Dev Blog

Dev Blog

Engineering and marketing notes on Arbiter.

24 June 2026· 7 min read

NIS2 in Ireland: From Compliance Burden to Cyber Resilience with Arbiter

Prepare for NIS2 with Arbiter: automatic device discovery, wired and wireless network access control, managed PKI and a live asset register for compliance and cyber resilience.

NIS2Asset managementNetwork access controlPKISMECyber securityIrelandCloud NACEAP-TLS
Read article
23 June 2026· 6 min read

NAC for MSPs: Onboard Customers in a Day, Not a Quarter

Traditional NAC was built for a single large enterprise, not for a provider running fifty customers from one console. Arbiter is built the other way around: a new customer authenticated, segmented and visible in a day, with no per-site infrastructure, full security on every tier and EU residency as standard.

MSPMSSPMulti-tenant NACCloud NACNAC for MSPsOnboardingNIS2Cisco ISE alternative
Read article
22 June 2026· 9 min read

Arbiter Asset Discovery

You cannot secure what you cannot see. Arbiter Asset Discovery is a continuously updated inventory of every device on your network, enriched with operating system, vendor and Intune MDM compliance, with unknown and unmanaged devices surfaced. It is the visibility-first entry point to full 802.1X network access control.

Asset DiscoveryNetwork visibilityDevice inventoryActive discoverynmapSNMPSwitch discoveryIntuneData classificationShadow ITNACNetwork security
Read article
06 June 2026· 6 min read

How We Built Cloud-Based Certificate Enrolment for Intune-Managed Devices

Most 802.1X deployments are slowed down by the need to install and maintain additional infrastructure such as NDES, AD CS, on-premises connectors and Windows servers. Arbiter issues device certificates directly from each tenant's cloud PKI, allowing Intune-managed laptops to auto-enrol without any on-premises infrastructure or Active Directory domain. You can take a fresh tenant from zero to a working certificate on an Intune-managed laptop in under 30 minutes. Here's how.

SCEPIntuneEAP-TLSPKIRFC 8894Microsoft
Read article
04 June 2026· 6 min read

NIS2 and Your Network: Where Arbiter Fits

NIS2 in Ireland is moving from a distant EU directive to a near-term obligation. The supply-chain rules pull in thousands of SMEs who were never the direct target. Arbiter is not a compliance product, but it carries a specific, load-bearing slice of the technical outcomes NIS2 expects: access control, asset visibility, encrypted authentication and an audit trail you can hand over.

NIS2ComplianceRegulatoryAccess controlSMEIrelandEU
Read article
29 May 2026· 10 min read

Don't break the chain: offline 802.1X on a SaaS NAC

Cloud NAC has an obvious failure mode: if you lose the WAN, auth stops. MAB can be cached but 802.1X can't, as it's a live cryptographic handshake, not a replayable permit based on MAC address. So we built a real EAP-TLS server into the Edge. Here's the design.

EdgeHAEAP-TLS802.1XRadSecOffline-resilienceMulti-tenant
Read article
24 May 2026· 6 min read

Breaking Arbiter: scaling EAP-TLS in a multi-tenant cloud NAC

Round three tested Arbiter under sustained mixed 802.1X and RADIUS load across ten tenants in parallel over real WAN. 332,128 authentications, 100% expected policy-decision accuracy, zero auth-path drops. Four scaling limits surfaced; three were removed during the run, the fourth was characterised and queued for the next architectural change.

PerformanceTestingScaleMulti-tenantEAP-TLS802.1XRADIUS
Read article
21 May 2026· 6 min read

Breaking Arbiter, round two: ten tenants, four hours and the control plane that buckled

Round one (last week) was one tenant on the wheel: 10,000 auths/min, clean. Round two: ten tenants in parallel at 1,000 auths/min each, MAB-only, four hours straight. The auth path held perfectly. The control plane did not. Here is the honest account of what gave way, why and what we changed.

PerformanceTestingScaleMulti-tenant802.1X
Read article
13 May 2026· 7 min read

Cloud NAC performance test: 10,000 RADIUS auths/min on production hardware

We ramped a single Arbiter tenant from 1,000 to 10,000 RADIUS authentications per minute on the production VM pair, then sat at 2,000/min for four hours. Everything held. Arbiter's target customer is SMEs and the MSPs supporting them: a 2,000-endpoint tenant's worst minute lands around 500/min, so 10,000/min is roughly 20x deliberate overshoot. Here's what we measured.

PerformanceTestingScale
Read article
11 May 2026· 6 min read

Why we dropped public UDP RADIUS and went pure RadSec

Early on, Arbiter exposed a public UDP RADIUS endpoint on the internet, the same shape every other cloud NAC still ships. We turned it off. Every tenant now reaches the cloud through a RadSec tunnel from an Edge appliance, with no plain UDP exposed at all. This is why we made the call.

RadSecArbiter EdgeArchitecture
Read article