How CybrIQ handles your network, your data, and your evidence.

Deployment posture

CybrIQ runs as a small appliance positioned behind the conference-room drop (RoomIQ) or alongside the building's switch fabric (SpacesIQ). Both modes are passive at the wire: the platform observes Layer 1 behavior, derives Device DNA™ signatures, and feeds them to a control plane the customer can host either as a managed service or in a customer-managed environment.

No agent is installed on monitored endpoints. No changes to switch configuration. No probes that can change network state. The platform reads, fingerprints, and correlates. The deployment is reversible in minutes; an appliance can be unplugged and the wire returns to its prior state with no residual configuration.

What CybrIQ observes

• Layer 1 behavior.Link negotiation, MAC OUI, packet cadence, timing characteristics, and the device's response shape to standard probes.
• Port and switch metadata.Switch model, port ID, port state, neighbor information, and the network path that surrounds each fingerprinted device.
• Drift events.A timestamped record each time a device's fingerprint diverges from its known signature, including the before-and-after Device DNA values.

What CybrIQ does not observe

• Application-layer payloads.CybrIQ does not capture, store, or inspect packet contents. The signature is built from packet shape and timing, not payload.
• User identity, credentials, or behavior.The platform identifies devices, not people. There is no user account model, no behavioral telemetry, no session identifier.
• Audio, video, or meeting content.CybrIQ has no path into the AV media stream, even when fingerprinting AV endpoints. The platform watches the wire, not the meeting.

Data handling and residency

Device DNA™ signatures, drift events, and audit-evidence packs are stored in a control plane the customer chooses at deployment. SaaS-managed deployments run in regional cloud environments aligned to customer data-residency requirements (US, EU, and APAC regions available; specific Azure or AWS regions confirmed during scoping). Customer-managed deployments run on infrastructure the customer hosts directly.

Encryption in transit and at rest is enabled by default in all deployment modes. Data retention is customer-configurable; the default retention satisfies the longest audit-evidence window across the standard regulated frameworks. CybrIQ employees access customer data only under named, audited support workflows tied to a specific support ticket.

CybrIQ's own security posture

CybrIQ operates the same compliance discipline our customers do. CybrIQ runs a SOC 2 Type II aligned program; controls are mapped to the AICPA Trust Services Criteria (security, availability, confidentiality), reviewed quarterly, and a control-mapping document is shared under NDA during evaluation. A formal SOC 2 Type II attestation engagement is on the roadmap. Penetration testing runs annually against the platform and the management plane; results are summarized in the security partnership package shared at evaluation. Incident response, change management, and access review programs are documented and reviewed quarterly.

For customers in regulated verticals, additional attestations (HIPAA business associate agreement, PCI scope confirmation, FedRAMP path) are scoped during the working session.

Security partnership package

A standing package is available to customer security teams during evaluation:

• SOC 2 Type II control-mapping document (under NDA).
• Architecture diagram with data-flow and trust-boundary annotations.
• Penetration test summary, most recent cycle.
• Vendor-risk questionnaire (CAIQ, SIG-Lite, custom) responses.
• Sample DPA and BAA for customers requesting them.

Reach the security partnership team directly at contact_us@cybriq.io. Most packages are delivered within one business day.

Patented Device DNA™

The Device DNA approach is patented. CybrIQ ships and supports the platform under license; the underlying method has been peer-tested across customer deployments. Detailed patent and IP information is shared under NDA on the demo call.