Moving Target Defense

Enclaves are networks of virtual machines launched from multiple cloud providers. What makes them special is that their components change over time.

Enclave Features

The best defense is a good offense.

Global availability and Gbps network speeds

Provision thousands of servers on-demand.

Protect extensive unpatched legacy systems

Turnkey protection.

Access your way with SDNs and virtual desktops

Simple connectivity without vulnerability.

Our Enclave platform

Enclaves cover the complete lifecycle for deploying and protecting new apps, wrapping legacy infrastructure, and securing IoT/OT systems.


Select images, cloud providers, and locations.


Add teammates and systems with a click.


Remove all traces of the Enclave.

Build the resources you need

Select your Enclave location and begin building in minutes through the Dispel console. Our software clients and hardware integrations automatically update traffic routing, handle encryption, and conduct health monitoring.

Cloaked networks

Place systems behind the cloaking network to make them invisible. Or, boot resources inside for added resiliency.

Control and geography

Choose between multiple cloud providers and geographies. Enclaves are dedicated and single-tenant.

Self-contained networks

All of Dispel’s networks are self-contained, single-tenant, and 100% auditable.

Segment in any environment

Automatically generate software-defined and hardware-defined networks within your perimeter, out in the field, and within Dispel itself.

Modern experiences, under your control

People like to buy experiences, CISOs need security features. Start each new group in less than 30 minutes. Administrators can enforce strong encryption, data protection, and access control.

Collaboration Tools

Video conferencing, messaging, virtual desktops, and file sharing can all be added to an Enclave for secure collaboration.

Robust User Management

Add, remove, and manage users with LDAP or email invitations. Grant Enclave-specific permissions.

Use case: Deal Rooms

During an acquisition, companies use Dispel to work with multiple parties and need fast and reliable access—without compromising security.

Use case: OT/IoT connections in facilities

Companies need to talk to devices installed on-site at client facilities. Dispel isolates installed devices from talking to other systems on the same physical network, stopping lateral attacks.

Terminate the Enclave when you‘re done

While the system cycles infrastructure during its lifetime, terminating the Enclave at conclusion eliminates there being a machine to hack, keeps costs down, removes usable intelligence for attackers, and aids in regulatory compliance. Archive data and history for retention.

Insider threat and blast radius

Starting Enclaves fresh every time prevents permission creep and removes forgotten authorizations that can be exploited in a phishing attack.

Free up your budget

Turn systems off you‘re not using. Dispel virtual machine management translates to reduced cloud costs, and better spending for your team.

A fresh start

The Terminate-Build cycle supports auto-updating, malware scrubbing, and cloud failover through a simple interface.

Your data is yours

Your data belongs to you. Simple as that.

Connect through pretty much anything.

You can link physical equipment, virtual infrastructure and, of course, people into Enclaves. There are 9 ways you can go about doing this.


For people who do not mind downloading software, the Dispel App lets one connect to an Enclave and rapidly navigate its assets.


Wickets are hardware devices that let an individual, team, or piece of equipment connect to a single Enclave.


Gateways let you give an entire facility simultaneous managed access to multiple Enclaves without having to do any local software installations.

External System Integrators (“ESI”)

An ESI allows one to pull data out of a connected device while keeping that device hidden from outside view. If you are securing a sensor array, you will want to use ESIs.

Soft Wickets

Soft Wickets accomplish the task of Wickets for virtual infrastructure and freestanding equipment. If you have a virtual machine you want to bring into an Enclave, or you would like to add Wicket capabilities to your own hardware, use a Soft Wicket.

Soft Gateways

Soft Gateways accomplish the same task as Gateways, but for virtual infrastructure and freestanding hardware ecosystems. If you have an AI-managed environment, or want to layer Gateway capabilities onto pre-existing hardware, use a Soft Gateway.


Proxies are a less secure, but exceptionally simple, means of rapidly connecting people into an Enclave. If you have a team or individual who can neither download software, nor use hardware, proxies are the tool for you.


Pangolins are ruggedized versions of Dispel’s Wicket and Gateway product lines. If high seas, sandstorms, or other such phenomenae are part of the environment in which you operate, call us to talk about Pangolins.

Bring Your Own Box

We do custom installations and integrations all the time for startups to very large organizations. Contact us below to see how we can help you with a custom integration of our Enclave platform.


Frequently Asked Questions

Got more questions?

Read our docs or contact us.

Are Enclaves similar to reverse proxies?

Reverse proxies form a small part of what Enclaves accomplish. Reverse proxies retrieve information from another web server on your behalf, protecting the origin location of the actual data. Enclaves create hidden infrastructure, and then grant knowledge and access to enclosed datasets within at the start of each session.

What kind of latency does this introduce to my environment?

Latency is delay, bandwidth is volume. Compared against most cloud-based experiences, the difference is negligible. Enclaves contain intermediary network hops, which do increase travel time and therefore latency (t = d/s). We balance this tradeoff by adding more bandwidth so bottlenecks are minimized.

Enclave Resources

Read and learn more about Enclave