The platforms behind
CyberFabric's SOC.
CyberFabric's defense capability is built on two complementary platforms — a partner-provided Open XDR engine for detection and response, and proprietary decentralized infrastructure for secure, air-gapped communication. Together, they deliver a SOC that operates in any environment, with or without internet connectivity.
Stellar Cyber Open XDR
Stellar Cyber delivers a Security Operations Platform built on Open XDR with sensors that natively support OT environments. It ingests, normalizes, and enriches all security data — OT, endpoints, network, cloud, and logs — into a single repository, replacing legacy SIEMs and eliminating data silos.
CyberFabric deploys Stellar Cyber as the detection and response engine inside every SOC engagement. The platform provides the correlation, automation, and analyst tooling that allows our team to operate at machine speed while maintaining human judgment on critical decisions.
Core Capabilities
NG-SIEM
Ingests and normalizes all security data into a unified repository. Replaces legacy SIEMs with a single platform that handles OT, IT, cloud, and endpoint telemetry.
OT-Aware NDR
Collects and detects in edge environments including OT, using multi-function network security sensors. Deep packet inspection for industrial protocols.
Multi-Modal AI Detection
Automatically detects and correlates alerts using a proprietary multi-modal threat detection engine driven by machine learning. Eliminates alert fatigue.
UEBA
User and entity behavior analytics establishes baselines for every device and operator on the OT network. Anomalous behavior is flagged before it becomes an incident.
Automated Response (SOAR)
Provides automated and manual response actions in real-time. Custom playbooks execute containment in under 200ms for clear threats.
400+ Integrations
Works with your existing tools — Splunk, CrowdStrike, Palo Alto, Fortinet, Nozomi, Claroty, Dragos. No rip-and-replace required.
OT Deployment Architecture
Stellar Cyber supports multiple deployment scenarios aligned to the Purdue Model for Industrial Control Systems, adapting to each environment's constraints:
| Scenario | Stellar Cyber Architecture | Network Requirements |
|---|---|---|
| Sensors in Level 3 & 2 | Security Sensors deployed off core switches in Level 3 and Level 2. OT syslog collected directly. | TAPs optional depending on physical network |
| Sensors NOT in Level 3 & 2 | Security Sensors in Level 4 off packet broker. OT syslog via server to Level 4. | Packet Broker in Level 3, Aggregator TAPs in Level 2 |
| Unidirectional (Level 4↔3) | Sensors in Level 3 and below manually updated. | Data Diode between Level 3 and Level 4 |
| Legacy/Unmanaged Switches | Sensors off Network TAPs, or TAPs feed Packet Broker → Sensors. | Network TAPs mirror switch traffic |
| DMZ Hosts | Agent Sensors on DMZ hosts for telemetry collection. | No additional architecture impact |
Supported Industrial Protocols
Modbus TCP/RTU · DNP3 · OPC-UA · OPC-DA · BACnet · PROFINET
EtherNet/IP · S7comm · IEC 60870-5-104 · IEC 61850 · HART-IP
CIP · GOOSE · MMS · GE-SRTP · Emerson ROC
Learn more: stellarcyber.ai
Comprehensive security operations for any OT environment. Joint solution with Garland Technology for complete packet-level visibility.
Ixian Decentralized Platform
Ixian is the infrastructure layer that makes CyberFabric's SOC operate without internet connectivity, cloud services, or third-party protocols. It is an open-source decentralized data streaming platform designed for secure, seamless, and scalable connectivity — purpose-built for environments where traditional networking is a liability.
Where Stellar Cyber handles detection and response, Ixian handles the secure communication fabric between devices, sensors, and SOC nodes. It creates its own transport layer — eliminating every external dependency that makes conventional security architectures fragile.
Why Ixian for OT Security
Traditional OT security platforms depend on DNS resolution, TLS certificates from external CAs, cloud API endpoints for updates, and centralized coordination servers. Each of these is a single point of failure — and in air-gapped, classified, or high-security environments, they're unacceptable.
Ixian eliminates all of them. The platform is entirely self-contained. Device discovery uses cryptographic addresses instead of DNS. Authentication is self-sovereign via PKI — no certificate authorities needed. Data integrity is guaranteed by distributed ledger technology with a novel consensus algorithm. And all communication is post-quantum encrypted.
Architecture
Ixian is a dual-layer platform:
Consensus & Coordination
The ledger layer that tracks transactions, device identities (IXI Names), and node presence across the network. Uses a novel Proof of Collaborative Work (PoCW) consensus — combining the security of Proof of Work with the efficiency of collaborative block signing.
Redacted blockchain design means nodes don't need full chain history to operate — critical for resource-constrained OT devices.
Data Streaming & Communication
The decentralized, trustless data transmission layer. Implements the Starling presence scaling model and incentivized relay infrastructure for real-time messaging, IoT networking, and high-throughput data streaming between SOC nodes and OT sensors.
Designed to scale to trillions of connected devices with no theoretical upper limit on network size.
Core Capabilities
Cryptographic Self-Authentication
Every device, sensor, and node proves its identity cryptographically. No passwords. No certificate authorities. No centralized identity providers. Self-sovereign PKI from device enrollment to decommission.
Decentralized Device Discovery
Devices find each other using cryptographic addresses and presence packets — not DNS, IP directories, or cloud registries. Like DNS without central authorities, using IXI Names for human-readable addressing.
Post-Quantum Encryption
Communication primitives are post-quantum resilient by design. When quantum computing breaks today's encryption standards, Ixian's infrastructure won't need replacing.
Zero Internet Dependency
The entire platform operates on a self-contained mesh. No external API calls. No cloud telemetry. No vendor update channels. The SOC runs fully disconnected from the internet.
Immutable Audit Trails (DLT)
Every security event, configuration change, and access log is recorded on the distributed ledger. Tamper-proof by design. Auditors get cryptographic proof of what happened and when.
No Single Point of Failure
Fully decentralized topology maintained by distributed nodes. If any node goes down, the network continues operating. 100% uptime architecture — critical for OT environments where availability is non-negotiable.
How It Works in CyberFabric's SOC
| Traditional SOC | CyberFabric + Ixian |
|---|---|
| DNS for device discovery | Cryptographic addresses + IXI Names |
| TLS with external CAs | Self-sovereign PKI, post-quantum encrypted |
| Cloud APIs for telemetry | Decentralized S2 streaming, no cloud |
| Centralized log server | Distributed ledger, tamper-proof by design |
| Vendor update channels | Air-gapped update distribution via DLT |
| Single point of failure risk | Decentralized mesh, zero downtime architecture |
Open source: github.com/ixian-platform · Learn more: ixian.io
How They Work Together
Stellar Cyber is the brain — ingesting telemetry, correlating threats, and powering automated response across your entire OT environment. It handles everything from SIEM to NDR to SOAR in a single platform.
Ixian is the nervous system — providing the secure, decentralized communication fabric that connects sensors, nodes, and SOC operators. It ensures that security telemetry flows reliably even in air-gapped, classified, or disrupted environments.
Together, they deliver a SOC that is both intelligent (ML-driven detection, 400+ integrations, automated response) and resilient (no internet dependency, no single point of failure, post-quantum security). This is the architecture that allows CyberFabric to promise "The SOC that doesn't need the internet to protect you."