Two scopes. One identification method. Same evidence-grade output.

Room-level visibility for the building, the lab, or the facility.

RoomIQ is the right starting point when the conversation begins at a single room, a single building, or a single department. Common use cases in education:

• A single high school or middle school within a larger district, often as a proof of concept ahead of the district-wide rollout.
• A research building where the federal grant requirements drive the immediate inventory work.
• A library, learning commons, or makerspace with high device turnover and BYOD.
• An athletic facility with contracted-AV systems that central IT does not own end-to-end.
• A dorm or residence-hall block where IoT and personal-device sprawl drive the security-office attention.

RoomIQ runs the same External Scan Engine and the same identification engine as SpacesIQ. The difference is sales scope: you license the rooms or building you have in scope today, with a clean upgrade path to SpacesIQ when the program expands.

Whole-building, multi-building, and campus-wide inventory.

SpacesIQ is the form factor most institutions adopt when the goal is the audit-defensible inventory across the entire managed-switch estate. For most K-12 districts and most higher-education campuses, SpacesIQ is the right shape because the audit and compliance work that drives the conversation is institution-wide, not building-specific.

SpacesIQ deploys with one or more External Scan Engines depending on the managed-switch count. One ESE handles up to 500 switches. Most K-12 districts of any size and most mid-size universities fit comfortably under that ceiling with a single ESE. Larger universities (or multi-campus systems) deploy two or more ESEs against the same main instance.

Layer-1 signals from each managed switch.

CybrIQ reads from the managed switches the customer already operates. The data set:

• Link negotiation pattern. Speed, duplex, autonegotiation behavior, and the timing fingerprint produced when the device handshakes with the switch port.
• MAC OUI. The first three bytes of the MAC address identify the manufacturer. We resolve the OUI against the IEEE registry and our own enriched manufacturer database (which includes OEM relabeling, downstream brands, and named-subsidiary mapping).
• LLDP and CDP advertisements. Most managed devices advertise their identity over Link Layer Discovery Protocol or Cisco Discovery Protocol. Where the device advertises, we read the advertisement.
• Port statistics and link history. Error rates, link flaps, port utilization. Operational signals the network team uses for troubleshooting are part of what we collect.
• VLAN and trunk context. Which VLAN the device sits on, which trunks it traverses. Useful for the security team's policy work.

The combination of these signals produces a Layer-1 fingerprint we call Device DNA™. Matching the fingerprint against the 750-million-device reference library produces the vendor and model identification.

What the institution installs.

• External Scan Engine (ESE). Customer-installed on a small Linux VM inside the institution's network. Communicates outbound only, over SSL, to the main instance. We provide the spec; you provide the VM.
• Main instance. CybrIQ-hosted in the cloud by default, with an on-premise option for institutions with stricter data-residency policies. The main instance hosts the inventory, the search interface, the export pipeline, and the integration endpoints.

What the institution does NOT install:

• No agents on student or staff devices.
• No agents on lab instruments, classroom AV, or building-automation hardware.
• No SPAN port, mirror port, or inline tap.
• No new firewall openings beyond what the ESE needs to reach the main instance.
• No new network credentials beyond the read-only SNMP credentials your team already provisions for monitoring tools.

Data flows where the institution already works.

The CybrIQ inventory is consumed in the systems the institution already operates. We do not require teams to switch consoles.

• ITSM and CMDB. ServiceNow, Cherwell, Ivanti, Jira Service Management. Configuration items receive vendor, model, switch-port location automatically.
• SIEM. Splunk, Microsoft Sentinel, IBM QRadar, Elastic, LogRhythm. Identity events emit in RFC 5424 syslog and JSON over HTTPS.
• NAC. Cisco ISE (pxGrid), Forescout, Aruba ClearPass. Identity context flows into NAC policy decisions.
• GRC and compliance. Vanta, Drata, Archer, ServiceNow GRC. Signed CSV and JSON exports with SHA-256, attached to the relevant control evidence.
• Direct download. The signed monthly inventory PDF, CSV, and JSON download from the CybrIQ console. Forwardable as email attachments to the cyber-insurance carrier, the auditor, or the federal grant office.