Ctrlk
Changelog NotificationsAPIAikido login

How Does Device Protection Work?

Aikido Device Protection installs a lightweight Layer 4 proxy on each device. It only inspects supported package manager traffic. Everything else bypasses it.

Decisions happen on the device

All allow and block decisions happen locally. Aikido does not receive your traffic, browsing history, or downloaded files.

The agent downloads only the data it needs to enforce policy:

  • Allowlists and blocklists

  • Malware signatures

  • Policy rules and exceptions

After that sync, the device can enforce rules on its own.

It only intercepts supported ecosystems

The proxy is not a general web filter. It only intercepts supported package ecosystems. All other traffic passes through unchanged.

Supported package managers use HTTPS. To inspect that traffic, the agent installs a local Certificate Authority on the device. That CA is generated and stored locally. It never leaves the device. It is only used for the ecosystems Aikido monitors.

Custom CA is located in /Library/Application Support/AikidoSecurity/EndpointProtection/run/endpoint-protection-combined-ca.pem on Mac

Aikido only sees install outcomes

Package contents stay on the device. General browsing stays invisible to Aikido.

Aikido only receives install outcomes, such as:

  • Allowed installs

  • Blocked installs

  • Flagged installs

Sync and reporting frequency

The agent stays in sync with Aikido on a predictable schedule:

  • Heartbeat: every 10 minutes

  • SBOM: generated and synced once a day

  • Installs and blocks: reported immediately

The agent needs outbound internet access to reach Aikido. Allowlist *.aikido.dev over HTTPS on port 443.

Limitations

  • Aikido Device Protection is not a virus scanner. It does not inspect files, processes, or your system for existing threats. Instead, it works by blocking malware before it can reach your device. This means that if malware is already present on a device, Aikido Device Protection will not detect or remove it, and the device should be considered compromised.

  • Aikido Device Protection currently does not support Docker or Podman on macOS

Last updated

Was this helpful?