Advanced ICS Network Security Monitoring

SpyGOOSE is an advanced ICS Intrusion Detection System. SpyGOOSE monitors all network traffic identifying threats to your critical infrastructure. Unauthorized devices and communications, attacks on the protocol and invalid function codes are all identified and reported in real time.

SpyGOOSE is a watchdog on the SCADA network, constantly monitoring all traffic that traverses at the Switch level.

SpyGOOSE detects

  • Man In The Middle Attacks
  • Unauthorized Devices
  • Attacks on the protocol
  • Invalid Function codes
  • Malformed packets
  • And more

SpyGOOSE is 100% Passive and has 0% Impact on the Network


Without all the extra bells and whistles that provide no additional security capabilities, SpyGOOSE runs very lean and delivers critical security data in real time. You don’t need another GUI. SpyGOOSE delivers security events directly to your IPS/Firewall management console, your syslog server or your SIEM.


Because SpyGOOSE is delivered as an application or virtual machine, you can deploy it almost anywhere. With minimal hardware requirements (2 cores of CPU and 2 GB of RAM) there is no need for more expensive equipment. Also, SpyGOOSE knows your SCADA protocols and doesn’t require specific modules be loaded.


SpyGOOSE can be delivered as a Linux application or as a virtual machine. Minimize your costs by deploying on available compute resources without the requirement to purchase separate hardware. SpyGOOSE is a perpetual license, you pay once for the software and then pay only for maintenance and support. Site licenses are available for larger companies.

Setup is Easy

Just like any other network device, SpyGOOSE must be configured for your network. Once configured, SpyGOOSE requires no initial tuning and will immediately begin monitoring network traffic.

Sees Everything

Unlike traditional IDS systems that ignore Layer 2 traffic, SpyGOOSE specializes in capturing and analyzing the Layer 2 traffic and everything above it. Everything that connects to the network must communicate at Layer 2.

Integrates with Your Infrastructure

Because SpyGOOSE alerts are not sent via proprietary messages, they are easily integrated into virtually any event management system. You don’t need another event monitoring console. You don’t need another stovepipe solution or point product that stands alone. SpyGOOSE integrates with every SIEM product. Is your SIEM too far away to get realtime alerts? SpyGOOSE also integrates with most firewalls or IPS solutions. Your messages can be collected by almost any sensor and forwarded in the same way other events are sent to the data center.

Get answers and advice

Our goal is to answer all your questions in a timely manner.

Subscribe to newsletter