Cyber Intel Matrix (CIM)

About us:

Our company is dedicated to the development of a CTI (Cyber ​​Threat Intelligence) device system with ICS (Industrial Control System) specifics. In 2019, our product won the ITBusinness Awards product development grand prize. With our 100 percent self-developed solutions, we strive to provide an effective solution to emerging CTI challenges in both the industrial environment and critical infrastructures. In addition to development, we are passionate about gathering information, so we also place great emphasis on threat hunting activities. Our team consists mainly of talented young people, but of course there are also some of us who have 15-20 years of experience in either software development or intelligence.

In our products, services and capabilities, we strive for professional efficiency in the field of CTI as widely as possible.



Complex CTI software system with ICS specifics. The essence of CTI is that before the incident occurs, we collect data on the possible attackers, methodologies, directions, motivations in the most varied ways. Accordingly, the software system serves dynamic protection, not static protection.

Intel Services (Entity Monitoring):

We collect as much data as possible (darknet, clearweb) on the Internet in order to be able to feed our complex CTI system with sufficient Intelligence (Intel) data. This constantly, dynamically expanding data lake gives us the opportunity to search for entities in a targeted way, even in forums operating on the Dark Web.

Black Pots (Generic / commercial honey pots), Honey net:

Honey pots are cyber security tools that serve as a kind of trap system for attackers. During the application of these tools, we can get information about the attackers’ methods, orientation, interests and tools. We also deal with self-developed honey net construction, the aim of which is to emulate a complete system corresponding to the characteristics.


Cyber Intel Matrix Platform (CIM system):

The essence of the system and the basis of its success is that it does not focus on static defense capability, but on Threat Hunting activity, ie attack prevention, risk-threat identification with automated information collection and classification even before the attack.

Within the system, we operate solutions such as BlackPots, Malwerlab, Stix graph and cyber intelligence.

The system collects information about attacking devices, threatening locations, methods, and information needed to identify an attacker. From these data we can deduce motivations and specific directions of attack.

The system specializes in ICS, ie industrial controllers, with worldwide coverage based on a Black Pot system with 150+ custom-developed and installed industrial controllers.

ICS Threat Feed:

In addition to software development, we place great emphasis on data collection and carry out independent Intelligence activities in order to properly support and serve our services and products.

Within this, we perform various data collections continuously on a daily basis, both manually and automatically, using a specialized methodology. We create specific databases (data lake), we use AI-driven algorithms in both data collection and data processing analysis. We also carry out Socmint activities.

The essence of the service is that we can monitor and search for entities on both the clear web and the dark web, either in static sources or in dynamic daily collected sources.

Black Pots:

Black pots are generic honey pots that can be installed in a modular way and can be installed independently after the creation and customization of the characteristic.

In the commercial version, around the company’s existing infrastructure or it is possible to install these devices in order to reveal and investigate the attack attempts towards the company, their methods and peculiarities. The information obtained can be used to strengthen existing SIEM and firewall systems.

Because emulated firewalls and emulated Web services are part of the characteristic, it is possible to detect and investigate the activity of an attacker who has gone through the firewall unnoticed, not only in retrospect, but even in the process.

Please, contact us for either a PoC or an indicative offer