The cyberstorm is here.
Get the coverage of Zerho Endpoint and Network Detection and Response.

True protection requires an advanced security solution that analyzes a far broader set of data to outsmart the clever threats of tomorrow. Get full coverage with the world's first XDR cybersecurity solution – delivering more than the sum of its parts with Endpoint Detection and Response (EDR), Network Detection and Response (NDR), and security-specific machine learning analytics.

Why Zerho is Better:

Problem Zerho Advantage Competitors
Systems miss sophisticated attacks and generate excessive false alarms. Custom security-specific machine learning algorithms deliver superior predictive accuracy. Generic machine learning algorithms adapted from dissimilar applications yield poor accuracy.
Unmanageable quantity of incidents to resolve. Machine learning is used for both detection and remediation for improved effectiveness. Machine learning is only used for detection, leaving remediation unassisted.
Data digestion bottlenecks lead to protection failures. High-resolution data collection matched with high-capacity analytics processing delivers complete analysis. Limited processing capacity of generic machine learning algorithms require discarding vast quantities of data, resulting in incomplete analysis.

Zerho components deploy innovative advances to deliver a significantly superior comprehensive solution.


Zerho is a team of accomplished technology experts who joined forces after discovering that most existing cybersecurity products were not nearly as effective as claimed. We saw this industry shortcoming as an opportunity to challenge the status quo with a new security paradigm. Our force-multiplier approach and innovative machine learning enhances your ability to detect, defend and prevail against constantly evolving threats from active adversaries. Our goal is to provide the most advanced and effective technological solution to defend against the fiercest cyberstorms.

With this as our mission, our company was born.





    Core Products

  • Prodigy Analytics

    Zerho's flagship software, Prodigy Analytics, is a predictive and prescriptive cybersecurity analytics system. Prodigy Analytics is your force multiplier, making sense of immense quantities of complex data from your endpoints and network to deliver better actionable intelligence and remediation options.


    Machine Learning

    Machine learning is generally triple constrained between: training speed, action speed, and accuracy (comprising both precision and recall). Prodigy Analytics leverages Zerho’s expertise with special technologies and deep understanding of machine learning to simultaneously excel in all three areas. Prodigy Analytics is fast to learn, fast to act, and highly accurate.


    We know that most cybersecurity vendors are not using real machine learning. At worst, first-order math such as moving averages and standard deviation is marketed as advanced machine learning. At best, a few vendors use real but sub-optimal machine learning algorithms. The best way to verify Zerho's superior machine learning is to contact us to setup a side-by-side demo and judge for yourself.



    Prodigy Analytics has an innovative force multiplier architecture that more comprehensively addresses cybersecurity. In addition to superior predictive analytics, Prodigy Analytics delivers customized prescriptive remediation options. Our system uses a sophisticated feedback loop architecture along with machine learning technology to automatically devise the best remediation options. The system continually monitors the efficacy of the remediations and adapts. This frees up operator time spent on critically important but tedious work, and instead lets them focus on the most vital remediations. The result is a force multiplier effect where productivity skyrockets and a small platoon of operators has the efficacy of a large cyber brigade. No one will be able to hire enough SOC operators alone to effectively handle the coming cyberstorm - this force multiplier technology is your key to survival.

    Learn more...
  • Prodigy Endpoint

    Prodigy Endpoint is an Endpoint Detection and Response (EDR) software agent that continuously monitors and responds to extraordinary and ordinary threats alike. Prodigy Endpoint will enhance your security posture by providing the deep visibility necessary to detect extraordinary threats, stopping ordinary threats from executing in the first place, and forming the infrastructure to respond effectively. Get an extraordinary EDR solution.


    Prodigy Endpoint continuously collects high-resolution measurements of device activities. These measurements are sent from many endpoints to a centralized analytics system to detect extraordinary threats and provide security analysts with the infrastructure to swiftly respond. In parallel, these measurements are also processed with local analytics to stop more ordinary threats from executing. Prodigy Endpoint is extremely resilient and can operate successfully even on already compromised devices and networks.


    Supported platforms:

    • Windows
    • Mac OSx
    • Linux
    • iOS
    • Android
    Learn more...
  • Prodigy Network
    Prodigy Network is a network detection and response (NDR) system that performs granular capture and retention of network data together with signature and machine learning-based traffic analysis from Prodigy Analytics.

    Zerho’s unique software-only approach combines line-rate physical collection of network traffic with unmatched filtering sophistication to efficiently channel relevant information to the tools and decision makers that need it. Since relevance changes over time, Prodigy Network includes deep-archive network forensics capabilities typically restricted by cost and complexity to only the largest enterprises. Prodigy Network delivers relevant real-time data now and relevant historical data when you realize you need it.

    Network Packet Broker (NPB)
    Zerho’s high-performance software performs line-rate physical collection of network traffic from the fastest 100Gbps ports down to the slowest legacy connections. Data can be collected safely from out-of-band passive network TAPs and active network mirroring, or in-line with direct connections. The real-time packet processing engine offers superior filtering capabilities to maximize the efficiency of data it channels to performance, network management, analysis, compliance and security tools. Increase your insight and cut your costs by using Prodigy Network to send more needles and less hay to your tools.

    Network Forensics (NF)
    Companies take nearly six months on average to detect cyber attacks. When you learn that your organization was breached months ago, but you only retain a few day’s worth of evidence, what will you do? With Prodigy Network’s cost-effective full-packet capture, you know that you are covered.

    Prodigy Network puts high-grade network forensics within reach. Using the same sophisticated filtering capabilities as for NPB, Prodigy Network can slice packets and archive relevant data for forensics. Full packet capture, header-only capture, complex custom packet filtering and slicing – no problem – Prodigy Network was built to handle this. Prodigy Network’s vendor agnostic storage architecture maximizes your cost per GB to make long-term forensic archive attainable. Store encrypted forensic data on-premises for full physical control, or in the cloud using physical media transportation to achieve cost savings and operational simplification. When you learn that your organization was breached, you can immediately follow the full network forensics trail to see exactly what happened - even in the likely event it occurred months ago.

    Key Prodigy Network features include:

    • Sophisticated filtering of physical through application layer data
    • Unique software-only approach designed to work with both commercial-off-the-shelf on-premesis hardware and cloud infrastructure
    • Linear scalability to thousands of petabytes per second
    • Packet slicing: Full 100% packet capture, header-only capture, or a custom capture mix of full packet, partial-packet slices, header-only, and disregarded traffic as desired
    • Forensic network traffic data archive
    • Consumption pricing model – significant cost savings compared to competing solutions
    • SSL/TLS data decryption in-band and out-of-band
    • Lawful Intercept
    Learn more...
  • Supporting Products

    IMINT is an imagery intelligence system that connects the physical world with the digital realm. The system analyzes imagery data, such as security camera video feeds, to provide additional sources of useful intelligence.
  • ZerhOS

    ZerhOS is a high-performance, security-focused Linux distribution. Running a high-security OS will keep you safer by reducing your attack surface.


    Don’t run your applications on a foundation of sand – use ZerhOS as your bedrock.


    ZerhOS can be used by itself as an operating system for any purpose desired, and is the foundation on which all Zerho products run. ZerhOS security benefits include the availability of upstream updates and patches days or weeks sooner than other operating systems, more secure yet easier to use login, true full disk encryption (FDE) including parts rarely encrypted by other operating systems that claim to offer FDE, emergency self-destruction to prevent sensitive data from falling into the wrong hands, and intuitive user interface options to make these advanced features simple to use.


    These benefits are achieved through:

    • Upstream zero-day rolling-update capability.
    • Smart card PKCS#11 cryptographic authentication and decryption.
    • Fully encrypted boot partition plus fully encrypted regular partitions.
    • Emergency self-destruction:
      • Under-duress secure-wipe.
      • Dead-man switch secure-wipe.
    • Intuitive graphical user interface for installation and maintenance.


    Learn more...
  • Tox-rs

    Tox-rs is a maximum-security communication system implemented by Zerho in the Rust programming language. Tox is easy to use software that connects you from point A to B without anyone else listening in. Tox is made by the people who use it — people tired of the existing options that spy on us, track us, censor us, and impede innovation. There are no corporate interests, and no hidden agendas. Just simple and secure communication that is easy to use. Tox is completely free and comes without advertising — forever.

    Use Tox today to restore your security for instant messaging, voice, video, screen sharing, file sharing, and more.


    Everything you do with Tox is encrypted using cutting-edge open-source libraries. The only people who can see your conversations are the people you're communicating with.


    Tox has no central servers that can be raided, shut down, or forced to turn over data - the network is made up of its users. This is achieved by using DHT and direct (P2P) connections between the peers in the network. Say goodbye to server outages!


    Tox is free and open-source software. That's free as in freedom, as well as in price. This means Tox is yours - to use, modify, and share - because Tox is developed by and for the users.

    Learn more...

Price Calculator

Ahead of the competition on quality as well as cost - see for yourself with our price calculator.

Zerho Software License

Port speed 1 Gbps 10 Gbps 25 Gbps 40 Gbps 50 Gbps 100 Gbps
Link quantity
Average utilization, %
Monthly Traffic            
Price per Tbit $0.20
Subtotal 0 0 0 0 0 0
Total $0.00 per month

Zerho Software License

Link quantity Average utilization, % Monthly Traffic
1 Gbps
Subtotal: 0
10 Gbps
Subtotal: 0
25 Gbps
Subtotal: 0
40 Gbps
Subtotal: 0
50 Gbps
Subtotal: 0
100 Gbps
Subtotal: 0
Total $0.00 per month

Storage Sizing

Total traffic
Recording Mode
Header only
Full Header only Hybrid mode
Hybrid Allocation
Blue is full-capture; Green is header-only; Red is disregarded packets.
Header size
Average Packet Size
Days of Retention
Storage Required
Cloud Storage Archive
Storage Type
AWS Glacier $0.004 /GB/month
AWS Glacier $0.004 /GB/month AWS S3 One Zone-IA $0.01 /GB/month AWS GovCloud Glacier $0.006 /GB/month AWS GovCloud S3 One Zone-IA $0.016 /GB/month
First 1 days cloud costs
payable directly to Amazon
Monthly Cloud Costs thereafter
payable directly to Amazon

Pay what you want:

ZerhOS is free as in freedom, as well as in price, but you can donate to vote for new features you want us to prioritize developing.

Release from Feb 12 2019





Your vote is recorded

Prodigy Endpoint

Device Quantity
Price per Device
$30 per endpoint per year
$18,000.00 per year

Prodigy Analytics

Company Size
Endpoint Quantity
Annual Network Traffic, TBits
Price Rate
$5 per endpoint per year
$150 per Pbit
$3,000.00 for endpoint analytics
$9,468.00 for network analytics
$12,468.00 per year

Learn More

Complete the form below and we’ll get right back to discuss your business needs. We don’t hesitate because realize timing is imperative. For customer service related questions or product support, visit Customer Support  We’re quick to get back there too.


Search our Knowledge Base for answers to frequently asked questions and product documentation.
Didn't find what you're looking for? Open a support case and we'll get started on a solution right away.
Ask Zerho experts and customers for help with any questions you might have
Share and vote for ideas to improve current products.


Software Engineer Intern – Flexible Location

Zerho is offering the opportunity to join us on a summer internship. Interns at Zerho work in collaboration with senior engineers who are eager to share knowledge as you contribute to the team.

Position Summary:
This is a technical internship position designed to provide qualified students an opportunity to learn valuable knowledge in a hands-on manner, developing features for Tox, an easy-to-use yet high-security communication software. You’ll collaborate with leading software engineers to undertake a challenging project that will provide the opportunity for you to learn about new technologies, develop or enhance your skills, and make significant contributions to Zerho and the open source Tox Protocol. Specifically, you will get a chance to learn clever networking and security technologies from global experts. See the Tox Reference for more technical details:



  • Develop features for the Tox Protocol using C or Rust language.

  • Participate in design discussions.

Applicants should be/possess:

  • A current student enrolled in a technical discipline, preferably Computer Science or Electrical Engineering

  • Approaching their Junior year or beyond at the time of the internship (exceptional Sophomore or Freshmen may be considered)

  • Available for a 10-12 week internship between June and September of 2019


Previous project work in the following, a plus:

  • C, C++

  • Networking

  • Cryptography

Internships are an excellent way to get to know Zerho. Internships at Zerho may lead to full-time employment opportunities, so if you are looking to be a member of an amazing, exciting company, you have come to the right place!


Equal Employment Opportunity

It is the policy of Zerho to provide equal employment opportunities to all employees and employment applicants without regard to unlawful considerations of race, religion, color, national origin, sex, sexual orientation, gender identity or expression, age, sensory, physical, or mental disability, marital status, veteran or military status, genetic information, or any other classification protected by applicable laws. This policy applies to all aspects of employment, including, but not limited to, hiring, job assignment, compensation, promotion, benefits, training, discipline, and termination. Reasonable accommodation is available for qualified individuals with disabilities, upon request.


Sorry, there are no results matching your criteria.