How We Secure Our Servers: Syncara Sonar
An in-depth look at Syncara Sonar, our proven AI-driven security technology that protects your servers with millisecond-precision threat detection.
What is Syncara Sonar?
Syncara Sonar is our proprietary security technology designed to detect and neutralize threats before they can impact your server or the network. It continuously monitors resource usage and file integrity to identify suspicious behavior patterns.
Real-time Monitoring
Continuous analysis of CPU, RAM, disk usage, and network activity with sub-second precision.
File Inspection
Deep scanning of uploaded files for malicious signatures, obfuscated payloads, and crypto miners.
Automatic Response
Instant suspension of compromised servers to protect the entire infrastructure.
Expert Investigation
Our Cyber Security Team reviews all flagged cases to ensure accurate threat assessment.
To ensure the safety of our entire infrastructure, any server that reaches a Risk Score of 100 will be automatically suspended. This triggers an immediate investigation by the Syncara Cyber Security Team.
Syncara Sonar has been rigorously tested in thousands of real-world scenarios. Its detection algorithms are highly accurate, significantly reducing false positives while catching genuine threats instantly.
How It Works
Syncara Sonar operates in the background, constantly analyzing your server's behavior without impacting performance.
Continuous Monitoring
Every server is monitored in real-time. Resource metrics (CPU, RAM, Disk, Network) are sampled multiple times per minute to build a behavioral profile.
Anomaly Detection
When unusual patterns are detected (e.g., sustained high CPU with low RAM), the system adds points to the server's Risk Score based on predefined heuristics.
File & Content Scanning
Uploaded files are inspected for malicious signatures, magic byte spoofing, high entropy (encryption), and known crypto-miner configurations.
Threshold Breach & Response
If a server's Risk Score reaches 100, it is automatically suspended and queued for investigation. Our team reviews the case and takes appropriate action.
Risk Scoring Heuristics
The Risk Score is calculated based on a combination of Resource Heuristics (behavioral analysis) and File Inspection (static analysis). Here is a breakdown of how the score is accumulated:
Our inspection system operates entirely on the infrastructure level without affecting your server's performance. Your data and files remain private — we only analyze behavioral patterns and file signatures, not your actual content.
| Behavior | Score | Condition |
|---|---|---|
| Sustained High CPU | +20 | CPU > 90% for 3+ scans |
| Critical High CPU | +50 | CPU > 90% for 10+ scans |
| CPU Spike | +10 | CPU > 98% (Instant) |
| "Fake" Idle | +30 | CPU > 90% & RAM < 15% |
| Limit Abuse | +50 | CPU > 400% on low ram |
| Disk Overflow | +50 | Usage > Limit + 4GB |
| Detection Type | Score | Description |
|---|---|---|
| Magic Bytes | +100 | Exe spoofing (ELF renamed .txt) |
| High Entropy | +25 | Obfuscated/Encrypted payloads |
| Miner Config | +100 | "pool", "url", "opencl" matches |
| Suspicious JAR | +10 | server.jar < 8MB |
| Pattern Match | +5..50 | Keywords in logs.json |
* Exclusions: checks against `keywords.EXCLUSIONS` (e.g. node_modules)
Legal & Terms
By using Syncara Host services, you agree to our Terms of Service which outlines our security policies, acceptable use, and your responsibilities as a user.