Do you have to maintain any application context? Does it differentiate user data versus system data, or is it completely independent of that and does it just monitor anomalies at the physical layer?

Server Defender begins monitoring at the physical layer, where they analyze raw network signals and data bits. This monitoring doesn’t require maintaining detailed application context. It is primarily focused on detecting anomalies at the physical level, such as signal interference or hardware-based attacks. However, the system’s understanding extends to all seven layers of the OSI model, providing comprehensive coverage. 

Example: In the instance of an intrusion at the physical layer, where an attacker attempts to physically tamper with network cables or devices. Server Defender can detect these physical anomalies, triggering alerts and taking preventative actions without needing to understand the specific application context.