Hardware variants

Evenly monitoring all of your assets for cyberthreats can be expensive or otherwise complex

P-X cyber sensors monitor the IT that drives your OT for cyberthreats, no matter how isolated or delicately your infrastructure is setup.

Our flagship product is the P-X Node, a robust cyber sensor capable of deployment into blind spots at the fringes of your digital infrastructures. A default P-X deployment relies on a cluster of strategically deployed P-X nodes across designated cyberthreat monitoring blind spots related to air gapping, physical distribution, legacy equipment and asset isolation.

P-X nodes are available in multiple hardware configurations and can be deployed in a specific configuration according to use cases and user preference.

Available P-X hardware functionality explained

Passive tap

The passive P-X detection node is connected as a bump in the wire without being part of the network.

It has no connection other than the physical reception layer, and cannot be used as an attack vector or influence the network on a logical level.The Monitoring and alerting data generated by the P-X node is transported using RF.

Designated hardware: Passive P-X Node

Active (endpoint)

The active P-X detection node is connected to the network as an endpoint. It can be configured with a static or dynamically assigned IP address.

The primary purpose of this configuration is to serve as a breakout for P-X traffic coming from other nodes.

Designated hardware: Active P-X Node and/or Break-out Node

Active (man in the middle)

The active P-X detection node is connected as a bump in the wire where it receives and retransmits data and as such is part of the network.

The node might be approachable for attackers and functional issues could influence the network connection. On the other hand this configuration allows for active measures.

The Monitoring and alerting data generated by this node can be transported using RF or the node may spoof another endpoint and inject the data on the network. This node can also function as a breakout node.

Designated hardware: Active P-X Node

Span/mirror port

The node is connected to a span port that receives mirrored traffic.

To serve this use case, data throughput should be defined beforehand to select the right hardware capacity for the P-X engine to run on. Our default is the standard P-X detection node. which is rated up to 1000BASE-T lines, but higher capacity platforms can be made available.

Optionally this type of P-X node can be configured with a static or dynamic IP so it can send out monitoring and alerting data via the network instead of “just” via RF.

Designated hardware: Active SPAN Node


Integration with other systems


P-X natively integrates with your existing infrastructure, including SIEM dashboards, SOC environments and other central monitoring systems. This allows users to leverage their existing tools and adopt P-X without changing existing business processes and workflows. P-X embraces open exchange standards for maximum compatibility and avoiding vendor lock-in.

Simple log formats like CEF or more complex structured languages like STIX are provided. This information can be accessed through our application programming interface (API), optionally in combination with native P-X plugins tailored for specific systems like for example our QRadar Device Support Module. All exports are interpretable for: Trusted Automated Exchange of Indicator Information (TAXII), Cyber Observable Expression (CybOX), and Structured Threat Information Expression (STIX).

Security Information and Event Management (SIEM) software provides real-time analysis and leverages the users of multiple security applications and hardware to be in control of an otherwise potential quagmire of tools and alerts. P-X can be tooled to work within the framework of major SIEM providers like IBM QRadar and Splunk.


Management console

The p-x dashboard

An inability to produce actionable intel from the cybersecurity tools that need to help secure valuable digital infrastructures can pose as much of a threat as outside threat actors looking to inflict damage. Cybersecurity analysts need clear, easy to use dashboards that allow them to quickly assess relevant threat information. Default P-X alerting and reporting data is available through the threat dashboard on the P-X application.

The P-X app is the default platform for P-X’s graphical interface through which users can investigate anomalies and threats as they are being reported in real time. Our application is available for all major mobile and desktop platforms (iOS, MacOS, Android, Linux and Windows), and offers 24/7 alerting through push messages, monitoring, reporting, and support through a ticketing system

For future analysis or compliancy purposes, P-X can automatically generate management summaries called security & incident reports. These incident reports convey both general and more detailed information about incidents like raw log files in secure csv format, critical events per network and all events plotted on a timeline.

P-X Applications and reports