions in three steps.

Armora is built to be deployed on a single on-prem server or private cloud VM. It fits into your existing environment without forcing you to move data abroad.

1
Connect your sources

Point Windows, Linux, firewalls, SaaS and OT/EdgeGuard devices to Armora’s ingest endpoints or use supplied collectors.

2
Correlate & analyse

Armora normalises events, applies rule-based detection, then asks a local LLM to summarise and prioritise what matters.

3
Respond & improve

Run playbooks to contain incidents, then feed outcomes back into rules and AI to continuously improve detection quality.

Armora + EdgeGuard: from visibility to control.

When paired with Cyberfort EdgeGuard devices, Armora becomes the central command plane for your OT and energy infrastructure: collecting Modbus and network telemetry from substations, applying AI analytics, and pushing updated policies and firmware back to the edge.

  • Fleet view of all EdgeGuard devices & last health status.
  • Secure command channel for OTA updates and playbook-driven actions.
  • Escalation mechanisms to isolate compromised sites or switch communication channels in case of breach.
Made in Europe

Aligned with EU cybersecurity policy.

Armora was designed around the same principles described in the Cyberfort Armora EU project: local processing, data sovereignty, and support for SMEs and public sector entities that must comply with GDPR and NIS2.

  • Local or EU-resident deployment — no mandatory use of non-EU hyperscalers.
  • Data minimisation and clear retention controls.
  • Evidence and reporting to support audits and certification efforts.

Whether you are just starting your cybersecurity journey or enhancing an existing SOC, Armora helps you meet policy expectations with a solution that matches real budgets and skills.

Deployment & onboarding

Simple to start. Ready to grow.

Armora can start as a single on-prem node and evolve into a multi-site deployment. The same architecture supports WAMP on Windows, native Ubuntu and Docker-based environments.

MVP deployment

Install on an existing Ubuntu or WSL host alongside EdgeGuard, connect a first set of log sources, and validate detection quality.

Full roll-out

Extend to additional business units and OT sites, connect to Azure Sentinel or other SIEMs, and roll out standardised playbooks.

Pricing is structured for SMEs and public organisations: predictable subscription, on-prem friendly, with optional services for training, tuning, and integration.

Ready to see Armora in action?

Schedule a live walkthrough with the Cyberfort team and explore how Armora and EdgeGuard can secure your infrastructure.

Book a demo