Centro Criptológico Nacional STRICTLY CONFIDENTIAL. Do not share this document with third parties under any circumstances.
We built the entire platform from scratch. The visual layer (dashboard, alert management, reporting, onboarding, deployment) is fully proprietary. The architecture is multi-tenant with segmented databases per client, ensuring total data isolation between organizations. Each client operates in a logically independent environment with its own security policies, configurations, and access roles.
The main infrastructure runs on Azure, but the design is cloud-agnostic. When the market or client requires it, we deploy dedicated infrastructure on any cloud provider. For example, with KPMG in Middle East we run on Oracle to comply with local data residency regulations. The platform is ready for deployment in any region without rewriting code, only infrastructure configuration.
At dependency level, we work with SentinelOne (partner) for EDR and SOC 24/7 (L1 and L2) and vulnerability scanning. L3 escalations are managed by BlackfishID directly. For threat intelligence, we integrate feeds from Mandiant, VirusTotal, and AlienVault OTX, enabling multi-source threat correlation. The entire correlation engine, data leak monitoring, domain protection, compliance reporting, deployment automation, and platform management layer is proprietary.
Data sovereignty is not a feature we bolt on. It is core to how the platform is designed. Every deployment guarantees that client data stays within the jurisdiction required: EU data in Azure Europe, KSA data in Oracle Riyadh and Jeddah, with full regional isolation and no data leaving the territory.
This is a structural differentiator. Competitors like Coro, Guardz, and Aura operate on shared cloud SaaS hosted in the US or Israel. They cannot offer dedicated infrastructure per country or comply with local data residency requirements for government and defence clients. Our architecture allows us to enter regulated markets that are simply inaccessible to them.
We are entering the CPSTIC catalogue (CCN, Centro Criptológico Nacional) and pursuing ENS Alto, ISO 27001, and DORA compliance. These certifications require specific product architecture: segmented databases, data residency controls, audit trails, and encryption standards that cannot be retrofitted easily. Once obtained, they act as a compounding barrier to entry.
In KSA, the platform is designed to comply with NCA (National Cybersecurity Authority) standards and PDPL (Personal Data Protection Law), with local key management, BYOK/HYOK encryption, and KSA-based IAM.
Each new certification stacks on top of the previous ones. A competitor entering today would need 12-18 months just to match our compliance position, and that assumes they already have the architecture to support it.
The Spanish Ministry of Defence is an active client with a signed contract (2025) and a new contract for 2026 in negotiation exceeding €1.5M. In cybersecurity, a defence contract is the strongest possible reference. It validates the product for any government, regulated industry, or enterprise prospect. These relationships are built over years and are extremely sticky: once deployed in a defence environment, switching costs are very high.
Long-term defensibility