Meet CybrIQ at InfoComm 2026 · Booth C5052 · June 13–19 · Las Vegas · Pre-book a working session →
CybrIQ
Glossary

The terms, defined plainly.

Written for the reader who hasn't spent the last decade in network security. The definitions below are how CybrIQ uses each term across the site, in plain language.

Layer 1
The physical layer of a network. Where electrical signals are sent across copper or fiber. The OSI model puts seven layers on top: switching at Layer 2, IP routing at Layer 3, TCP at Layer 4, all the way up to applications at Layer 7. Most security tools work at Layer 2 and above. CybrIQ works at Layer 1, which is why it can identify devices that disagree with what they say about themselves at higher layers.
Device DNA™
CybrIQ's patented signature for each connected device, derived from observable Layer 1 behavior: link negotiation pattern, MAC OUI, packet cadence, response shape, and timing characteristics. The signature does not depend on what the device says about itself, which is why it catches devices whose self-reported descriptors are wrong, spoofed, or modified upstream.
Drift
A change between the device that was previously known on a port and the device that is currently on it. The codec was swapped, the port was repurposed, an unmanaged switch appeared, a contractor laptop showed up. CybrIQ detects drift by comparing the current Layer 1 fingerprint to the prior one, and surfaces it as a discrete event the security team can act on.
NAC (Network Access Control)
A class of security tooling that controls which devices are allowed onto the corporate network. NAC operates at Layer 2 and above; it sees the corporate VLAN and enforces admission policy on it. NAC does not see Layer 1 behavior, which is why unmanaged switches behind a single drop look like one endpoint to NAC and four endpoints to CybrIQ.
EDR (Endpoint Detection and Response)
A class of security tooling that runs an agent on managed endpoints (laptops, servers) to detect and respond to threats on those endpoints. EDR sees what the agent sees. Devices that ship without an agent class (codecs, signage, IoT, biomed gear, kiosks) are outside EDR's coverage. CybrIQ identifies them by the wire, not by an agent.
Audit-defensible Layer 1 evidence
A per-device, per-port, dated record of what was on the network and how its identity was verified, in a form an audit firm takes at face value. Distinct from "operational status" (the control system says the room is green). The audit asks for the wire; CybrIQ produces it.
Visibility gap
The space between what NAC, EDR, and asset-management tooling can see, and what is actually on the network. Conference-room codecs, unmanaged switches, contractor gear, vendor-managed devices, IoT sensors that ship without an agent class. The visibility gap is where audit findings come from and where attackers walk in.
Asset register
The internal list of devices the organization believes it has on the network. Built from procurement records, deployment tickets, and biomed/HTM inventories. Authoritative on day one and fiction by next quarter, because the network changes faster than the spreadsheet. Read more in "The asset register lies."
Working session
CybrIQ's framing for a 30-minute scoped engagement. Five minutes of scoping, twenty minutes of running the platform live against one of the customer's environments, five minutes of decision. The artifact at the end (a Device DNA™ inventory of one room or one building) stays with the customer either way.
Layer 1 record
The continuously maintained, per-device, per-port output of the CybrIQ platform. Different scopes (RoomIQ at the room level, SpacesIQ at the building level) feed the same record. The record is the underlying fact base that the audit-evidence pack, the drift events, and the framework mappings all draw from.
NDAA Section 889
A US federal regulation prohibiting covered telecommunications equipment from Huawei, ZTE, Dahua, Hikvision, and Hytera in federal contractor environments. CybrIQ identifies these vendors by Device DNA™ regardless of label, and policies block them on detection. See NDAA 889 Enforcement for detail.
Device fingerprint
A signature derived from how a device behaves on the network, used to identify it. Behavioral fingerprinting (used by classification platforms) reads behavior at higher layers. Layer 1 fingerprinting (CybrIQ's Device DNA™) reads electrical behavior at the wire. The two are complementary.
Agent
A piece of software installed on a device to monitor or manage it. Many security tools depend on agents for their visibility (EDR, MDM, agent-based asset management). Devices that cannot accept an agent (codecs, IoT sensors, biomed gear, signage players) are outside agent-based coverage. CybrIQ does not require an agent on monitored endpoints.
Layer 2
The data-link layer of a network. Where switches forward frames using MAC addresses. NAC operates at Layer 2 and above. The visibility gap CybrIQ closes is everything below it.
Evidence pack
CybrIQ's audit-defensible artifact: a per-device, per-port, dated record scoped to the customer's environment and pre-mapped to the framework being audited. The shape audit firms increasingly accept on first reading.

The vocabulary lands faster on a real environment than in a glossary.

Bring one of your rooms or one floor of one building. By the end of the working session, the terms above will mean something specific to your network.

Book a Working Session Read the Articles
Patented Device DNA™ SOC 2 Type II aligned NDAA 889 aligned Engineered for the AV channel InfoComm 2026 · Booth C5052