The answers your CISO needs before agreeing to a demo.

Deployment posture

CybrIQ runs as software with two components: an External Scan Engine (ESE) that polls managed switches with read-only access, and a main instance where device discovery and identity resolution happen. RoomIQ scopes the deployment to a conference room; SpacesIQ scales across a building's switch fabric. Both run on customer-provided compute. The control plane can be hosted either as a managed service or in a customer-managed environment.

No agent is installed on monitored endpoints. By default, no changes are made to switch configuration. No SPAN port, no traffic mirror, no inline tap, no probes that can change network state. The platform reads, resolves identity, and correlates. The deployment is reversible in minutes; the software can be stopped and the switches return to their prior state with no residual configuration. Optional enforcement actions (port disable, quarantine, ACL) are available on customer opt-in and use a separately scoped write community the customer's network team controls.

How the components fit together

• External Scan Engine (ESE), customer-installed. A small Linux VM (~2 vCPU / 4 GB / 40 GB) the customer's team installs on customer-owned compute. Reads each managed switch with read-only credentials the network team controls. The ESE never leaves the customer network.
• Main instance, cloud-hosted by default. SOC 2 Type II audited, hosted in the region of your choice (US, EU, or Canadian). Receives identification records from the ESE over SSL on port 443. Customer-installed main instance is available for FedRAMP-equivalent, on-premise, or air-gapped deployments.
• ESE-to-main communication. SSL only. No vendor tunnel, no VPN requirement, no inbound holes in the customer firewall. Outbound HTTPS to cybriq.io is the only network dependency for the cloud-hosted shape.
• Output. Both shapes produce identical output: signed monthly inventory exports (PDF + CSV + JSON with SHA-256), identity events into Cisco ISE / Forescout / Aruba ClearPass, and SIEM feeds into Splunk / Sentinel / QRadar.

What CybrIQ observes

• Switch-derived signals.Link negotiation, MAC OUI, LLDP/CDP announcements, port-stats footprint, and VLAN/topology context as the switch records them.
• Port and switch metadata.Switch model, port ID, port state, neighbor information, and the network path that surrounds each fingerprinted device.
• Drift events.A timestamped record each time a device's fingerprint diverges from its known signature, including the before-and-after Device DNA values.

What CybrIQ does not observe

• Application-layer payloads.CybrIQ does not capture, store, or inspect packet contents. The signature is built from packet shape and timing, not payload.
• User identity, credentials, or behavior.The platform identifies devices, not people. There is no user account model, no behavioral telemetry, no session identifier.
• Audio, video, or meeting content.CybrIQ has no path into the AV media stream, even when fingerprinting AV endpoints. The platform watches the wire, not the meeting.

Data handling and residency

Device DNA™ signatures, drift events, and audit-evidence packs are stored in a control plane the customer chooses at deployment. SaaS-managed deployments run in regional cloud environments aligned to customer data-residency requirements (US, EU, and APAC regions available; specific Azure or AWS regions confirmed during scoping). Customer-managed deployments run on infrastructure the customer hosts directly.

Encryption in transit and at rest is enabled by default in all deployment modes. Data retention is customer-configurable; the default retention satisfies the longest audit-evidence window across the standard regulated frameworks. CybrIQ employees access customer data only under named, audited support workflows tied to a specific support ticket.

CybrIQ's own security posture

CybrIQ operates the same compliance discipline our customers do. CybrIQ runs a SOC 2 Type II aligned program; controls are mapped to the AICPA Trust Services Criteria (security, availability, confidentiality), reviewed quarterly, and a control-mapping document is shared under NDA during evaluation. A formal SOC 2 Type II attestation engagement is on the roadmap. Penetration testing runs annually against the platform and the management plane; results are summarized in the security partnership package shared at evaluation. Incident response, change management, and access review programs are documented and reviewed quarterly.

For customers in regulated verticals, additional attestations (HIPAA business associate agreement, PCI scope confirmation, FedRAMP path) are scoped during the working session.

Security partnership package

A standing package is available to customer security teams during evaluation:

• SOC 2 Type II control-mapping document (under NDA).
• Architecture diagram with data-flow and trust-boundary annotations.
• Penetration test summary, most recent cycle.
• Vendor-risk questionnaire (CAIQ, SIG-Lite, custom) responses.
• Sample DPA and BAA for customers requesting them.

Reach the security partnership team directly at contact_us@cybriq.io. Most packages are delivered within one business day.

Patented Device DNA™

The Device DNA approach is patented. CybrIQ ships and supports the platform under license; the underlying method has been peer-tested across customer deployments. Detailed patent and IP information is shared under NDA on the demo call.