Tools for the ICS Cybersecurity Community
Our community tools represent the countless hours and dedication towards improving the ICS cybersecurity landscape and the resources provided to aid the defense against attacks. Each tool has humble beginnings, many starting out as “after work” projects, but now offer a base-level capability that we’re proud to offer to the community. We hope these tools provide a significant step forward for those who are just beginning their ICS cybersecurity journeys, paving the way for more robust technology adoption with the Dragos Platform.

CyberLens
A free community tool that provides asset visibility into ICS networks.
In 2013, the Department of Defense gave permission to three employees to develop a tool in their off-hours — the CyberLens tool. These employees, Dragos founders Justin Cavinee, Jon Lavender, and Robert Lee, created CyberLens as an assessment tool to help the community quickly process packet captures and visualize ICS environments.
The analysts were later joined by Matt Luallen and formed an LLC called Dragos Security. The purpose of the LLC was a protective legal entity for the housing of CyberLens, so development could continue in the off-time with the intent of getting it out to the community for training and assessment purposes.
CyberLens is intended for packet captures under 10Gb that include a few hundred assets or less. CyberLens provides basic protocol inspection for major protocols, such as ModbusTCP and DNP3, and customizable fingerprints based on ports.
-
Captures under 10Gb
-
Provides basic protocol inspection for major protocols
-
Customizable fingerprints based on ports
Sophia
A free community tool for safe, continuous, passive discovery of ICS networks and assets.
Originally developed in 2012 at Idaho National Laboratory as “Sophia,” the exclusive rights to commercialize the tool were awarded to NexDefense in 2013. At NexDefense, the tool was rebranded as “Integrity” and underwent massive improvements before being acquired by Dragos in 2019 and returned to “Sophia.”
During development, it was apparent that Sophia had a role to help the community as a private sector offering. NexDefense enlisted the help of numerous colleagues and developers to extend Sophia beyond the initial vision and turn it into an even more highly-capable and scalable tool. The tool garnered positive recognition as an RSAC Innovation Sandbox finalist, Gartner Cool Vendor, and best network security solution by Cyber Defense Magazine.
Sophia is intended for packet captures of any size with asset counts of up to 100,000. Sophia provides ongoing industrial asset identification, ICS network, and data flow visualization with basic deep packet inspection of ICS protocols–such as ModbusTCP, DNP3, EthernetIP, BacNet, and OPC UA–and customizable fingerprints based on ports.
-
Counts of up to 100,000
-
Ongoing industrial asset identification & ICS network and data flow visualization
-
Customizable fingerprints based on ports
Dragos Industrial Cybersecurity Product Comparison
Our community tools offer baseline protection for your ICS networks. Dragos does not offer support for these tools, however, you can get more robust support and capabilities with our paid products. See how each tool stacks up below.
CYBERLENS Free Community Tool | SOPHIA Free Community Tool | DRAGOS PLATFORM | NEIGHBORHOOD WATCH | |
---|---|---|---|---|
Passive Asset Identification | ||||
Ongoing Asset ID | ||||
Shared Threat Detection | Optional | Optional | ||
Threat Analytics | ||||
Investigation Playbooks | ||||
Support Available | ||||
ICS Threat Intelligence | ||||
Professional Services | Optional | Threat Hunting Included | ||
Scale | 500 Assets Assessment Only | Single Site Only | Small to Global | Small to Global |
Cost | FREE | FREE | Paid | Paid |
REGISTER | REGISTER | REQUEST A DEMO | LEARN MORE |

Get more robust ICS cybersecurity support and capabilities.
While Dragos does not provide support for these two free community tools, you can get comprehensive asset ID, threat detection, and response capabilities with the Dragos Platform.