Montimage's MMT-DPI library inspects network traffic at wire speed across 700+ protocols — from classic TCP/IP and HTTP/2 to QUIC, DNS, MQTT, and TLS. Its plugin architecture allows new protocol support to be added without touching core code. Native 5G/LTE dissectors (NGAP, NAS, GTPv2, S1AP) make it one of the few open DPI engines with first-class mobile network support. Session-level flow tracking and per-protocol statistics feed directly into the security and analytics layers.

Montimage applies machine learning throughout the detection pipeline — from anomaly detection with Stacked Autoencoders (SAE) and Convolutional Neural Networks (CNN), to root-cause analysis and response recommendation. A core design principle is explainability: every ML decision can be traced using SHAP and LIME so analysts understand why an alert fired. Large Language Model integration (via MAIP) translates technical findings into actionable, plain-language remediation advice.

MMT-Security uses Linear Temporal Logic (LTL) to express multi-step attack patterns as formal, verifiable rules. Unlike signature databases, LTL rules reason across sequences of network events over time — catching slow-burn APTs, protocol anomalies, and 0-day behaviours that single-packet inspection misses. The rule engine operates on the real-time event stream produced by MMT-DPI, keeping detection latency in the millisecond range even on high-throughput links.

As TLS and QUIC encryption becomes universal, payload-based analysis is no longer sufficient. Montimage employs payload-independent classification — using inter-arrival times, packet lengths, and length differentials — to identify malicious flows without breaking encryption. Implemented in P4 for in-network inference, this approach runs classification directly on programmable switches, enabling line-rate detection without a dedicated appliance. The technique is equally effective against encrypted C2 channels, data exfiltration, and bot traffic.

Montimage has built deep expertise in 5G security through multiple Horizon Europe projects and open-source tooling. MMT-DPI natively dissects 5G control-plane protocols (NGAP, NAS, GTPv2) for real-time monitoring of AMF, SMF, and gNodeB components. 5Greplay fuzzes 5G network functions by capturing, mutating, and replaying control and data-plane traffic according to XML-defined rules. Integrated 5G testbeds (USRP + srsRAN + Open5GS) provide a complete environment for security research, performance validation, and threat emulation.

Montimage's offensive security tools — MAG (Montimage Attack Generator) and NetworkFuzzer — give red teams and researchers a comprehensive, reproducible attack-simulation platform. MAG provides 26 attack types from network floods to application-layer injection, executed inside Docker containers for safe, isolated testing. NetworkFuzzer combines classical mutation fuzzing with generative AI to produce semantically valid yet unexpected traffic patterns, uncovering edge-case vulnerabilities in firewalls, load balancers, and protocol stacks.

Montimage implements INT v2.1 (In-Band Network Telemetry) using the P4 programming language on BMv2 virtual switches. Each packet carries per-hop metadata — queue depth, timestamp, ingress/egress port — giving sub-millisecond visibility into network behaviour without a separate monitoring plane. An L4S-enabled variant supports latency-sensitive 5G traffic. Selective monitoring by IP prefix or port range keeps telemetry overhead manageable even at scale. The collected data feeds directly into the MMT analytics pipeline.

A cyber range is a controlled virtual environment where security teams can practise incident response, test defensive tools, and run attack simulations without risking production systems. Montimage builds and operates cyber ranges as part of EU projects (including PUZZLE and NERO), combining its traffic-generation, attack-simulation, and monitoring tools into end-to-end training environments. Ranges can be configured to emulate enterprise networks, industrial OT systems, mobile core networks, or multi-cloud architectures.

AI4SOAR is Montimage's Security Orchestration, Automation and Response platform. It extends the Shuffle framework with AI-driven trigger logic, allowing security teams to define playbooks that automatically contain threats, notify stakeholders, and collect forensic evidence — all within seconds of detection. Integrated with MMT alerts and MAIP's explainable AI layer, AI4SOAR provides a closed-loop from raw network event to completed incident-response action, dramatically reducing mean-time-to-respond.

Securing IoT and edge deployments requires tools that operate under tight resource constraints and handle heterogeneous, often proprietary protocols. Montimage addresses this with MMT-DPI's broad protocol coverage (including MQTT, CoAP, and Zigbee-derived flows), the TAS simulation platform for pre-deployment validation of IoT security controls, and lightweight MMT-Probe variants tuned for edge hardware. Research projects such as INTACT and NERO have further refined Montimage's IoT threat models and detection rule libraries for industrial and smart-city environments.