Kverno

Company Details

Category

Cybersecurity

Headquarters

Madrid, Spain

Data Hosting

EU Only

Open Source

No

Pricing

enterprise

Website

https://kverno.com

About Kverno

Kverno builds the Sovereign Island: dedicated critical infrastructure, one client per island, built by a reproducible method and delivered with its recovery already proven. We design, deploy, harden and operate the platform where a security or intelligence team's sensitive systems and data live, under European jurisdiction and under the client's control. THE PROBLEM Organisations run their most sensitive systems on third-party, shared cloud infrastructure that is opaque, hard to audit and subject to foreign law. Threat-intelligence and security tooling such as OpenCTI, MISP, TheHive or Wazuh is often deployed by hand on a single server that nobody can rebuild, with backups no one has ever tested and access held by static, shared credentials. Sovereignty ends up as a claim on a slide, not a property you can demonstrate. Kverno closes that gap. It isolates the layers that cannot depend entirely on a single foreign provider (threat intelligence, critical identity, sensitive data, backups, crisis operations) onto infrastructure the client controls, without forcing the team to leave Microsoft 365, Google Workspace or Azure for everyday work. IDEAL CUSTOMER European teams that operate intelligence and security in earnest: CTI teams, SOCs, CSIRTs and CERTs, ISACs and sectoral sharing groups, and regulated organisations in defence, government, banking, insurance, energy, aerospace, telecom and healthcare. The clearest fit is a team already running OpenCTI or MISP that wants it dedicated, recoverable and operated, instead of another fragile install. We also work through systems integrators and MSSPs that need a senior delivery team for sovereign deployments. KEY FEATURES AND DIFFERENTIATORS The differentiator is not the open-source stack, which anyone can install. It is operating it as a dedicated sovereign environment. Every island is: - Dedicated: its own servers, storage, network and identity, with no co-tenancy. - Reproducible: the whole platform is described in code (GitOps) and rebuilt from that description, identically, with no manual steps. Building, repairing and rebuilding are the same operation. - Recovery-tested: before delivery we run a real recovery, rebuild and restore, and measure the time. Recovery is proven and documented, not assumed, and repeated periodically under the managed service. - Zero Trust by design: no port is open to the internet, all access passes through a Zero Trust gateway, operators reach controls with just-in-time credentials signed per session and revoked on close (no standing keys or passwords on the servers), and every session is tied to an identity, logged and revocable in one place. - Portable: everything is declarative, on open source, on infrastructure the client controls. The client can leave at any time, with a written exit guarantee from the start. No lock-in. Kverno is an Authorized Filigran Partner (OpenCTI), recognised with Premio SIC 2024 and INCIBE Emprende 2026. Its founder has spoken at the CCN-CERT Jornadas STIC and RootedCON, and has collaborated on talks with Spain's Joint Cyberspace Command (MCCE) DEPLOYMENT AND DATA RESIDENCY The product comes in three sizes: Island S (a single dedicated server), Island M (high capacity, for OpenCTI and MISP in production) and Island L (several servers in high availability, with no maintenance downtime). Infrastructure is built on European providers and operated from Europe, based in Madrid, Spain. For regulated environments that require it, a bespoke variant runs on exclusively dedicated hardware with disk encryption and verified boot, including air-gapped deployments. Data, and the systems that process it, stay under European law. The service runs in three phases: Assessment (audit and architecture), Build (ending in the recovery test) and Managed (updates, external monitoring, verified backups, recovery drills, identity and incident response). HOW WE COMPARE TO NON-EUROPEAN ALTERNATIVES A US hyperscaler keeps data subject to US law. The CLOUD Act can compel a provider with US ties to hand over data held anywhere, at times without notice, on shared infrastructure the client neither controls nor can fully audit, with exit paths that favour lock-in. With Kverno there is no foreign provider in the chain that another country's law can reach: the infrastructure is European, dedicated, reproducible and recoverable, the data stays under European jurisdiction, and the client can take everything away. Kverno is not a hosting provider competing on price, nor a generic cloud. It delivers operated, verifiable trust for systems that cannot live on shared infrastructure or as an artisanal install. This maps directly to NIS2, DORA and the EU Data Act: documented resilience, tested recovery, controlled third-party risk and real portability. Kverno. Sovereign security platforms, designed, deployed, hardened and operated from Europe.