Ira by Ghost Vector

Every AWS control has a gap.
Ira watches for when they align.

Defence in depth isn't about finding every gap in your stack. It's about having a layer that sees when your existing controls are failing together — before an AI-powered attacker exploits the path they've just mapped.

5 AWS control layers correlated simultaneously
Day 3 Operational — not a 6-month project
100% Human-approved, full audit trail

The Problem

Security controls don't fail alone. They fail together.

The Swiss cheese model has one uncomfortable truth: every control in your AWS environment — your IAM policies, your GuardDuty alerts, your CloudTrail logs, your VPC flow data — has gaps. That's not a design flaw. It's the nature of layered defence.

The design flaw is assuming those layers don't need to be watched against each other. AI-assisted threat actors don't need a zero day no one has seen before. They need your misconfigured IAM role, your unreviewed GuardDuty finding, your open egress path, and your unmonitored S3 bucket — in the same environment, at the same moment. They enumerate attack surfaces at machine speed. Your gaps were always there. What's changed is how fast someone can find the alignment.

Ira is the correlation layer your stack is missing. It watches all five AWS control layers simultaneously — and fires when your gaps are aligning, before the path is fully exploitable.

  • 5 layers Independent AWS controls watched simultaneously

    CloudTrail, VPC Flow, S3, GuardDuty, and Config — each with their own gaps, each blind to the others without correlation.

  • Minutes How fast AI tooling maps your attack surface

    Automated enumeration finds misconfigured roles, open egress paths, and exploitable drift faster than any human triage queue.

  • 1 alignment Is all it takes — one gap reinforcing another

    Ira fires when signals across multiple layers point at the same target, before that alignment becomes an exploitable path.

How It Works

From gap alignment to human-approved response — in minutes.

  1. Detect

    A signal fires across one of your control layers. Ira begins correlating immediately — no manual triage required to start watching the other four layers for matching signals.

  2. Correlate

    Five layers read in parallel. What CloudTrail, VPC Flow, S3, GuardDuty, and Config each see about the same event is assembled into a single picture — the work that takes analysts hours, done in minutes.

  3. Score

    Gap alignment gets a severity rating. A composite 0–100 score tells your team how serious this alignment is, how many layers are involved, and whether the path is actively being probed.

  4. Recommend

    Your team gets a clear next move. Ranked containment actions surface with full context. Your team approves. Nothing in your environment changes without that decision.

See how gap correlation works →

For Your Board

What gap alignment costs when no one is watching.

A defence-in-depth failure isn't a single vulnerability. It's four controls each doing their job — and none of them aware that their individual gaps have aligned into an open path. By the time a human analyst assembles the full picture from scattered logs, the path has been used.

The regulatory consequence is immediate: APRA CPS 230 requires notification within 24 hours of a material operational risk event. Most serious AWS incidents now qualify. The financial consequence compounds: organisations that contain quickly spend significantly less than those that don't — the difference between a contained incident and a disclosed breach is measured in millions and in board credibility.

Ira gives your board one defensible answer: we have a layer that watches all five control layers simultaneously, it fires when gaps align, and every response your team approves is logged and queryable. That record exists regardless of outcome.

APRA CPS 230

24-hour notification window for material operational risk events. Gap alignment detection has to happen before the clock starts — not after hours of manual log correlation.

Faster containment, lower cost

IBM 2025: organisations that contain quickly save over $1.1M compared to those that don't. The correlation layer is the difference between a rapid response and a prolonged investigation.

A defensible position

A board-ready audit trail of every alignment event, every score, every recommendation, and every action taken. The record your directors need to say, truthfully, that controls were in place and operating.

Get started

See Ira find a gap alignment in your environment.

30 minutes. Live analysis session. We run Ira across your five AWS control layers and show your team exactly what's correlating — what your controls are each seeing, and where their blind spots meet.