Home / Products / ThreatIQ

ThreatIQ

Air-gapping keeps the internet out — not the threats. ThreatIQ is a comprehensive internal defense layer for isolated and classified networks, combining vulnerability assessment, insider-threat analytics and compliance benchmarking in one appliance.

Air-Gapped Ready 1,000+ Event Patterns CIS · DISA STIG One-Click Reports
ThreatIQ threat analysis interface
The Problem

Isolation is not immunity

Modern ICT infrastructure is sourced globally — creating inherent exposure to supply-chain compromise. Vulnerabilities can be embedded in imported equipment and software long before they reach your network, and insider threats persist even inside fully air-gapped environments.

Traditional security tooling assumes an internet connection for updates, telemetry and scanning. Isolated networks are left with the highest stakes and the fewest defenses. ThreatIQ was built for exactly this gap.

  • Designed offline-first — every capability operates fully inside the air gap.
  • Dedicated appliance — hardware installed in the LAN with lightweight clients on each endpoint.
  • One-click evaluation — consolidated, actionable reports with prioritized remediation.
Global supply chain network exposure
Three Integrated Capabilities

One layer, complete internal defense

Vulnerability Assessment

Identify and prioritize weaknesses across all technology components — assessed independently, reported together with remediation guidance.

User Behavior Analytics

Detect anomalous or malicious insider activity before it escalates — eight behavioral criteria, over 1,000 specific event patterns.

Compliance Benchmarking

Compare security configurations against CIS benchmarks and DISA STIG — gaps highlighted, alignment with international standards ensured.

Vulnerability Assessment

Six technology layers, assessed independently

ThreatIQ evaluates each layer of your stack on its own, then generates a consolidated report with remediation recommendations.

/01

Malware Scanning

Detects viruses, ransomware and malicious software that bypassed preventive controls.

/02

Software Assessment

Flags flaws in third-party and custom software that could enable unauthorized access.

/03

OS Assessment

Evaluates outdated components, unpatched issues and configuration weaknesses.

/04

Web Applications

Identifies SQL injection, XSS and common web threats per the OWASP Top Ten.

/05

Malicious Traffic

Monitors for data exfiltration, malware communications and unauthorized access attempts.

/06

Services & Network

Port scanning and service analysis following NIST SP 800-115 methodology.

Security operations monitoring dashboards
Behavior Analytics & Deployment

Watching the inside, continuously

Insider activity is monitored across eight behavioral criteria, with over 1,000 specific event patterns enabling proactive anomaly detection — so security teams can respond before threats escalate.

  • Dedicated hardware appliance deployed inside the protected LAN — nothing leaves the network.
  • Lightweight endpoint clients provide continuous monitoring with minimal footprint.
  • Segmented architectures supported — designed for two-line networks separated by a physical or logical air gap.
  • One-click evaluation generates consolidated, actionable reports for leadership and operators alike.
Standards Alignment

Benchmarked against the best

CIS Benchmarks DISA STIG OWASP Top 10 NIST SP 800-115
FAQ

ThreatIQ questions, answered

What is ThreatIQ?

ThreatIQ is an internal defense platform by Visionbotix designed for air-gapped and classified networks. It combines three capabilities in one appliance: vulnerability assessment across six technology layers, user behavior analytics for insider threat detection, and compliance benchmarking against CIS and DISA STIG standards.

How does ThreatIQ work without an internet connection?

ThreatIQ is built offline-first. It deploys as a dedicated hardware appliance inside the protected LAN with lightweight monitoring clients on each endpoint. All scanning, analytics and reporting run fully inside the air gap — nothing leaves the network.

What does ThreatIQ assess?

Six layers, independently: malware exposure, third-party and custom software, operating systems, web applications (OWASP Top Ten), malicious network traffic, and services/ports per NIST SP 800-115 — then it generates a consolidated report with prioritized remediation. It also monitors user behavior across eight criteria with over 1,000 specific event patterns.

Defend the network inside the walls

See ThreatIQ evaluate a representative environment and generate its consolidated security report — live.

Request a Demo