Community Tools
Free ICS Asset Identification and Assessment tools for industrial cybersecurity
CyberLens
What it is: A free community tool that provides visibility into ICS networks. Developed in 2013, CyberLens was built as an assessment tool to help the community quickly process packet captures and visualize ICS environments.
How it works: CyberLens is intended for packet captures under 10Gb that include a few hundred assets or less. CyberLens provides basic protocol inspection for major protocols, such as ModbusTCP and DNP3, and customizable fingerprints based on ports.
Dragos does not provide support for CyberLens. For a full feature and supported asset identification product, please refer to the Dragos asset identification, threat detection and response platform.
*These community tools are intended for the asset owner and operator community.
Sophia
What it is: A free community tool for safe, continuous, passive discovery of ICS networks and assets. Originally developed in 2012 at Idaho National Laboratory as ‘Sophia’. The exclusive rights to commercialize the tool were awarded to NexDefense in 2013. At NexDefense the tool was rebranded as ‘Integrity’ and underwent massive improvements before being acquired by Dragos in 2019 and returned to ‘Sophia’.
How it works: Sophia is intended for packet captures of any size with asset counts of up to 100,000. Sophia provides ongoing industrial asset identification, ICS network and data flow visualization with basic deep packet inspection of ICS protocols–such as ModbusTCP, DNP3, EthernetIP, BacNet, and OPC UA–and customizable fingerprints based on ports.
Dragos does not provide support for Sophia. For a full feature and supported asset identification product, please refer to the Dragos asset identification, threat detection and response platform.
*These community tools are intended for the asset owner and operator community.
Dragos Industrial Cybersecurity Tools Comparison
