26 layers. One mind. Zero gaps.
Abel is a cognitive security system, not a checklist. Twenty-six interlocking layers that sense, decide, act, and remember - across SIM, signalling, session, identity, data and audit.
A loop, not a stack.
Bolt-on tools work in isolation. Abel's 26 layers share one cognitive substrate - a signal from layer 03 instantly informs layer 09, which can trigger layer 21 and write layer 23, in a single round-trip.
Sense · Layers 01–08
Telemetry, baselining, anomaly inference. Abel sees every SIM, every signalling event, every roam - in real time.
Decide · Layers 09–15
Per-SIM risk, intent classification, lawful-basis tagging, sovereignty routing. Policy compiled, not interpreted.
Act · Layers 16–22
Cryptographic provisioning, live key rotation, quarantine, kill-switch. Sub-minute response under attack.
Remember · Layers 23–26
Tamper-evident logs, route attestation, replayable forensics, continuous compliance export. Evidence, not screenshots.
Every layer, named.
Every layer, addressable.
Each layer below is a discrete control with its own threat model, telemetry, and policy surface. Together they form a continuous cognitive defence - sensing, deciding, acting, and remembering on every event the network sees.
Sense
Layers 1–8SIM Identity Telemetry
Continuous identity heartbeat from every active SIM.
Device Binding Attestation
Cryptographic device-to-SIM pairing verified on every session.
Signalling Inspection
Live SS7, Diameter, and HTTP/2 inspection at the edge.
Session Behavioural Baseline
Per-SIM behavioural fingerprint, learned and refreshed daily.
Geo & Roam Pattern Analysis
Movement plausibility scoring across countries and cells.
Carrier-Path Provenance
Full route attestation for every byte that leaves the core.
Anomaly Inference Engine
Ensemble model fuses signals 1–6 into a real-time risk vector.
IMSI-Catcher & Rogue-BTS Detection
Detects fake cells and downgrade attempts in the wild.
Decide
Layers 9–15Per-SIM Risk Score
Continuous 0–100 score informing every authorization decision.
Intent Classification
Distinguishes legitimate workload from probing or exfiltration.
Policy Compiler
Customer policies compiled to deterministic enforcement rules.
Zero-Trust Authorization
Every API call, every session, every roam - verified.
Lawful-Basis Tagging
GDPR lawful basis attached at row level, not at policy level.
Sovereignty Router
Routes traffic to honour jurisdictional and contractual boundaries.
Tenant Isolation Decisions
Hard tenant boundaries enforced at compile-time and runtime.
Act
Layers 16–22Cryptographic SIM Provisioning
Stolen SIMs are inert - every profile cryptographically bound.
End-to-End Session Encryption
AES-256 with perfect forward secrecy on every session.
Live Key Rotation
Sub-minute key rotation under attack, transparent to the device.
Adaptive Traffic Shaping
Throttles risky flows in real time without dropping legitimate traffic.
Quarantine & Re-route
Isolates compromised sessions to a sandboxed network slice.
Kill-Switch & Revocation
Single-action revocation of any SIM, propagated globally in seconds.
Out-of-Band Operator Alerting
Real-time alerts to your security team via your channel of choice.
Remember
Layers 23–26Tamper-Evident Append-Only Log
Cryptographically-chained log of every privileged action.
Per-Session Route Attestation
Signed proof of which networks carried each session.
Replayable Forensic Timeline
Reconstruct any incident as a frame-by-frame timeline.
Continuous Compliance Export
NIS2, ISO 27001, GDPR and CSA evidence - generated, not gathered.
The difference between a checklist and a mind.
A traditional security stack is a stack: 8 vendors, 8 consoles, 8 data formats. Each one knows only its slice. The mean time from signal to enforcement is measured in hours - sometimes days.
Abel collapses that into a single substrate. A signalling anomaly at layer 03 is fused with the per-SIM risk at layer 09, evaluated by the policy compiler at layer 11, and - if warranted - quarantined at layer 20, with the entire chain recorded immutably at layer 23. End-to-end, in a single round-trip.
That's not a feature list. It's a mind for your network.
The architectural difference your auditor will love.
The legacy approach
- • Security sold as separate licences after the network is already running
- • Each control lives in a different vendor console
- • Audit data scattered across CDRs, SIEMs, and ticket systems
- • Every new feature opens a new attack surface to patch
- • Compliance is a project, not a property
The Abel approach
- • Security primitives baked into the data plane and signalling layer
- • Single pane of glass for SIM, session, identity, and audit
- • Tamper-evident log at the core - no scraping, no gaps
- • New features ship with their own threat model and tests
- • Compliance is a continuous, exportable property of the platform
Side by side. Standards and competitors.
All entries below reflect publicly documented capabilities of each product or standard as of April 2026, drawn from each vendor's own datasheets, public certifications and the regulator's published text. Where a capability is partially supported via add-on, we mark it as partial rather than absent.
| Standard | What it asks for | Industry default | Abel's response | How it exceeds |
|---|---|---|---|---|
| NIS2 (EU 2022/2555) | Network resilience, 24h incident reporting, supply-chain assurance | Annual external audit, manual incident playbooks, vendor questionnaires | Continuous evidence export, sub-minute auto-quarantine, signed supply-chain attestations baked into every signalling event | From annual snapshot → continuous, machine-verifiable |
| ISO/IEC 27001:2022 | Annex A controls + ISMS documentation | Policy documents in a wiki, sample-based control testing | Annex A controls implemented as code with per-control telemetry; 100% control coverage testable on demand | Documented policy → executable control |
| GDPR Art. 32 + Art. 33 | State-of-the-art technical measures, 72-hour breach notification | TLS, MDM, manual breach IR with legal review | EU residency by default, lawful-basis tag on every record, automated DSAR endpoint, breach detection & report generation under 60 minutes | 72h compliance window collapsed to <1h |
| DORA (EU 2022/2554) | ICT risk mgmt, threat-led penetration tests, ICT third-party register | Annual TLPT, spreadsheet vendor register, manual incident logs | Continuous adversarial testing via the Pentest Runner, hash-chained third-party register, every ICT event logged immutably | Annual TLPT → continuous adversarial pressure |
| CSA CCM v4 / CIS Controls v8 | Cloud control matrix + CIS 18 baseline | Self-attestation, periodic CSPM scans | Continuous configuration baselines with automated drift detection and remediation; daily compliance export | Periodic scan → continuous enforcement |
| NIST SP 800-53 Rev 5 | 300+ controls across 20 families for federal-grade systems | Tailored overlay, ATO once every 3 years | Direct mapping of all 26 Abel layers to 800-53 control families; per-control evidence pack generated in seconds | ATO refresh in days, not years |
| PCI-DSS v4.0 | Network segmentation, key mgmt, logging, access control | Annual QSA audit, separate logging/key vault stack | Cryptographic provisioning + live key rotation native to the network; tamper-evident logs satisfy req. 10 by default | Compensating controls eliminated |
| Competitor | Carrier-grade network | End-to-end encryption | SIM-bound attestation | Multi-IMSI roaming | Sovereign UK+EU routing | Tamper-evident audit chain | Continuous compliance export | Family bundle | Independent NOC+SOC | Per-SIM kill-switch | Public price band | Notes | Score |
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Boundless + Abel | From £12/SIM/mo | Only stack with all 12 capabilities native, not bolted on. | 10/10 | ||||||||||
| Vodafone Business Secure | Quote-based | Strong network, security largely bolt-on. | 2/10 | ||||||||||
| BT Mobile Business + EE Business | From £8/SIM/mo | Mainstream business mobile; no embedded security stack. | 2/10 | ||||||||||
| Bittium Tough Mobile 2 | From €1,800 per device + service | Excellent hardened handset; CapEx heavy, no network-side security. | 3/10 | ||||||||||
| Silent Circle (Silent Phone) | From $13/user/mo | OTT app only - no network-layer security. | 1/10 | ||||||||||
| Sectra Tiger | Government quote | EU/NATO crypto-grade - restricted to govt/defence. | 4/10 | ||||||||||
| KoolSpan TrustCall | Enterprise quote | Encrypted-call overlay, not a network. | 1/10 | ||||||||||
| AWS Wickr | From $5/user/mo | Encrypted messaging; no network or SIM attestation. | 2/10 | ||||||||||
| Signal (consumer / business) | Free | OTT messaging only - explicitly not enterprise-graded. | 1/10 | ||||||||||
| Samsung Knox + MDM | Bundled with device | Device-management layer only. | 1/10 | ||||||||||
| Apple Business Manager + MDM | Bundled with device | Excellent device posture, no network-layer guarantees. | 1/10 | ||||||||||
| Cellebrite / MDM-only stacks | Quote-based | Forensic / MDM tooling - not a comms platform. | 0/10 |
Designed to exceed, not just meet.
Abel's 26 layers map cleanly onto current cyber and data-protection regimes. Where regulations specify a minimum, Abel provides the maximum the same primitive can deliver.
NIS2
Network resilience, incident reporting in <24h, supply-chain assurance - built into the platform.
ISO 27001
Annex A controls implemented as code, not policy documents.
GDPR
EU residency by default, lawful-basis tagging on every record, automated DSAR support.
CSA / CIS
Continuous configuration baselines, drift detection, automated remediation.
Security as a service, not a SKU.
Abel powers these productised services - buy the outcome, get the 26 layers underneath.
Bring your hardest threat model.
We'll walk you through how Abel handles it - layer by layer - with your security team in the room.
Book a security deep-dive