Everything you need to know about Velari, our platform, our services, and how we help healthcare organizations protect patient data and maintain compliance.
Velari passively monitors network DNS queries to detect connections to unauthorized AI and LLM platforms (ChatGPT, Claude, Gemini, Copilot, Perplexity, and 50+ others). It also identifies shadow IT applications, unauthorized cloud storage usage, and suspicious outbound connections from clinical workstations. Our infrastructure scanner discovers network assets, identifies vulnerabilities, and detects misconfigurations. Importantly, Velari never accesses or inspects the actual content of network traffic — we only analyze connection metadata (DNS queries, IP addresses, data volume) to identify risks.
Absolutely not. This is one of our core principles. Velari uses passive DNS monitoring, which means we only see that a device connected to "chat.openai.com" — we never see what was sent, received, or discussed. We do not inspect packet contents, we do not decrypt traffic, and we do not store any PHI or PII. Our approach is specifically designed to detect risks without creating new data exposure. This is why we can confidently say: Velari adds zero PHI risk to your environment.
Traditional firewalls and IDS systems are designed for broad threat detection — malware, intrusion attempts, port scans. Velari is specifically designed for the healthcare threat landscape. We understand that a connection to ChatGPT from a clinical workstation during patient care hours is a fundamentally different risk than the same connection from a billing office. Our severity scoring accounts for clinical context, device type, time of day, data volume, and BAA status. We also generate HIPAA-mapped compliance reports that traditional security tools simply don't provide. Think of Velari as a healthcare-specific layer on top of your existing security stack — not a replacement for it.
Velari monitors connections to 50+ AI and LLM platforms including: OpenAI/ChatGPT, Anthropic/Claude, Google Gemini, Microsoft Copilot, Perplexity AI, Meta AI, Mistral AI, DeepSeek, Groq, Grok/xAI, Together AI, Replicate, Character.AI, Poe, Hugging Face, Cohere, OpenRouter, Jasper, Copy.ai, Writesonic, You.com, and many more. Our domain list is regularly updated as new platforms emerge. You can also add custom domains to monitor if your organization has specific concerns about particular services.
Yes — and it's one of our most popular deployment options for small clinics. Velari runs comfortably on Raspberry Pi 3, 4, or 5. Simply connect the Pi to your clinic network switch, install the software, and you're monitoring in minutes. At under $5/month in power costs, it's the most affordable way to add continuous security monitoring to a small practice. For larger clinics or multi-VLAN environments, we recommend a mini PC (Intel NUC, Beelink) or a VPS-based central dashboard with remote capture agents.
No. Velari is agentless. You deploy a single device (Raspberry Pi, mini PC, or virtual machine) on your network, and it passively monitors all DNS traffic. No software is installed on clinical workstations, EHR terminals, or medical devices. This means zero impact on clinical workflows, zero compatibility concerns with EHR software, and zero maintenance burden on individual machines.
The Velari platform is technology — software you run in your environment that detects threats and generates reports. Our services are human expertise: security assessments, compliance consulting, incident response, staff training, and ongoing managed security programs. Many clients use both: the platform provides continuous automated monitoring, while our services deliver expert guidance, remediation support, and strategic security planning. You can use the platform standalone, engage us for services without the platform, or combine both for comprehensive protection.
Yes. Our Security Posture Assessment is a comprehensive, one-time evaluation of your organization's security and compliance status. It includes: network asset discovery, vulnerability scanning, AI usage baseline, HIPAA gap analysis, policy review, and a detailed remediation roadmap with prioritized recommendations. Deliverables include a formal report suitable for board presentation and OCR audit preparation. This is ideal for practices that need a current-state assessment before deciding on ongoing services.
Our Managed Security Program provides continuous protection without requiring you to hire a full-time security staff. It includes: 24/7 monitoring via the Velari platform, monthly threat briefings, quarterly security reviews, vulnerability tracking and remediation guidance, incident response support, staff security awareness updates, and an annual comprehensive reassessment. You get a dedicated security advisor who understands your environment and is available for questions, guidance, and emergency response.
Yes — and we believe it's one of the highest-ROI security investments a practice can make. We offer two training programs: Security Awareness Training (phishing recognition, password hygiene, social engineering defense, AI usage policy) and Role-Specific Training (tailored for front-desk staff, clinical providers, billing teams, and IT administrators). Training is delivered via live sessions, recorded modules, or interactive workshops. We also provide phishing simulation campaigns to test and reinforce learning.
If you're enrolled in our Managed Security Program or Incident Response Retainer, you have direct access to our incident response team. We provide: immediate containment guidance, forensic analysis support, breach notification decision support (including OCR 60-day timeline management), communications templates for patients and staff, and post-incident remediation planning. For clients without a retainer, we offer incident response on an emergency basis, though response time and scope may be limited. We strongly recommend having an incident response plan in place before you need it.
Yes. Velari directly supports several HIPAA Security Rule requirements: Audit Controls (§164.312(b)) through immutable logging of all detected AI platform connections; Access Control (§164.312(a)(1)) by detecting unauthorized access to external AI systems; Transmission Security (§164.312(e)(1)) by monitoring for unsanctioned data transmission; Risk Analysis (§164.308(a)(1)(ii)(A)) through automated risk scoring and vulnerability identification; and Workforce Training (§164.308(a)(5)) by identifying training gaps through detection events. Our reports map findings directly to specific CFR references, making audit preparation straightforward.
When Velari detects a potential violation — such as PHI being sent to an AI platform without a BAA — it generates a detailed event record including: the device involved, the platform accessed, the time and duration, data volume estimates, and severity classification based on clinical context. This record feeds into our breach risk assessment workflow, which helps you determine whether the incident meets the "low probability of compromise" threshold or requires formal breach notification. We provide documentation templates and timeline guidance to support your decision-making process.
By default, Velari retains logs for 2,190 days (6 years), which meets or exceeds HIPAA documentation requirements. For our managed services clients, we also maintain secure offsite backups of critical security events. You can configure retention periods based on your specific compliance needs and state requirements. All logs are stored locally on your deployment device by default — they never leave your network unless you explicitly configure cloud backup for managed services.
Yes. Our compliance reporting module generates audit-ready documentation including: risk analysis reports with documented methodologies, evidence of continuous monitoring, workforce training records, incident response documentation, Business Associate Agreement tracking, and technical safeguard implementation evidence. For clients engaging our consulting services, we also provide mock audit support — walking through the same questions and document requests an OCR investigator would make, so there are no surprises.
While HIPAA is our primary compliance focus, many of the same technical safeguards that satisfy HIPAA also support compliance with state privacy laws. Our compliance reports can be extended to map controls against CCPA/CPRA, state healthcare privacy laws, and other relevant frameworks. During our Security Posture Assessment, we evaluate your compliance posture across all applicable regulations based on your location and patient population. If you have specific state law requirements, let us know and we'll tailor our assessment accordingly.
For the platform, deployment typically takes 15 minutes. You flash the Velari image to a Raspberry Pi (or install on your chosen hardware), connect it to your network switch, run the initial configuration wizard, and monitoring begins immediately. For our consulting services, a Security Posture Assessment typically takes 2-5 business days depending on practice size. Managed Security Program onboarding includes a 30-day baseline period where we learn your environment's normal traffic patterns before enabling full alerting.
No. Velari is designed for deployment by non-technical staff. The setup wizard guides you through: connecting the device, selecting your network interface, defining clinical subnets, setting alert preferences, and configuring the dashboard. If you can plug in a network cable and follow a 5-step wizard, you can deploy Velari. For clients who prefer white-glove service, our consulting team offers remote deployment assistance as part of our onboarding package.
Yes. Velari works with virtually any network configuration: flat networks, VLAN-segmented environments, wireless networks, and mixed wired/wireless setups. The only requirement is that the Velari device be connected to a network segment where it can observe DNS traffic — typically achieved by connecting to a mirrored switch port (SPAN port) or by placing it inline. For complex network environments, our consulting team provides network architecture guidance as part of implementation.
Velari stores all data locally on the deployment device. If your internet connection goes down, monitoring continues uninterrupted and data is cached locally. When connectivity is restored, any configured cloud backups or managed service reporting resumes automatically. For critical environments, we recommend a UPS (uninterruptible power supply) to ensure continuous monitoring during power events. Alerts configured for local channels (on-site dashboard, local email server) continue to function even without internet connectivity.
Yes. For multi-location practices, you have two options: deploy a Velari device at each location with independent dashboards, or deploy capture agents at each location that report to a central dashboard (hosted on a VPS or at your primary location). The central dashboard approach is popular for practices with 3-10 locations, providing unified visibility across all sites. Our consulting team can design the optimal architecture based on your specific topology and compliance requirements.
The open-source core of Velari is free — forever. You can download it, deploy it, and use it without any licensing fees. This includes: AI platform detection, basic alerting, asset discovery, vulnerability scanning, and standard reporting. For practices that want advanced features — managed cloud backup, multi-location central dashboard, custom detection rules, API access, and priority support — we offer a Professional tier on an affordable subscription basis. Exact pricing depends on practice size and feature requirements. Contact us for a custom quote.
Our service pricing is based on practice size, scope of work, and engagement type:
We believe in transparent pricing with no hidden fees. Every proposal includes a detailed scope of work and fixed pricing. Request a quote for your specific needs.
For the open-source platform: no commitment whatsoever. For managed services: we offer month-to-month agreements for most service tiers, with discounted rates available for annual commitments. We believe our value should be evident every month — not locked behind long-term contracts. If you're not satisfied with our services, you can cancel with 30 days' notice. Our goal is to earn your business continuously, not trap you into staying.
Velari is designed for healthcare organizations of all sizes, with particular focus on:
If you handle PHI and don't have a dedicated security team, Velari is built for you. Enterprise hospitals may also benefit from our specialized healthcare threat detection as a complementary layer to their existing security stack.
Velari is derived from the concept of vigilance and watchfulness — qualities essential to effective cybersecurity. The name reflects our core mission: to be the vigilant guardian of healthcare data, constantly watching for threats so providers can focus on patient care. It's short, memorable, and embodies the proactive, ever-present protection we strive to provide.
Support options vary by engagement level:
For all inquiries, you can reach us at support@velari.security or through our contact page.
Yes — and we welcome it. The Velari platform is open-source under the MIT License. We accept contributions for: new AI platform detection rules, additional compliance report templates, dashboard improvements, documentation, bug fixes, and feature enhancements. Check our GitHub repository for contribution guidelines, open issues, and project roadmap. Whether you're a developer, security researcher, or healthcare professional with domain expertise, there's a way to contribute.
Yes. We partner with MSPs (Managed Service Providers), healthcare IT consultants, EHR vendors, and cybersecurity firms who want to offer healthcare-specific security services to their clients. Partnership options include: white-label platform deployment, co-branded services, referral programs, and technology integration. If you're interested in partnering with Velari, contact us and we'll schedule a partnership discussion.
We're here to help. Reach out directly and we'll get you the answers you need — usually within a few hours.
Email us at hello@velari.security