Every conference room has devices on the network nobody has counted.
RoomIQ fingerprints every device behind every codec, switch, display, and wireless presenter at Layer 1, then keeps that picture current as gear gets swapped, added, or unplugged. The audit team gets a current per-room inventory. The AV team gets the device list they didn't have time to maintain.
The conference room nobody is measuring.
The codec ships with a Crestron, Extron, Q-SYS, Poly by HP, or Neat partner. The drop sits behind a small unmanaged switch. The wireless presenter, the smart camera, the IoT sensor on the table. All on the same VLAN, none of them on the corporate asset register, and none of them visible to NAC.
What an "all green" control system actually proves.
The control surface says the room is operational. That is not Layer 1 evidence. It tells you nothing about which devices are connected, what those devices really are, or whether anything has changed since the last sweep.
RoomIQ is the layer underneath. Continuous fingerprinting at the wire, validating every device against its known signature, flagging the ones that do not match.
A supply-chain implant in a conference camera.
A global enterprise rolled out hundreds of identical conference kits. Paperwork, serials, and images all looked legitimate. CybrIQ flagged one camera whose electrical fingerprint did not match the fleet. It was not a quirk. It was a supply-chain implant built to capture more than meeting minutes.
Without physical-layer validation, the implanted camera would have blended in forever. Every other sensor (paperwork, serial check, software check) cleared the device. Only Layer 1 caught what the others were not designed to see.
Audit-ready evidence, by room, on demand.
The auditor does not want a screenshot of an environmental dashboard. They want a per-device, per-port record they can take at face value. RoomIQ produces it, by room, dated and signed by what was actually on the wire at the time.
HIPAA, PCI, SOC 2, NIST, CMMC. The same evidence answers all of them, because the evidence is the network itself, not a reconstruction of it.
Four classes of threat that look exactly like the gear you bought.
If you trust what a device claims to be (its MAC, its driver, its label), you are trusting the attacker. Each of these classes of threat is in field-tested adversary playbooks today.
USB Impostors.
USB devices that pretend to be keyboards or network cards. Plug-and-play means the device is participating before the operator can review it. The OS trusts the descriptor; the descriptor lies.
Tampered AV Devices.
Cameras, microphones, and codecs that have been altered upstream of the room (in transit, in storage, or pre-deployment). Look identical, behave differently. Without a switch-derived identity signature, indistinguishable.
Rogue Adapters.
Wireless dongles, video adapters, and network connectors that quietly add an attack surface to a high-trust room. Often introduced by accident; sometimes deliberately. Either way, invisible to NAC.
Hidden Network Gear.
Unmanaged 4-port and 5-port switches stuffed behind the codec to extend connectivity. They create downstream ports nobody on the IT team commissioned. RoomIQ catches the change in the codec's switch-derived identity signature first.
What the wire actually sees.
Device DNA derives each device's signature from switch-side signals read in read-only mode: link negotiation pattern, MAC OUI, LLDP and CDP announcements, the port-stats and counter footprint the switch already keeps, and the device's VLAN and topology context. The signature is rebuilt every time the platform validates a port, which is why a device swap shows as a new signature within seconds.
The signature does not depend on an agent installed on the device. It does not depend on the device self-reporting its identity. It depends on what the switch already knows about the device through standard read-only network management. That is why Device DNA catches the cases NAC and EDR miss: an unmanaged switch behind a contractor's drop, an IoT sensor with no agent class, a kiosk that reports as one thing and behaves as another.
Deployment is non-invasive. RoomIQ is software with two components: an External Scan Engine (ESE) that polls the room's managed switch with read-only access, and a main instance where device discovery and identity processing happen. Both run on customer-provided compute. No SPAN port, no traffic mirror, no inline tap, no agent on the endpoint, no rewiring of the room. SpacesIQ extends the same two-component architecture across a building's switch fabric.
The technical layer, kept executive-readable.
Patented Device DNA™
A signature derived from the device's actual Layer 1 behavior, not its self-reported MAC or its label. The signature stays stable when the network does and shifts when the device does.
Continuous validation
Every linked port, every connected device, validated continuously against its known signature. Drift surfaces as a discrete event the operator can act on, not as a stack-trace in a log somewhere.
Per-room evidence pack
A named export, by room, with the device list, the validation record, and the change history. The format the auditor and the CISO can both work from, without translation.
Integrator-ready deployment
Ships as an attached recurring SKU on every Crestron, Extron, Q-SYS, Poly, or Neat install. The integrator owns the room. RoomIQ owns the answer to "is the room secure?"
Five things that change inside the first quarter.
The activity is detection and validation. The outcomes are what executives sign off on.
Prevent eavesdropping.
In boardrooms and deal rooms. The class of threat that is hardest to discuss publicly is also the easiest to ignore until it happens. RoomIQ removes the assumption that the equipment is what it claims.
Cut risk at the door.
Block unapproved hardware automatically, at the moment it draws a link. Policy is enforced at first contact, not at the next quarterly review.
Shrink incident time.
Precise room, port, and device evidence in seconds. The investigation that used to take a day starts with the document the platform already produced.
Hand auditors proof.
Inventory, policies, events, and exception logs tied to place and owner. The audit team works from the platform's record directly, not from a reconstruction the security team built the night before.
Fit your stack.
Integrates with your SIEM, XDR, NAC, EDR, and ITSM for ticketing and automated response. RoomIQ is additive, not a replacement, and the integration is designed to be the easy part.
Three steps. A few weeks. Real evidence in hand.
Pick three to five high-trust rooms.
Boardroom. Trading floor conference. Operations center. Wherever a single overheard conversation or compromised device would move the company. Start where the stakes are real.
Connect RoomIQ to your environment.
The appliance lives behind the room's network drop. No agent on endpoints, no rewiring of the AV gear, no required changes to switch configuration. Setup is measured in hours, not weeks.
Run a baseline pass and review with your room techs.
The first inventory is the most useful. Walk through it with the integrator that owns the room and the security lead that owns the network. The conversation that follows decides what comes next.
What integrators and CISOs ask on the first call.
How long does deployment actually take?
A working session takes 30 minutes for one room. Continuous operation begins inside week one. The platform is producing audit-ready evidence by month one. The full deployment timeline is on the homepage.
Does RoomIQ replace our NAC or EDR?
No. RoomIQ fills the visibility gap underneath them. NAC sees the corporate VLAN; EDR sees endpoints with an agent. RoomIQ sees what neither was designed to see: the unmanaged gear, contractor laptops, and IoT devices that ship without an agent class.
Is there an agent on the device?
No agent. Device DNA™ is derived from switch-side signals: link negotiation, MAC OUI, LLDP and CDP announcements, port counters, VLAN and topology context. The device does not need to cooperate or self-report.
What hardware does the room need?
None on top of what you already have. RoomIQ is software, installed on a customer server, that polls the room's managed switch with read-only access. No SPAN port, no traffic mirror, no rewiring of the room, no required changes to switch configuration, no impact on the existing AV gear or call quality. Optional enforcement actions (port disable, quarantine) are available if you choose to enable them.
How is RoomIQ priced?
RoomIQ is a per-room recurring SKU, typically attached to integrator deployments alongside any Crestron, Extron, Q-SYS, Poly by HP, or Neat install. Detailed pricing is shared on the demo call once we understand the environment.
How does the integrator-channel motion work?
Integrator partners attach RoomIQ as a recurring line on every room they ship. Pricing is set at the partner level; margin compounds with every room added to the account. We support partners with co-marketing, the CISO-meeting answer, and the deployment artifact.
Bring a conference room. Walk out with the answer.
A 30-minute working session against one of your rooms. By the end of it you will have a Device DNA™ inventory, a continuous-validation report, and a clear answer to whether the room is what the spreadsheet said it was.