Kapient — United States
Website KPI & Malware Detection Platform for Kapient
- Tens of thousands of checks / day
- Scan volume
- Senior backend + SRE pod
- Team
- Laravel · React · PostgreSQL · AWS
- Tech stack
- Live in production
- Status
Project details
The Challenge
Kapient is a US-based SaaS providing website operators with a single pane of glass over the things that actually go wrong with a website in production — performance regressions, uptime issues, security drift, and the malware infections that hit small-business sites disproportionately often. The product premise is sound: most website owners cannot tell the difference between "slow today" and "compromised today," and a dashboard that watches both is genuinely useful.
The brief to us was to build the scanning engine, the customer-facing analytics surface, and the cloud infrastructure those two depend on. Both halves have non-trivial constraints. The scanner needs to run thousands of checks per day against customer sites without behaving like an attacker, and the analytics surface needs to make subtle security and performance signals legible to a non-technical site owner without dumbing them down.
Our Approach
We took the engagement as a build-out across three workstreams running in parallel: scanning engine, customer dashboard, and the SRE / cloud foundation the platform runs on. A senior pod from our side embedded into Kapient's team, with continuous code review and shared ownership of the platform.
The scanning engine is a queue-driven worker fleet that performs the platform's checks on a schedule: synthetic uptime probes, page-load performance timing, signature-based malware detection against scraped pages, JavaScript-injection and unexpected-redirect detection, SSL and DNS health, and a set of higher-signal heuristic checks built to catch the patterns SMB sites most often fall victim to. We were deliberate about politeness — request rates, concurrency caps, and identifying user-agent strings — because a scanner that misbehaves against customer sites is worse than no scanner.
- Workers — horizontally scalable check runners, with idempotent retries and structured error capture per check type.
- Signature pipeline — malware signature ingest, versioning, and a controlled rollout process so a bad signature update can be rolled back fast.
- ML-assisted anomaly detection — used to flag performance regressions and unexpected page-content changes against each site's own baseline, rather than relying purely on static signatures.
- Customer dashboard — KPI overview, alerting configuration, scan history with diffs, and clear remediation guidance for non-technical site owners.
- Cloud foundation — multi-region deployment, autoscaling worker fleet, observability across the scanner and the analytics tier, and a deliberate cost-control posture.
Stack: Laravel · PHP 8 · React · PostgreSQL · Redis · AWS, with the worker tier sized for elastic scaling and the analytics surface delivered as a single-page application backed by purpose-built read models so the dashboard stays fast as sites accumulate scan history.
The Outcome
The Kapient platform is live in production, scanning thousands of customer sites on a continuous schedule, surfacing performance KPIs, uptime data, and malware findings into a customer-facing dashboard. The scanner runs at scale without operational drama — autoscaling absorbs the daily check volume, and the alerting flow gets actionable findings in front of site owners quickly.
The engagement is structured as a long-running build-and-operate relationship. The same pod that built the platform continues to ship new check types, refine the anomaly-detection layer, and own the cloud SRE work as Kapient grows its customer base.
Capabilities used
Services that powered this project
Next project
OBox — Pakistan