Arxceo's Technologies

Arxceo’s network security solution is built upon two key technologies:

  • Arxceo’s patented lightweight firewall/IDS/IPS technology, deployable on routers as well as fixed and mobile endpoints

  • Arxceo’s management and monitoring infrastructure, which collects, analyzes, and responds to threats in real time from across all Arxceo-protected routers and endpoints.

These two technologies combine to form an ecosystem that enables Arxceo to provide defense capabilities that an ordinary IPS can never hope to achieve. Arxceo’s ecosystem allows devices to share intelligence about new threats as they emerge. Arxceo-protected clients, servers, and routers all contact the Arxceo ecosystem periodically to report any unusual activity they detect. Pattern recognition is used to identify repetitive signatures that suggest a new attacker or a new type of threat may be on the rise. Using both manual and automated tools, Arxceo can send updated rules to all Arxceo-protected devices to ensure that they can defend themselves in an ever-changing battlefield.

Hackers have been taking over computers and turning them into armies of ‘bots’ for decades now. For the first time, Arxceo allows the good guys to find safety in numbers.

The Arxceo Ecosystem

Arxceo devices work together to build a security ecosystem, as shown here.

Protected Devices

The top section of this diagram represents all of the desktops, laptops, smartphones, tablets, routers, POS terminals, and other devices in the universe that are protected by Arxceo’s core technology.

Device Management Servers

Each of these devices has a configuration that can be managed by the device management servers. These servers provide a Web-based client app that can be reached by Arxceo’s internal engineers and, optionally, by Arxceo’s partner ODMs and carriers. They allow Arxceo to control the blacklists, whitelists, event rules, and action policies for each device. Devices can be managed individually or in bulk, and the granularity of the lists and policies can be fine-tuned down to the type of network adapter (Ethernet, Wi-Fi, cellular, etc.), and even down to the transmit or the receive side of each adapter. Learn more about Arxceo’s device management servers.

Threat Analytics Servers

In addition to being managed by Arxceo, devices in the field can also send in their threat reports to the Arxceo threat analytics servers for further analysis. This allows a very tight feedback loop. Results from the analytics servers can be used immediately (and in some cases, automatically) to generate actions for part or all of the ecosystem via the management servers. Learn more about Arxceo’s threat analytics servers.

Arxceo Defenses

Arxceo protects the devices in its ecosystem using many different techniques and strategies, including pattern recognition (for detection of scans, malware propagation, etc.), protocol enforcement, blacklists, and whitelists. Here are a few of the possible actions Arxceo can take in response to malicious or suspect activities:

  • Log packet headers and metadata of high-risk packets
  • Drop packets
  • Hold packets for analysis
  • Count # of incidents of a specific threat type
  • Blacklist the source IP address of the packet
  • Fine-tune parameters on hostile networks, such as raising defenses at hotspots where we find hackers often hang out
  • Turn on packet capture, to record headers of all traffic for a limited time
  • Turn off packet capture (for example, when leaving a network)
  • Transmit logs to Arxceo immediately
  • Launch a platform-specific app to take extra action (change routing tables, notify administrator)
  • Collect data on hostile computers:
    • What physical hardware is used (MAC OUI)?
    • What network segment is ‘home’?
    • What ports are being exploited?
    • Is ToR being used?


Arxceo’s technology provides critical, unique improvements to network security that benefit many types of connected devices. Furthermore, Arxceo’s approach doesn’t require expensive, proprietary hardware to deliver performance and robustness. This makes it ideally suited to mobile and battery-powered devices of all types.

Arxceo’s ecosystem works to minimize the consequences of “zero day” attacks by allowing the devices in the ecosystem to share intelligence about emerging threats. Arxceo has developed a new approach that avoids the disadvantages of deep packet inspection and signature-based defenses. This approach provides superior performance on mobile devices and adds a new layer of protection at the forefront of security.

Optimization - Packets are still precious

In response to requests from major carriers, Arxceo has designed the reporting facility to consume as little network bandwidth as possible. Instead of consuming precious TCP session resources and numerous packets for session setup and teardown, Arxceo devices have the option to transmit security reports in UDP packets. While UDP does not guarantee 100% reliable delivery, this is a perfectly fine criterion for threat monitoring. After all, if 500,000 devices are all encountering the same threat on the same day, but only 499,000 of the reports are received, that is still more than enough data to draw conclusions and take decisive action.

UDP reports include sequence IDs, so Arxceo can determine if one or more reports from a given device were ‘lost’ due to the unreliable nature of UDP. If this should happen, and if Arxceo really needs access to the events and data recorded by a device, Arxceo can use TCP to enter into a guaranteed delivery session with the device and retrieve the missing data. Arxceo-protected devices can be configured to store event records in local persistent storage for just this contingency.

Balancing security and privacy

Arxceo can also be configured to store not only threat information, but also the headers and metadata of the actual packets involved in the attack. Since headers are tiny, this enables Arxceo to store numerous threat-related packet headers in a single UDP report. This allows network analysts at Arxceo to replay the actual packet exchanges that took place in an attack. It also allows device manufacturers and carriers to protect user privacy in two ways: first, packets are only captured when a threat is encountered; and second, only packet metadata is captured, and the contents or payloads of the packets are not recorded.

Company History

Founded in 2003, Arxceo was originally located in Huntsville, Alabama.

Arxceo's first product, the IP-1000, provided enterprise-class anti-reconnaissance and anomaly behavioral-based attack prevention in a rackmount 1U enclosure familiar to all network engineers.

Almost immediately, Arxceo followed the IP-1000's success with the IP-100...

...a portable device that incorporated the same defense tools of the rackmount IP-1000 in a form factor suitable for individual PC and even mobile laptop users.

In 2006. Arxceo Corporation was acquired by and became a subsidiary of Japan Communications, Inc. (JCI)

As part of JCI, Arxceo is able to leverage JCI's world-leading experience in providing wireless data services and solutions. Following the acquisition, Arxceo relocated its primary offices to Atlanta, Georgia.

JCI was founded in 1996 as the world's first MVNO (Mobile Virtual Network Operator), and since 2001 has been providing innovative mobile data solutions in Japan, the world's most advanced mobility market. JCI started in the wireless industry and truly understands the challenges of wireless communications. JCI pioneered the integration of wide area cellular wireless and Wi-Fi networks and has been the dominant wireless data Mobile Virtual Network Operator (MVNO) and Mobile Virtual Network Enabler (MVNE) in Japan, attaining over 50% market share in one of the world's leading wireless data markets. In 2007, JCI established the nation's first direct interconnection as an MVNO/MVNE with NTT DoCoMo's 3G UMTS nationwide cellular network in Japan.

Arxceo now monitors and manages an ecosystem of tens of thousands of mobile phones, servers, and other protected devices around the globe.

Our technology is deployed in thousands of Android smart phones, such as the Vaio. This gives our ecosystem a roving range of sensors patrolling the Internet for bad guys.