CybrIQ
● For security leaders at SMB.
Leaders site Implementation Evaluation checklist
Implementation · Evaluation checklist

A procurement-grade checklist for any device-visibility vendor, not just CybrIQ.

Print this page. Take it to every vendor you evaluate. The questions cover the seven gates a Director-level decision has to pass: scope, technical fit, integration, security posture, vendor stability, economics, and audit posture. Use the boxes; check off as each vendor answers. Where a vendor cannot answer cleanly, that's a signal.

1. Scope and visibility

  • Which OSI layer does the tool primarily detect at? L1, L2, L4-6, L7? (Determines what kinds of attack the tool can vs. cannot see.)
  • Does detection require an agent on the device being inventoried? If yes, list the supported operating systems.
  • Does detection require SPAN, mirror-port, or TAP infrastructure? If yes, what's the bandwidth requirement?
  • How are unmanaged switches handled (devices on a switch the security team doesn't control)?
  • How are spoofed identities (cloned MAC, forged certificate, relabeled hardware) handled? What signal does the tool use to detect spoofing?
  • Polling cadence on changes. How long between an actual change in the environment and the event landing in the SIEM?

2. Technical fit with your environment

  • Which switch vendors are supported? Confirm against your environment specifically; "most major brands" is not a sufficient answer.
  • Does the tool work in air-gapped or restricted-egress environments? If yes, what's the on-premise vs. cloud-control-plane split?
  • Wireless coverage: yes, no, partial? If yes, how is wireless device identity established?
  • OT and ICS protocols: covered, not covered, or partial? If covered, which protocols specifically?
  • Cloud and SaaS posture: covered or out of scope?

3. Integration

  • Egress channels: syslog, REST, webhooks, STIX/TAXII, proprietary? List them.
  • SIEM integration: which platforms have first-class integration? What's the rule-pack story?
  • NAC integration: which platforms have first-class integration? Does the integration support enforcement actions?
  • CMDB integration: which platforms are supported? Read-only or bidirectional?
  • Change-management integration: does the tool auto-suppress events that match approved tickets? Which ticketing systems?
  • SOAR integration: how does the tool flow into your existing automation playbooks?

4. Security posture and supply chain

  • What does the tool write to the network? Anything beyond read? Any enforcement actions?
  • Where does customer telemetry and operational data live? On-premise, US, EU, Canadian region options?
  • SOC 2 Type II report available on request? When was the most recent?
  • Vulnerability disclosure policy published? Bug bounty? Penetration-test report cadence?
  • Supply-chain disclosure: software supply chain documented? Any dependencies on foreign-jurisdiction services?
  • NDAA Section 889 / sanctioned-vendor screening built in or relies on customer data?

5. Vendor stability

  • Funding stage and runway. Is the company independently funded, VC-backed, public, recently acquired?
  • Customer base size and concentration. Largest customer percentage of revenue?
  • Source-code escrow available if it's material to your procurement?
  • Reference customers in your industry and revenue tier (subject to permission)?

6. Economics

  • Pricing model. Per-device, per-room, per-deployment, per-switch, percentage of revenue?
  • First-year all-in cost for your environment shape (request a written estimate).
  • Contract length minimum. Annual, three-year minimum, longer?
  • Renewal price-increase cap, if any?
  • Pilot terms: no-fee, partial-fee, full-fee? Duration? What's yours at the end regardless of decision?

7. Audit and evidence posture

  • Which compliance frameworks does the tool produce evidence packs for, out of the box?
  • Are the evidence-pack exports signed at the control plane? Can your auditor verify the signature?
  • Are the artifacts forwardable to your insurance carrier in the format brokers and underwriters expect?
  • Sample artifact available before pilot kickoff (anonymized) so your audit lead can review the shape?
  • Customer-data export on contract termination: timeline, format, certification?
How to use this checklist. Most Directors run two or three vendors through this list in parallel during evaluation. The pattern that emerges quickly: vendors who give clean, specific answers to all seven sections vs. vendors who hedge on the technical sections (1, 2, 3) or who can't answer the security-posture section (4) without escalating. The hedge is the signal. The vendor that gives you the cleanest read on the boundary is usually the one whose technology actually sits where they say it sits.

Want CybrIQ's answers to all seven sections in writing?

A live demo of the platform and a conversation about whether CybrIQ fits your environment. The checklist is yours to use against us and any other vendor you're evaluating.

Book a demo