Skip to content

About

We're removing the attack surface from access

Subnomic gives teams Zero Trust access to every server, database, Kubernetes cluster and internal app without open ports or standing credentials — with just-in-time approvals, session recording, RBAC and live metrics from a single lightweight agent.

Our mission

Most breaches don't start with a sophisticated exploit — they start with an exposed port or a leaked SSH key. We believe infrastructure access should be invisible to attackers by default: nothing to scan, nothing to steal, nothing to escalate. Subnomic exists to make that the easy path for every engineering team.

We pair that secure access with the observability teams actually need day-to-day — live CPU, memory, disk, process and network metrics — so the same agent that protects your fleet also tells you exactly what it's doing.

Why we started Subnomic

We spent years maintaining bastions, rotating SSH keys, juggling VPN configs and stitching together monitoring agents — and still couldn't answer simple questions like "who connected to this host last night, and what did they run?" Every tool solved one slice of the problem and added its own ports, credentials and blind spots.

So we built the tool we wanted: one agent that dials out over TLS, brings Zero Trust access to servers, databases, clusters and internal apps, records every session, enforces least-privilege RBAC, and streams real-time metrics — without opening a single inbound port. That's Subnomic.

What we value

Principles that shape the product

Security by default

What doesn't exist can't be breached. No open ports, no standing credentials, no shared keys — secure is the path of least resistance.

Least privilege

Access is just-in-time, scoped and time-boxed. People and machines get exactly what they need, for exactly as long as they need it.

Auditable by design

Every session is recorded and replayable. Accountability isn't an add-on — it's built into how access works.

Lightweight & honest

One small self-contained binary under 30 MB RSS. We don't read your application data unless you explicitly grant it through a policy.

Own your data

Your metrics, recordings and audit logs are encrypted and access-controlled by RBAC — retained on your terms and never used for anything but your own audits.

Built for teams

From a three-host side project to a regulated fleet, the same model scales without rearchitecting your access.

Ready to start?

Get started for free, or explore the docs to see Zero Trust access and observability in action.

Get started Explore the docs