CybrIQ × Utelogy · integration architecture
CybrIQ
CybrIQ × Utelogy/Integration
How the two products coexist

Two independent stacks. One shared physical surface.

Utelyze reads AV and UC endpoints through manufacturer APIs and its own agent. CybrIQ reads the managed switches those endpoints attach to, via SNMP with read-only credentials. The two products do not exchange data with each other and do not share a dashboard. Each emits independently to the customer's existing ITSM, SIEM, and NAC. The only thing they share is the customer's managed switch fabric.

Two products coexisting on the same shared physical surface. The customer's managed switches are read by two complementary but independent tools. The Utelyze stack reads AV and UC endpoints (Zoom Rooms, Teams Rooms, Webex, Cisco endpoints, codecs, cameras, microphones, displays, room PCs) through manufacturer APIs and the Utelogy monitoring agent. The CybrIQ stack reads the same managed switches via SNMP with read-only credentials, capturing Layer-1 signals (link negotiation, MAC OUI, LLDP, port statistics, VLAN context). There is no software integration or data exchange between the two products. Each emits independently to the customer's existing tools: ITSM (ServiceNow), SIEM (Splunk, Sentinel), NAC (ISE, Forescout). The shared layer is the managed switch infrastructure; everything above the switch runs in two separate stacks.

What each side reads

Utelogy side

Utelogy reads from the AV and UC endpoints in each room through manufacturer APIs, REST integrations, and its own monitoring agent where the endpoint supports one. The data set includes:

  • Live device health and uptime per endpoint.
  • Video conferencing platform status (Teams, Zoom, Webex, and the wider list).
  • Firmware versions and configuration mismatches.
  • Usage data and performance metrics per room.
  • Room and estate overview maps.
  • Self-healing automation events (the room remediated itself; we still want to know).

CybrIQ side

CybrIQ reads from the managed switches the AV and UC endpoints attach to. The data set includes:

  • Link negotiation pattern per port.
  • MAC OUI of every device.
  • LLDP / CDP TLV ordering and vendor-specific advertisements.
  • Port statistics, error rates, and link history.
  • VLAN context and topology.
  • Layer-1 fingerprint (Device DNA™) matched against the 750-million-device reference library.

What the two products do not share

Naming the limits matters. The two products run independently:

  • No data exchange between vendors. CybrIQ does not push device identity into Utelyze, and Utelyze does not push room context into CybrIQ. Each tool operates in its own data plane.
  • No shared dashboard. Utelyze runs at utelyze.utelogy.com (or the customer's on-prem Utelyze install). CybrIQ runs at app.cybriq.io (or the customer's on-prem CybrIQ install). Two URLs, two authentication realms, two operator teams.
  • No shared credentials. Each product is administered by its own credentials and its own RBAC.

The customer typically routes both products' outputs into the same downstream tools (ITSM, SIEM, NAC), and the customer's operations team correlates there. That correlation happens in the customer's stack, not in either vendor's product.

What the customer installs

  • Utelyze. Utelogy-hosted cloud by default, or customer-installed (Utelogy offers both shapes).
  • CybrIQ External Scan Engine (ESE). Customer-installed on customer hardware. One ESE handles up to 500 switches.
  • CybrIQ main instance. CybrIQ-hosted in the cloud by default, with an on-premise option for regulated environments. SSL between ESE and main, inside the customer network.

What the customer does not need

  • No SPAN port, mirror port, or inline tap (CybrIQ side).
  • No agents on AV endpoints, room PCs, or peripherals (CybrIQ side; Utelogy uses its own monitoring agent where the endpoint supports one).
  • Vendor-cloud-dependency is optional: both Utelogy and CybrIQ default to cloud-hosted main components, and both support fully customer-installed on-premise shapes for regulated environments.
  • No new firewall openings to third-party clouds.
  • No new credentials beyond what Utelogy and CybrIQ each already require.

What the first 90 days look like

The deployment timeline is owned by the integrator on the Utelogy account. The diagram below is the standard 90-day shape; under the managed-service tier where the integrator runs the operator role end to end, the same shape compresses to roughly six weeks.

A horizontal five-phase timeline covering the first 90 days of adding CybrIQ to a Utelogy customer account. Week 1 readiness: scope agreed, host hardware identified or cloud tenancy provisioned, SNMP read-only credentials prepared by the customer's network team, integrator change-management window booked; deliverable is a signed readiness checklist. Week 2 install: CybrIQ instance provisioned or installed on customer hardware; first Layer-1 identifications surface within hours; Utelyze continues operating unchanged; deliverable is the first per-port inventory. Month 1 baseline: authorization-list policy reviewed, threshold tuning per VLAN, integrator-as-operator runbook set if managed-service tier is selected, first NDAA Section 889 sweep with the covered-entity deviation report; deliverable is the baselined policy plus the first signed inventory PDF. Month 2 evidence: signed audit-trail exports in CSV and JSON with SHA-256, controls-mapped pack against NIST 800-53 / 800-171 / CMMC L2 / Section 889, monthly inventory PDF to the CISO mailbox; deliverable is the audit-grade evidence pack. Month 3 steady state: predictable event volume, L1 tickets drop roughly 58 percent from baseline, quarterly review cadence with the integrator, first signed inventory to the renewal carrier; deliverable is the steady-state managed-service cadence. Footnote: the same shape compresses to about six weeks under the managed-service tier where the integrator runs the operator role end to end.

Downstream destinations

Both tools feed the same existing customer infrastructure. Identity events (CybrIQ) and operational events (Utelogy) emit on RFC 5424 syslog and REST, with structured-data fields that the customer's SIEM, NAC, ITSM, and compliance platforms can route on.

  • ITSM. ServiceNow (and others). Tickets auto-tagged with room context and device identity.
  • SIEM. Splunk, Splunk Cloud for Government, Microsoft Sentinel, IBM QRadar, Elastic.
  • NAC. Cisco ISE (pxGrid), Forescout, Aruba ClearPass. Identity events feed NAC's policy decision; Utelogy events feed NAC's room-context awareness.
  • Compliance & GRC. eMASS (federal), Vanta, Drata, Archer, ServiceNow GRC. Signed CSV / JSON exports with SHA-256 hash.

Walk this against your network.

30 minutes with a CybrIQ engineer. We walk the integration shape against your switch fabric, your Utelyze deployment, and your existing ITSM / SIEM / NAC. You leave the call knowing whether the pairing makes sense and what the install week looks like.

Schedule a working session