CyberX
Last updated: May 10, 2026
CyberX is an Israeli-founded IoT/OT/ICS security company, acquired by Microsoft in 2020, that developed an agentless monitoring platform for protecting industrial control systems, SCADA networks, and IoT devices—now integrated into Microsoft Defender for IoT.
Visit WebsiteCompany Overview
CyberX was founded in 2013 in Herzliya, Israel, as a pioneering developer of agentless security monitoring platforms for operational technology (OT), industrial control systems (ICS), SCADA networks, and IoT devices. The company solved a critical problem: traditional endpoint security assumes agent deployment, which is infeasible or unsafe in industrial environments where control systems run legacy software, cannot be restarted, and operate 24/7. CyberX's core innovation was network-based, protocol-aware threat detection using deep packet inspection, behavioral analytics, and machine learning to identify anomalies, vulnerabilities, and attacks without requiring software installation on critical equipment. This capability filled a market gap in the enterprise industrial cybersecurity space, where visibility and threat detection are essential but agent-based solutions are operationally impractical.
The company raised approximately $48M in venture capital from investors including Norwest Venture Partners, Qualcomm Ventures, Maverick Ventures, and others, reflecting strong market confidence in the OT/ICS security opportunity. CyberX's solution targeted manufacturing, utilities, energy, water treatment, transportation, and other critical infrastructure operators facing increasing cyber threats from both commodity attackers and nation-state adversaries. The platform's ability to detect zero-day attacks and insider threats without operational disruption made it particularly valuable for risk-averse enterprises managing legacy infrastructure that could not tolerate downtime for security updates.
In 2020, Microsoft acquired CyberX to accelerate its cybersecurity platform in the fast-growing OT/ICS market segment. The acquisition validated both the technology and the market need: Microsoft recognized that Defender for Endpoint's strength in IT security could be complemented by purpose-built OT/ICS capabilities. CyberX's technology now forms the foundation of Microsoft Defender for IoT, which provides integrated threat detection, vulnerability management, and analytics for OT/ICS/IoT environments across Microsoft's enterprise security ecosystem. This integration gives CyberX's innovation access to Microsoft's global distribution, enterprise sales channels, government relationships, and cloud infrastructure, dramatically amplifying its reach.
For defense and national-security applications, CyberX's agentless OT/ICS monitoring is strategically significant. Military installations, weapons systems support infrastructure, critical infrastructure facilities, and defense logistics networks rely on legacy industrial control systems for power generation, water treatment, HVAC, physical security, communications, and manufacturing. These systems are frequent targets of cyber attacks because their compromise threatens operational continuity and force protection. CyberX's behavioral analytics and protocol-aware detection provide visibility and threat response without disrupting military operations. NATO allies, U.S. Department of Defense, and other government customers can deploy the technology (now within Microsoft's trusted infrastructure) to protect critical OT/ICS assets against both external adversaries and insider threats.
The OT/ICS security market remains fragmented and specialized, with dedicated vendors (Claroty, Dragos, Nozomi Networks) maintaining strong competitive positions in government and critical infrastructure verticals. However, CyberX's position within Microsoft Defender for IoT provides strategic advantages: integration with Microsoft's cloud security platform, compatibility with Defender for Endpoint, and enterprise contractual relationships that create switching costs. Microsoft's commitment to OT security is reinforced by Government Cloud deployments and regulatory requirements for federal agencies to migrate to modern security platforms. CyberX's core technology—agentless network-based detection—remains defensible and difficult to replicate at scale.
Dual-Use Assessment
CyberX's agentless network-based detection of OT/ICS threats has direct, material application in both commercial and defense contexts. Commercially, the technology addresses a critical market need: enterprises and utilities cannot deploy endpoint agents on legacy SCADA and control systems without operational risk, making network-based anomaly detection the only practical monitoring approach for these systems. Defense applicability is equally substantive: military installations, critical infrastructure supporting defense operations, and weapons system support infrastructure depend on OT/ICS systems (power, water, physical security, logistics networks) that are frequent cyber attack targets. CyberX's capabilities—behavioral analytics, protocol-aware threat detection, zero-day identification—provide essential visibility without disrupting mission-critical operations. The dual-use character is genuine and balanced: the technology is not primarily a defense tool, but its core capabilities have direct military applicability, and there are no significant export control or proliferation risks relative to commercial deployment. Microsoft's integration of CyberX into Defender for IoT maintains the defensive character while ensuring responsible stewardship of the technology.
Strategic Fit Assessment
CyberX is not currently strategically relevant as a standalone equity opportunity because it was acquired by Microsoft in 2020 and is now integrated into the Microsoft Defender for IoT product line. The acquisition validates the original technology and market opportunity: Microsoft, one of the world's largest enterprise software companies, paid for CyberX specifically to strengthen its position in OT/ICS security, a market segment it recognized as strategically important and rapidly growing. for strategic readers in the original CyberX venture, the Microsoft acquisition delivered an exit; for current investors, the strategic value of OT/ICS security technology is already captured within Microsoft's ecosystem. However, the company remains analytically significant for two reasons: (1) CyberX exemplifies successful exit strategy in dual-use deep-tech, where purpose-built capabilities for a specialized market niche (OT/ICS security) attract acquisition by large platforms seeking to expand their security offerings; and (2) the integration of CyberX into Microsoft Defender for IoT demonstrates how acquired deep-tech companies can achieve massive scale and government adoption when embedded within a trusted enterprise platform. For strategic investors or government procurement, the value is realized through Microsoft Defender for IoT subscriptions and enterprise agreements, not through CyberX equity.
Strategic Value to U.S.-Israel Alliance
CyberX's strategic value lies in demonstrating how purpose-built OT/ICS security technology can achieve scale and government adoption within a major enterprise platform. OT/ICS security is a persistent strategic priority for allied governments and enterprises: as adversaries continue to target industrial control systems—evidenced by attacks on utilities, manufacturing, and critical infrastructure in Ukraine, Iran, and elsewhere—the demand for robust detection and response capabilities grows. CyberX's agentless, protocol-aware approach addresses a genuine technical challenge (visibility without operational disruption) that specialized vendors address but large platforms cannot easily build in-house. The Microsoft acquisition demonstrates that integrating acquired OT/ICS expertise into enterprise security platforms is a viable strategy for achieving government adoption and scale. For defense organizations and critical infrastructure operators, the strategic value is realized through Microsoft Defender for IoT's integration with the broader Defender ecosystem, government cloud compliance, and Microsoft's ongoing commitment to OT/ICS security as a government priority. CyberX's technology—now within Microsoft—is defensible against competition from specialized OT security vendors because it inherits Microsoft's brand trust, cloud infrastructure, and government relationships.
Key Technologies
- Agentless OT/ICS network monitoring and threat detection
- Behavioral analytics and anomaly detection for industrial protocols
- Protocol-aware deep packet inspection for SCADA/ICS communications
- Machine learning-based threat and vulnerability identification
- Asset discovery and network mapping for OT/IoT environments
Use Cases & Applications
- Enterprise OT/ICS security monitoring for manufacturing and critical infrastructure
- SCADA network protection and threat detection for utilities
- Military installation ICS/SCADA security and monitoring
- Critical infrastructure protection for defense bases (power, water, HVAC, physical security)
- IoT device security and visibility for military IoT deployments
- Defense supply chain OT security for manufacturing and logistics facilities
Sources and verification
This profile is based on public-source research, Claw & Talon curation, and editorial judgment. Inclusion does not imply endorsement, partnership, investment, or a recommendation to transact. Readers should still confirm current status, customers, funding, and product claims before relying on this profile.
Public sources
The links below are visible public references used for source discipline around company identity, status, funding, customer, acquisition, public-company, or other material claims where available.
- Official website Primary public reference for company identity, positioning, and current web presence.
- Profile update timestamp Last updated in the Claw & Talon database on May 10, 2026.
Investor Lens
What this entry is
Acquired asset
Why it may matter
CyberX may matter as a Cybersecurity entry with not currently an investable standalone company for Israeli technology research.
How an independent investor should read this
Not currently an investable standalone company. Read this profile as a starting point for independent verification, not as a recommendation or suitability assessment.
Evidence to verify
- Verify current status
- Verify technical claims
- Verify regulatory/export-control issues
Main investor questions
- Is this entry a benchmark, buyer, ecosystem node, acquired asset, or strategic reference rather than a live startup opportunity?
- What does this reference clarify about buyers, sector structure, public-market context, or strategic demand?
- Does the dual-use claim map to actual commercial and government/defense/resilience buyer evidence?
- What evidence would change the thesis or show that the profile is stale?
What not to infer
- Inclusion does not imply endorsement.
- Inclusion does not imply allocation availability or current fundraising.
- Scores do not indicate investment suitability or expected returns.
- Strategic importance does not automatically imply venture return potential.
Diligence questions
- What evidence verifies CyberX's current customer traction, deployment status, and revenue concentration?
- Which technical claims are independently demonstrable today, and which remain roadmap or pilot-stage assertions?
- Where does the product create real defense, intelligence, critical-infrastructure, or emergency-response value beyond ordinary commercial adoption?
- How does the platform integrate into existing SOC, cloud, identity, or compliance workflows without adding operational burden?
- Is the company a live venture opportunity, a mature strategic reference, an acquired asset, or primarily a market-mapping entry?
Related sector
See the Cybersecurity sector page for market context, related subcategories, and other Israeli companies in this part of the database.
Related companies
Need a diligence readout?
Use the profile and related checklists as a starting point. If the decision needs more context, request a company screen, founder-call prep, diligence memo, or sector readout.