SynapseEdge Intelligence

Request Processing Lifecycle

Complete request lifecycle — identity, inspection, profiling, scoring, decision. All intelligence runs locally at the edge. No network hops. No backend calls.

<50μs

WAF Detection

29–71μs

DLP Scan

~450μs

E2E Proxy

Network Hops

Blocking Path — Sequential Pipeline

<50μs detection latency

Request

HTTP/HTTPS
Headers + Body

TLS Fingerprint

JA4 / JA4H
Client identity

WAF Detection

237+ Rules
SQLi/XSS/RCE

API Profiling

Schema + Anomaly
~5μs validation

Actor Scoring

Risk 0–100
History + campaigns

Decision

Allow / Block
Threshold: 70

ASYNC — PARALLEL

DLP Scanning — 22+ sensitive data patterns · PII, API keys, credentials · Aho-Corasick matching · Runs during response body streaming — zero added latency

Stage Details

No stage requires network calls or external dependencies

TLS Fingerprinting

~1μs

JA4 (TLS) + JA4H (HTTP) hashing
Detect spoofed User-Agents
Track actors across IP rotation

→ Reputation tracking per fingerprint

WAF Detection Engine

15–25μs

237+ production rules (libsynapse)
30+ match types (SQLi, XSS, RCE...)
Hot reload without restart

→ Attack detection: 15–25μs typical

API Profiling

~5μs

Schema learning (~5μs validation)
Endpoint baselines (rate, size, headers)
Anomaly detection (statistical deviation)

→ Flags zero-day attacks by behavior

Actor Scoring

~1μs

100K actor cache (IP + JA4 + token)
Risk decay: 10 pts/min (configurable)
Campaign membership detection

→ 7 correlation detectors identify coordinated attacks

Decision Engine

<1μs

Threshold: 70 = block (configurable)
Actions: Allow, Challenge, Block
5-level challenge escalation

→ Cookie → JS PoW → CAPTCHA → Tarpit → Block

DLP Scanning

29–71μs

22+ sensitive data patterns
4KB: 29μs / 8KB: 71μs (capped)
Content-type short circuit for binaries

→ ~100μs hidden by running during backend I/O

5-Level Challenge Escalation

JS PoW

CAPTCHA

Tarpit

Block

Latency Comparison

Synapse (Edge)

~450μs

End-to-end proxy with WAF + DLP enabled. All detection runs in-process on the same binary. No network round-trips.

Cloud WAF

1–2s

Network round-trip to decision backend. DNS resolution, TLS handshake, request forwarding, response inspection — all over the wire.

2,200–4,400× slower

Performance Benchmarks

Scenario	Latency	Target	Status
Fast path (GET, no body)	~300μs	<500μs	✓ Met
Standard (4–8KB body + DLP)	~450μs	<500μs	✓ Met
p95 under load (100 VUs)	<1ms	<1ms	✓ Met