Under the Hood

Open Technology.
Independent by Design.

Scalefield Secure is built entirely on open-source technologies and open standards. Your compliance data must outlive any vendor relationship — and our architecture guarantees it.

Explore Parquet Deep Dive Get in Touch
Open Tech First

Built on Battle-Tested
Open Technologies

Your compliance data must outlive any vendor relationship. Scalefield Secure is built entirely on open-source technologies and open standards — ensuring your audit archive remains yours to read, query, and migrate, regardless of what happens to any single vendor. That is not just good engineering — it is a compliance requirement.

Apache Parquet — Long-Term Compliance Archive

Columnar 10× Compressed Open Format 10+ Year Archive

Compliance frameworks — SOX, GDPR, HIPAA, PCI DSS — mandate audit data retention for 5 to 10 years. Scalefield Secure persists every audit event in Apache Parquet: a columnar, highly compressed open format that makes decade-long archives genuinely affordable. Parquet's columnar layout typically achieves 8–12× compression over raw row-based logs, meaning a terabyte of compliance history costs a fraction of legacy solutions. And since Parquet is an open standard, your archive is yours — readable by DuckDB, Spark, Trino, Athena, or any analytics tool, forever.

Deep Dive: How Parquet Works →

Three Collection Methods

pgAudit pg_secure_gather Cloud API

Scalefield Secure supports three PostgreSQL audit collection methods: pgAudit integration for managed clouds and quick starts, pg_secure_gather for WAL-embedded tamper-proof collection with zero admin access, and cloud API connectors for fully managed services. All three feed into the same Parquet-archived compliance pipeline.

Kubernetes-Native Architecture

Microservices Auto-Scaling GitOps-Ready

Every component — collectors, the secure engine, dashboards — runs as a Kubernetes workload. Deploy on Minikube for PoC, OpenShift for enterprise on-prem, or EKS/GKE/AKS in the cloud. Helm charts, Operator support, and GitOps pipelines included.

Object Storage Backends

S3 Compatible Ceph Filesystem

Choose your storage tier: local filesystem for PoC, self-hosted Ceph for on-prem petabyte-scale archiving, or any S3-compatible object store (AWS S3, MinIO, Azure Blob, GCS) for cloud deployments. Lifecycle policies automate tiering and retention.

ML Algorithms

Isolation Forest DBSCAN K-Means LOF Markov Chains LLM-Ready

Six concurrent detection algorithms cover every angle: Isolation Forest and Local Outlier Factor for anomaly detection, DBSCAN and K-Means for behavioral clustering, Seasonal Decomposition for temporal patterns, and Markov Chain Analysis for operation sequence mining. Pluggable architecture supports GPU acceleration and custom language models.

Explore all algorithms →

Advanced Scheduling & Orchestration

Job Scheduling Container Orchestration Auto-Recovery

Scalefield Secure includes a built-in scheduling engine that orchestrates audit collection, data transformation, archival, and alerting across your entire database estate. Jobs are managed as container workloads with automatic retry, failure recovery, and dependency-aware execution ordering — ensuring every step of the compliance pipeline runs reliably without manual intervention.

Data science algorithms and techniques used in Scalefield Secure
Digital Independence

Compliance Without
Dependency

True compliance demands sovereignty over your own audit data. If your compliance infrastructure depends on a single vendor's proprietary format, runtime, or cloud — your regulatory posture is only as durable as that vendor's business model. Scalefield Secure is built to eliminate that risk.

Open Formats, Not Promises

Every audit event is stored in Apache Parquet — an open, self-describing columnar format readable by hundreds of tools without any license or runtime. Your 10-year compliance archive will never require a vendor's proprietary reader.

Deploy Where You Decide

On-premise, in your private cloud, across hyperscalers, or in a hybrid topology. Scalefield Secure runs identically everywhere — no vendor cloud required, no data leaving your jurisdiction without your explicit decision.

European Engineering, Global Reach

Built by CYBERTEC in Austria with 25+ years of PostgreSQL expertise. Engineered under European data protection standards, supported from 7 countries — an independent alternative to US-centric compliance platforms.

Auditor-Ready by Design

When a regulator arrives, they will not install your vendor's proprietary software. Parquet files are immediately verifiable by any independent party — no black box, no export step, no trust-the-vendor moment.

"When the auditor arrives, they should be able to verify your compliance data with their own tools — not yours. That is what open standards deliver."
AI-Powered Compliance

Beyond Auditing.
Intelligent Compliance.

Scalefield Secure integrates advanced data science — from Isolation Forest anomaly detection to DBSCAN clustering — to uncover hidden patterns, detect threats, and transform raw audit data into actionable intelligence.

Aggregate Data at Scale

Process millions of audit events across hundreds of database instances in real time.

Alert on Violations

Automatic detection of compliance breaches — such as unauthorized schema changes, privilege escalations outside change windows, or access to sensitive tables from unexpected source IPs.

Compliance Reporting

Generate audit-ready reports with full traceability for regulators and internal governance.

Full Visibility

Extensible AI integration with pluggable modules — add custom anomaly models for your specific regulatory domain, leverage GPU acceleration for large-scale pattern analysis, or integrate language models for natural-language audit queries.

Advanced data science capabilities with anomaly detection and pattern recognition
Detection Algorithms

Six Algorithms.
Every Angle Covered.

Scalefield Secure combines multiple detection strategies — anomaly detection, clustering, temporal analysis, and sequential pattern mining — so threats that evade one method are caught by another.

Anomaly Detection

Isolation Forest

Unsupervised anomaly detection that isolates outliers by randomly partitioning data. Anomalous points require fewer partitions to isolate — no labeled training data needed.

Compliance example

An admin account suddenly queries sensitive HR tables it has never accessed before. Isolation Forest flags the session immediately — even though the query itself is syntactically normal.

Unsupervised Real-Time No Training Labels
Density Clustering

DBSCAN

Density-based clustering that discovers groups of similar behavior without predefining the number of clusters. Points in low-density regions are automatically classified as noise — i.e., outliers.

Compliance example

DBSCAN groups 200 database users into behavioral peer clusters. A single developer whose query profile diverges from their entire engineering team is surfaced as noise — triggering a review of their access scope.

No Predefined k Noise Detection Peer Grouping
Centroid Clustering

K-Means

Partitions database activity into k behavioral segments by minimizing intra-cluster variance. Each cluster represents a distinct usage archetype — new activity that falls far from all centroids triggers investigation.

Compliance example

K-Means segments activity into archetypes: “batch ETL”, “interactive analyst”, “service account”, “DBA maintenance”. A new session that doesn’t match any known archetype — perhaps mixing DDL commands with bulk data export — is flagged for review.

Baseline Profiling Role Segmentation Drift Detection
Local Outlier Detection

Local Outlier Factor

Compares the local density of each data point to its neighbors. Unlike global methods, LOF catches anomalies that are only unusual relative to their immediate context — subtle deviations that Isolation Forest might miss.

Compliance example

A developer runs 500 queries per day — normal for the company overall, but their team averages 80. LOF detects this local anomaly even though global thresholds see nothing unusual, revealing a potential credential misuse or over-privileged account.

Context-Aware Subtle Anomalies Peer Relative
Temporal Analysis

Seasonal Decomposition

Decomposes audit event streams into trend, seasonal, and residual components. Learns normal time-of-day and day-of-week rhythms for each database, user, and application — then alerts on deviations in the residual signal.

Compliance example

A production database shows a spike of DDL statements at 2:00 AM on a Sunday — outside the learned weekly maintenance window. The seasonal model flags this as a residual anomaly, triggering an immediate SOX-relevant alert for unauthorized schema changes.

Time-Aware SOX / PCI DSS Access Windows
Sequential Pattern Mining

Markov Chain Analysis

Models the transition probabilities between database operations. Learns typical sequences (SELECT → UPDATE → COMMIT) and flags transitions with near-zero probability — operations that “should never follow” each other.

Compliance example

A session issues GRANT ALL followed by COPY TO — a privilege escalation immediately followed by a bulk data export. The Markov model assigns this transition a probability of 0.001%, flagging a potential data exfiltration attempt in real time.

Operation Sequences Exfiltration Detection Privilege Escalation

Algorithm Coverage Matrix

Each algorithm excels at a different dimension of compliance risk. Scalefield Secure runs all six concurrently — what one misses, another catches.

Threat Dimension Primary Algorithm Reinforcing Algorithm
Unknown access patterns Isolation Forest Local Outlier Factor
Role & peer deviation DBSCAN K-Means
After-hours / weekend access Seasonal Decomposition Isolation Forest
Privilege escalation chains Markov Chain DBSCAN
Data exfiltration sequences Markov Chain Seasonal Decomposition
Subtle volume anomalies Local Outlier Factor K-Means
Deep Dive

Apache Parquet for Compliance Archiving

A full technical exploration of why Scalefield Secure chose Parquet — file format internals, encoding, compression, and querying at scale.

Read the Deep Dive →