IoT/ICS Threat Intelligence

CyberX doesn’t require you to become an expert in IoT and ICS security. It’s like having the world’s top IoT/ICS experts sitting beside you and advising you at each step.




CyberX was the first IoT/ICS cybersecurity firm to establish an in-house team of IoT/ICS threat intelligence analysts and security researchers.

Named Section 52, our threat intelligence team is composed of world-class domain experts and data scientists who previously staffed a national CERT defending against daily nation-state cyberattacks. They bring that expertise to CyberX by tracking IoT/ICS-specific zero-days and CVEs as well as malicious DNS addresses, campaigns, malware, and adversaries.

The team has already submitted more than a dozen zero-day vulnerabilities to the US ICS-CERT, including previously unknown vulnerabilities for devices manufactured by Rockwell Automation, Schneider-Electric, GE, Siemens, CODESYS, AVEVA, and others.

Accelerating Operations with Actionable Insights

CyberX’s IoT/ICS threat intelligence is a continuous feed of information that’s seamlessly integrated with our platform to enrich our analytics. Our real-time alerts and Vulnerability Assessment report include detailed and actionable mitigation recommendations prioritized by risk — based on our threat intelligence — so your SOC analysts know what needs to be done immediately.

Our threat intelligence experts are also on-call to provide incident response and breach investigation services. What’s more, the team has developed specialized forensic tools for identifying and reverse-engineering malware. You can read the team’s analysis of the LockerGoga malware, as well as its analysis of the TRITON malware, which includes a never-before-published description of the custom protocol developed by the attackers to communicate with their backdoor in the safety PLC.

CyberX’s threat intelligence feed does not require an internet connection for updating. Updates can be applied manually as well automatically deployed to all appliances via the Central Manager.



CyberX continues to lead the industry, helping customers stay one step ahead of adversaries.

Section 52 has developed an automated threat extraction platform that uses machine learning to identify malware and APT campaigns targeting industrial and critical infrastructure organizations. Named Ganymede, the platform continuously ingests massive amounts of data from a range of open and closed sources to deliver the most robust, data-driven analysis possible.

Machine learning and statistical models are used to assign risk scores to specific entities such as files. The risk scores are calculated by machine learning trained on datasets consisting of hundreds of thousands of known good and bad samples. Section 52 threat analysts are used in the final phase to review and correlate the results based on their extensive field experience.

Additionally, suspicious executables are detonated in CyberX’s IoT/ICS Malware Sandbox. Unique in the industry because of its focus on IoT/ICS-focused malware, the CyberX sandbox is a virtualized IoT/ICS environment that analyzes malware activity — using machine learning combined with static and dynamic analysis capabilities — to detect malware access to IoT/ICS-specific objects (processes, libraries, DLLs, ports, etc.). The sandbox then generates a collection of IoCs and representative screenshots of the malware in operation.

Primary Use Cases

Every organization is at a different stage in their IoT & ICS cybersecurity maturity. Just as adversaries are becoming increasingly sophisticated, organizations are also continually challenged to up their game. CyberX enables you to easily adopt new capabilities to match your organizational readiness.

Asset Management

You can’t protect what you don’t know about. CyberX auto-discovers your IoT and ICS network topology and provides detailed information about all your assets including device type, manufacturer, model, serial number, firmware revision, open ports, etc.

Network Segmentation & Zero Trust

CyberX accelerates network segmentation by automatically discovering and profiling all your assets, showing how they communicate, integrating with firewall platforms, and providing automated threat modeling to test the effectiveness of your segmentation zones.

Risk & Vulnerability Management

CyberX provides an objective risk score for your overall IoT and ICS environment along with actionable mitigation recommendations — prioritized by risk — at both the device and network layers.

Threat Detection & Response

Using five distinct, ICS-aware self-learning analytics engines, CyberX continuously monitors your IoT and ICS network to detect threats such as targeted attacks, malware, and insider & trusted third-party threats.

SOC Integration

A unified IT/OT security strategy is the optimal way to manage your overall digital risk. CyberX integrates natively with your existing security stack to OT-enable your SOC with real-time visibility into OT assets, vulnerabilities, and threats.

Centralized Management

CyberX’s scalable architecture enables centralized visibility and control across multiple tiers in the organization, giving you a unified view of IoT and ICS assets and risk across all your sites worldwide.

Advanced Use Cases