IoT full lifecycle management platform to detect and protect security threats at scale

Cyber tdx is developing an open ecosystem to help routers and gateways better protect the network against IOT attacks. This approach complements other initiatives which are enhancing IOT endpoint security. Cyber tdx accepts the fact that there are many insecure IOT devices already in the market, which are not going away any time soon. In addition, even the best IOT endpoint security can and will be compromised. Enhancing the role that the gateway can play in the detection and protection against IOT attacks is and always will be a valuable addition to a comprehensive security strategy.


Dynamic Risk

Multi factor 360 degree risk assessment using type and instance data.


Lifecycle Management

Full integration with procurement and servicing on a fully distributed basis.


Cyber Data Sources

Integrates with well known and novel data cyber sources using standard interfaces (D3).

Cognitive Security

Reason under uncertainty. Practical Zero Trust. Controllable false positive.


Share data between instances and organisations to better detect and respond.


API first design using distributed security makes it easy to integrate with legacy and partner systems.


distributed device descriptors

The Distributed Device Descriptors (D3) workstream addresses a number of problems:

  • How does a community make statements about device types, reliably and securely?
  • How can the community reason about devices reliably, whether this reasoning is human-centric or machine-centric?

D3 provides structured data of known provenance, which can be used to assert claims about how IoT devices should behave

destination-based anomaly detection

Our destination-based anomaly detection model allows for the detection and characterisation of deviations in behaviour that might indicate emerging security threats. In practice, the broad spectrum of variability between device types, from laptops to smart bulbs, and between instances of specific types makes this difficult and results in large numbers of false alarms. For this reason, our initial work has focused on developing models that have strong false alarm rate control, do not require tuning and can be deployed without the need for an explicit training period.

These images show graphical representation of the device’s destination requests on the network and the policy produced by applying the destination-based anomaly detection model

lifecycle management

Network-layer onboarding for an IoT device means provisioning network credentials to that device. The current lack of trusted IoT device onboarding processes leaves many networks vulnerable to having unauthorized devices connect to them. It also leaves devices vulnerable to being taken over by networks that are not authorized to onboard them.
To be strongly authenticated, the device asserts a specific identity, and that identity is cryptographically bound to the device. In some onboarding situations, a device may not be asserting a specific identity; instead, it may simply be asserting to be a particular type of device or to be from a particular manufacturer. In such cases, it is not possible to authenticate the device, though it may be possible to verify device type.