TACET is a network defense platform that fuses physical, temporal, protocol, behavioral, and cryptographic signals into a single per-device identity score, integrates an adaptive deception engine and a real-time causal attack-graph correlator, and authenticates its own management channels with a hybrid post-quantum attestation protocol. The two companion papers that precede this one specify the platform and its attestation protocol but report no field measurements; both name a deployment study as the immediate next step. This paper is that study, and it reports real data from a live network rather than a simulation. We deployed TACET version 4.7.1 on a single Raspberry Pi 5 against a live residential network behind a Ubiquiti UDM Pro gateway and ran it continuously for approximately 41 days, of which a 31-day window is analyzed in depth. Every statistic was recomputed from the raw artifacts the run produced: an 11 GB time-series store of 17,466,991 retained events across six streams, roughly one gigabyte of rotated engine logs spanning 10.7 million lines, two device databases, and periodic host health snapshots, cross-checked claim by claim. Operationally the soak passes. The platform ran for the full window with zero crashes, zero unhandled exceptions, zero error-level log lines, and zero data-integrity defects: all 186 daily files are present, all 17.5 million event identifiers are unique, and every spoof event is signed. It restarted cleanly twice on a fourteen-day cadence, held a reproducible and bounded memory profile, signed every integrity event, and recorded no cryptographic fault in 7.5 million attestation updates, though the attestation protocol ran single-host and completed no end-to-end handshake. The problem is detection precision, and the data isolates the mechanisms exactly. The attack-graph correlator re-emits 367,550 detections that collapse to 24,491 unique chains, scores 62.9 percent of emissions at maximum threat, and places a later kill-chain phase before an earlier one in 32.7 percent of them; the same overnight cascade recurs on three separate nights, and the system cannot distinguish a coordinated cascade from an ordinary busy day. We show, using the platform's own funnel, that the operator-facing volume is reducible roughly one hundredfold by mechanical changes that remove no detector. A separate finding, supported by the gateway's own threat-prevention logs for the soak window, is that an upstream commercial layer blocked 33,647 connections during the run, including the same outbound tracking traffic the correlator was reacting to, so the platform was exercised against a comparatively clean workload its own fourteen-entry indicator set would not have covered. We document all of this, derive the prioritized version 4.8 program it implies, and position the platform as a complementary identity and integrity layer rather than a standalone replacement for commercial threat intelligence.
Alexander W. Smith (Sat,) studied this question.