[COMING_SOON_ARABIC] المحتوى العربي لهذه الصفحة قيد التوطين. يُعرض المحتوى الإنجليزي أدناه.
🛡️ Request a Demo
See CyberDragon Live
45-minute guided session — live threat chain detection across IT & OT with Analyst Copilot walkthrough.
Confirmed within 2 hours · No commitment required
🎁 Free Trial · $0
Start Your CyberDragon Free Trial
1 Edge collector, full network discovery, 7 days — no credit card required.
Standard Plan
Get Standard Plan
$980 USD/month platform fee — includes 25 assets + 2 collectors. Total updates with asset and collector counts.
⭐ Premium Plan
Get Premium Plan
$1,980 USD/month platform fee — includes 100 assets + 5 collectors. Total updates with asset and collector counts.
🐉 Axix Technologies · Sovereign Cyber Defense Platform
Autonomous Defense for Converged IT, OT & IIoT Environments
CyberDragon correlates telemetry from enterprise IT and industrial OT into a single autonomous detection-to-response loop — with hybrid post-quantum identity, OT safety guardrails, and multi-tenant MSSP architecture built in from day one.
Deployed across critical infrastructure, energy, defense & industrial enterprises
How It Works
From Raw Telemetry to Closed Kill-Chain
A fully autonomous pipeline — ingesting OT packets and IT logs, correlating threat chain stages, enriching with threat intelligence, and enforcing OT-safe automated response.
1
Edge Passive Collection
CyberDragon Edge captures Modbus TCP, DNP3, and OPC-UA traffic at the plant — zero footprint, no agent on PLCs or RTUs. Events buffer offline and replay on reconnect.
2
TI Fusion & Normalize
Every event passes through 15,000+ live IOCs (Abuse.ch, OTX, GreyNoise) and MITRE ATT&CK / ICS ATT&CK stage mapping — in-flight, before detection runs.
3
Kill-Chain Correlation
Cascading window correlator (W15 → W60 → W24) reconstructs multi-stage campaigns including IT→OT pivots. One incident, not a thousand noise alerts.
4
OT-Safe Response & SOAR
Temporal orchestrates approval-gated playbooks. OPA independently evaluates every action against OT safety guardrails. Analyst Copilot guides remediation with full threat chain context.
Platform Capabilities
13 Built-In Capabilities. Zero Bolt-Ons.
Every module shares the same tenant boundary, asset inventory, evidence vault, and risk scoring — not a patchwork of integrations.
ML-DSA-65 + Ed25519 hybrid JWTs on every login, API call, and Edge→Core transport. Vault-backed signing. 7-tier RBAC via OPA. Live today, not roadmap.
ML-DSA-65Ed25519NIST FIPS 204
OT Safety Guardrails
OPA independently evaluates every automated action against asset-type allowlists, dual-approval gates, and maintenance windows — even if a human already clicked approve.
OPADual-ApprovalPLC/HMI/RTU
Multi-Tenant MSSP Architecture
PostgreSQL row-level security — cross-tenant leakage is structurally impossible. MSSP Operator portal for portfolio-wide visibility, per-tenant IEC 62443 compliance tracking.
RLS IsolationMSSP PortalZero Leakage
Threat Intelligence Fusion
15,000+ live IOCs enriching every event in-flight: Abuse.ch (10K+), MITRE TAXII, AlienVault OTX, GreyNoise internet noise filtering, and control-validation workflow integration.
Abuse.chOTXGreyNoise
OT Protocol-Native Edge
Passive Scapy/libpcap on SPAN port — zero active footprint. Native Modbus TCP + DNP3 parsing. 5,000-event SQLite offline buffer with auto store-and-forward.
Modbus TCPDNP3OPC-UA
SOC Analyst Copilot
Unified incident queue, MITRE ATT&CK timeline, Neo4j risk correlation graph, note-taking, playbook execution with Temporal approval gates, and evidence trail — all in one UI.
TemporalSOARPlaybooks
Tamper-Evident Evidence Vault
SHA hash-chained audit trail per tenant. Every incident, playbook, compliance mapping, and guardrail denial is cryptographically linked. On-demand verify API for auditors.
Hash ChainMinIOAudit-Ready
Risk Scoring & FAIR Matrix
Continuous per-asset and per-tenant FAIR-inspired risk scoring updated via Kafka delta events. MITRE technique breakdown. Asset Risk Map heatmap in Analyst Copilot.
FAIRKafkaReal-Time
Compliance Framework Management
IEC 62443-3-3, NIST CSF 2.0, ISO 27001:2022, NERC CIP — per-control evidence mapping, gap analysis, and audit-ready PDF export. Not event tagging.
IEC 62443NERC CIPNIST CSF
Executive & Auditor Reporting
Template-driven PDFs in seconds: Board Summary, CISO Monthly, Auditor Packet, Gap Analysis. Live platform data — threat chain stages, MTTD, compliance posture. MinIO-archived.
Board SummaryPDFMTTD
Analyst Copilot & SOAR
LLM-guided incident triage, threat chain visualization, and approval-gated response playbooks. OPA guardrails enforce OT safety on every automated action before execution.
LLM CopilotTemporal SOAROPA Guardrails
Full-Stack Observability
Prometheus + Grafana across all 47 services. Custom cd_ metrics. Alertmanager rules for Kafka consumer lag, service health, and error rate thresholds. Platform Health dashboard.
PrometheusGrafanaAlertmanager
Deployment Options
Your Data. Your Rules. Your Deployment.
CyberDragon deploys across four models — from Axix-hosted SaaS to fully air-gapped classified networks. Same platform, same capabilities, every model.
Best for: Mid-Market & MSSPs
SaaS — Axix Hosted
CyberDragon Core runs in Axix's managed multi-tenant cloud. Tenant provisioned in days. Edge collectors deploy on-site and connect over PQC-secured transport. No infrastructure procurement needed.
Best for: Regulated Industries & Banking
Private Cloud — Customer VPC
Single-tenant Core in your AWS, Azure, GCP, or sovereign cloud VPC — managed by Axix. Your data never shares infrastructure with other customers. Contractual data residency without on-premises hardware.
Best for: National Utilities & Defense Contractors
On-Premises — Customer Data Center
Full CyberDragon Core stack in your data center. All telemetry, evidence, and audit records remain within your physical boundary. Edge collectors connect over PQC-secured transport — data never leaves your network.
Best for: Classified Networks & Nuclear Facilities
Air-Gapped — No External Connectivity
Pre-built container image bundles + offline threat-intelligence feed packages. Edge collectors buffer events locally and sync during controlled transfer windows. Zero outbound internet required for any Core or Edge operation.
Platform Comparison
CyberDragon vs Generic SIEMs & OT Monitoring Tools
Most platforms treat OT as an afterthought. CyberDragon was architected OT-native from the first commit.
Compliance is an operational outcome, not a checkbox. CyberDragon maps platform-generated evidence — incidents, audit trail, playbook executions, guardrail evaluations — directly to specific control requirements.
IEC 62443-3-3
System security requirements & security levels for industrial automation and control systems. SR1.1 through SR7.x control families.
NIST CSF 2.0
Identify, Protect, Detect, Respond, Recover functions for enterprise and converged IT/OT environments.
ISO/IEC 27001:2022
Information security management system controls and Annex A requirements with cryptographic chain-of-custody.
NERC CIP
Bulk electric system cyber security requirements. Gap analysis identifies unmet controls with remediation workflows.
Why CyberDragon
Built OT-Native. Not Retrofitted.
Every design decision was made for Purdue-segmented environments where a misconfigured automated response can trip a safety instrumented system.
Post-Quantum Identity — Today
RSA and ECDSA tokens will not withstand a cryptographically relevant quantum adversary. Every CyberDragon session is signed with ML-DSA-65 + Ed25519 hybrid JWTs, Vault-backed and verifiable now — not promised in a future release.
Kill-Chains, Not Alert Floods
Individual signature matches on Modbus function codes produce hundreds of disconnected alerts. CyberDragon's cascading correlator (W15→W60→W24) reconstructs multi-stage campaigns into one incident with IT→OT pivot context.
OPA Guardrails Independent of Approval
Unconstrained SOAR playbooks that push config changes to PLCs have caused real production outages. CyberDragon's OPA policy engine evaluates every automated action against OT safety rules independently — even after human approval.
MSSP-Native at Database Level
Single-org SIEMs force MSSPs to deploy separate instances per customer. CyberDragon implements full PostgreSQL row-level security tenant isolation — verified zero cross-tenant data leakage in regression testing.
Proof of Integrity, Not Just Existence
Standard audit logs can be altered by anyone with database admin access. CyberDragon's hash-chained evidence vault cryptographically links every entry to its predecessor — with on-demand chain verification for auditor handoff.
Detection + Validation in One Platform
Organizations run annual assessments with findings in spreadsheets while their SIEM generates unrelated alerts year-round. CyberDragon unifies detection, risk scoring, and compliance evidence in one FAIR-aligned platform and vault.
Customer Stories
Trusted by Security Teams Who Cannot Afford Downtime
From tier-1 energy utilities to MSSP operators managing multi-industrial portfolios.
★★★★★
“We evaluated three SIEM vendors and two OT-specific platforms before selecting CyberDragon. The difference was immediate: our first OT anomaly scenario was correlated into a six-stage threat chain incident in under fifteen seconds, with MITRE ICS techniques mapped on the timeline. The OPA guardrails gave our plant managers confidence that automated response would never touch a PLC without policy approval — that was the decision point for our board.”
CISO — Tier-1 Energy Utility
Oil & Gas · On-Premises Deployment
★★★★★
“Passive Edge collection was non-negotiable for us — we cannot install agents on safety instrumented systems. CyberDragon Edge deployed in two days across three substations with zero network impact. When we lost WAN connectivity during a maintenance window, the SQLite buffer held five thousand events and replayed automatically. Our OT team finally has visibility without compromising safety.”
OT/ICS Security Lead — Regional Electric Utility
Critical Infrastructure · SaaS Deployment
★★★★★
“Managing twelve industrial clients on separate SIEM instances was unsustainable. CyberDragon's MSSP portal gives us cross-tenant incident visibility with database-level isolation we can demonstrate to auditors. Per-tenant compliance tracking against IEC 62443 means we deliver audit-ready reports without manual spreadsheet work. Our analysts handle three times the client portfolio with the same headcount.”
Director of Security Operations — Managed Security Service Provider
MSSP · Multi-Tenant SaaS
★★★★★
“Our compliance team used to spend weeks assembling IEC 62443 evidence from three different tools. CyberDragon links every incident artifact to specific control IDs in the hash-chained vault — auditors get a verified chain export in minutes, not months. Detection, risk, and compliance finally share one source of truth.”
Compliance Director — Industrial Software Manufacturer
Manufacturing · Private Cloud
Pricing
Hybrid Asset-Based Pricing for Every IT/OT Deployment
CyberDragon charges on value delivered: base platform fee + per-asset usage + low-cost Edge collectors to maximize telemetry coverage and reduce network blind spots.
Cancel anytime · ISA-62443-aligned · Save 17% on annual billing
Enterprise OT Security, Priced on Value Delivered — Not Just Hardware
Same category, transparent economics. See how CyberDragon's asset-based pricing compares to platforms using per-site or opaque enterprise pricing.
Metric
CyberDragon
Dragos
Claroty
MS Defender for IoT
Charging basis
Per protected asset + platform fee
Per site / SiteStore
Per protected asset + modules
Per site or per device
Entry price
$980/mo (Standard)
~$10,000/yr entry tier
From ~$150,000/yr
$70–$400+/site/mo
300-asset example (annualized)
~$51,792–$110,160/yr
Not publicly disclosed at this scale
$150K–$1M+/yr
Requires M365 E5 / Defender P2
Native OT protocol parsing
✓
✓
✓
Partial
Post-quantum identity (ML-DSA-65)
✓Live today
✗
✗
✗
Air-gapped, no outbound internet
✓
Partial
Partial
✗
MSSP multi-tenant portal
Built-in
Partner program
Partner program
Limited
Deployment model
SaaS, Private Cloud, or Air-Gap
On-prem / hybrid
On-prem / hybrid / cloud
Cloud-tethered only
*Competitor pricing based on publicly available vendor data and third-party review platforms as of July 2026. Dragos and Claroty do not publish per-asset rates; figures reflect industry-general estimates and typical published entry tiers. Actual enterprise contract pricing varies by deployment size and is individually negotiated.*
Pricing FAQ
Your subscription begins automatically at the plan rate you selected unless you cancel before the trial ends. You will receive email reminders before billing starts. Cancel anytime from your tenant admin portal with no penalty on self-serve plans.
CyberDragon uses hybrid asset-based pricing: a platform fee plus low-cost per-asset and per-Edge-collector overages. Standard starts at $980/mo (includes 25 assets + 2 collectors). A 300-asset facility with 5 collectors runs about $51,792–$110,160/yr depending on plan — transparent economics vs opaque enterprise OT contracts.
Yes. Add protected assets or Edge collectors anytime from your account portal. Standard overages are $12/asset/mo and $12/collector/mo; Premium is $36/asset/mo and $12/collector/mo beyond included limits.
Free Trial and Standard have no setup fee. Premium includes advanced compliance reporting and Axix 24/7 SOC support. Deployments above self-serve limits are quoted through sales.
We accept Visa, Mastercard, American Express, and PayPal on self-serve plans. Platform fees bill monthly; asset and collector overages follow your selected billing cycle. Cancel anytime before your next billing cycle.
Yes. Annual platform billing saves 17% — Standard $9,780/yr and Premium $19,740/yr versus paying monthly platform fees.
Enterprise deployments, MSSP partnerships, and OT environments above self-serve limits — submit the form and our team will follow up from HubSpot.
FAQ
Questions Security Leaders Ask
A traditional SIEM aggregates logs and applies correlation rules — often producing high alert volume with limited OT context. CyberDragon is a converged IT/OT/IoT defense platform: passive Edge collectors parse industrial protocols natively, a threat chain correlator reconstructs multi-stage campaigns across cascading time windows, TI fusion enriches every event in-flight, and OPA guardrails constrain automated response for OT safety. It is designed for Purdue-segmented environments, not retrofitted from enterprise log management.
No. CyberDragon Edge operates as a passive collector using Scapy/libpcap packet capture on a SPAN/mirror port or network tap. It does not install software on PLCs, HMIs, RTUs, or safety instrumented systems. Edge parses Modbus TCP, DNP3, and OPC-UA from captured traffic and forwards normalized events to Core. This passive-first design is a core architectural principle.
CyberDragon supports fully air-gapped deployment via pre-built container image bundles and offline threat-intelligence feed packages. Edge collectors buffer events in a local SQLite queue (5,000-event capacity) and synchronize with Core during controlled transfer windows. No outbound internet connectivity is required for detection, response, compliance, or evidence vault operation.
It means your authentication tokens are signed with both classical (Ed25519) and post-quantum (ML-DSA-65, NIST FIPS 204 / CRYSTALS-Dilithium) algorithms today — not in a future product release. Every analyst login, API call, and Edge-to-Core transport handshake uses hybrid PQC JWTs with Vault-backed key management. If a cryptographically relevant quantum computer emerges, your identity layer retains a quantum-resistant signature path. No migration project required — it is the default token format.
IEC 62443-3-3, NIST Cybersecurity Framework 2.0, ISO/IEC 27001:2022, and NERC CIP are pre-loaded with per-control evidence mapping, gap analysis, and audit-ready PDF export. Frameworks are installed per tenant via API. Compliance posture is not static tagging — evidence vault entries and incident artifacts are linked to specific control IDs with hash-chained integrity.
Yes. CyberDragon's multi-tenant architecture is MSSP-native: PostgreSQL row-level security enforces tenant isolation at the database level, and the MSSP Operator role provides cross-tenant incident visibility, portfolio health dashboards, and read-only evidence access across managed customers. Your MSSP operates the SOC; you retain tenant-admin control over users, compliance frameworks, and data sovereignty. MSSP operators cannot write evidence cross-tenant — isolation is enforced by policy and tested in regression suites.
Free Trial is $0 for 7 days with 1 Edge collector. Standard is $980/mo platform fee (includes 25 assets + 2 collectors) with $12/asset/mo and $12/collector/mo overages. Premium is $1,980/mo (includes 100 assets + 5 collectors). A 300-asset deployment with 5 collectors runs about $51,792–$110,160/yr. Annual platform billing saves 17%. Online signup supports up to 50 Edge collectors; contact sales for larger deployments.
SaaS tenants are provisioned in days with immediate analyst UI access. A proof-of-value deployment with one Edge collector typically completes within two to four weeks, including passive tap installation, Edge configuration, and Core tenant setup. Full on-premises or air-gapped deployments with multiple Edge sites require four to twelve weeks depending on infrastructure readiness and security review cycles. Contact Axix for deployment SLAs specific to your model.
One Platform. Every Layer of Your Defense.
When your IT, OT, and IIoT environments share a converged risk surface, you need a defense platform that speaks every protocol, correlates every stage, validates every exposure, and protects every automated action — with cryptography built for the next decade, not the last one.
Hi! I'm the CyberDragon assistant. What can I help you with?
🐉
الأسئلة الشائعة
إجابات سريعة قبل حجز عرض أو جلسة استراتيجية.
ما الذي تقدمه أكسيكس في مجال ICS and OT cybersecurity؟
أكسيكس تكنولوجيز منصة مؤسسية بالذكاء الاصطناعي للنمو والعمليات والحماية — بما في ذلك ICS and OT cybersecurity — مع نشر في باكستان والخليج والمملكة المتحدة وأوروبا وكندا. تواصل معنا عبر صفحة التواصل.
هل يمكن دمج الحل مع أنظمتنا الحالية؟
نعم. واجهات API وتكاملات مع ERP وHRMS والكاميرات والتحكم في الدخول وSIEM حسب نطاق المشروع.
كم يستغرق التنفيذ عادة؟
المواقع التجريبية غالباً من أسبوعين إلى ستة أسابيع حسب الحجم والتكاملات، مع تدريب الفريق ودعم ما بعد الإطلاق.
هل تدعمون العربية والإنجليزية؟
واجهات عربية وإنجليزية متاحة للمشغلين والموظفين والإدارة في نشرات الخليج والشرق الأوسط.
كيف يتم التسعير؟
اشتراكات مؤسسية وتراخيص حسب المواقع والوحدات. تواصل معنا لمقترح مخصص بعد جلسة اكتشاف.
هل البيانات تبقى داخل المنطقة؟
خيارات سحابية وحافة ومحلية تُصمم مع فريقك لتلبية الإقامة والامتثال.
كيف أبدأ؟
احجز عرضاً أو جلسة استراتيجية عبر axixtechnologies.com/contact. تواصل معنا عبر صفحة التواصل.