Stop Unknown Threats the Moment They Act Abnormally.

CPSDR: OT-native behavioral anomaly detection that prevents, not just alerts

CPSDR (Cyber-Physical Systems Detection and Response) is TXOne's OT-native behavioral anomaly detection framework. It learns what normal looks like for every network segment and every endpoint, then blocks deviations inline before impact, including the fileless and living-off-the-land attacks that signature-only tools miss.

See CPSDR in Action Read the Technical Brief

OT-Native Behavioral Detection

Detection Built for Machines, Not Users.

IT behavioral analytics model user behavior. OT environments run machines with deterministic, repetitive operations. CPSDR models the machine.

A motor driver runs the same routine every cycle. A PLC sends the same function codes every shift. A legacy HMI talks to the same endpoints on the same protocols. When that pattern changes, something is wrong. CPSDR detects the deviation and blocks it before the operation is disrupted, without waiting for a signature to exist or a SOC analyst to correlate an alert.

Capability

What is CPSDR?

CPSDR is TXOne's name for the OT-native behavioral anomaly detection that runs across Edge network appliances and Stellar endpoint agents. It combines automated baseline generation, per-asset behavioral models, and protocol-level context so that deviations are evaluated against what is normal for that machine in that environment, not against a generic IT user baseline. The result is prevention of fileless attacks, living-off-the-land techniques, insider misuse, and zero-day exploits before operational impact, without the false-positive storms that come from applying IT detection heuristics to industrial systems.

Requirements

CPSDR Challenges

Key challenges that CPSDR addresses.

01 / 04

Unknown threats reach the plant floor before a signature exists

Signature-Only Detection Misses What Matters

Fileless attacks, living-off-the-land techniques, and insider misuse leave no signature. Signature-only tools detect yesterday's threats on today's networks, and they only detect the ones someone has already seen.

Unknown threats reach the plant floor before a signature exists

Signature-Only Detection Misses What Matters

Fileless attacks, living-off-the-land techniques, and insider misuse leave no signature. Signature-only tools detect yesterday's threats on today's networks, and they only detect the ones someone has already seen.

Key Components

Core components of the CPSDR capability.

01 / 04

Automated Per-Asset Baseline Generation

CPSDR learns each asset's normal behavior automatically. No manual rule authoring, no golden-image catalogs to maintain. Stellar builds a per-endpoint baseline of allowed applications, processes, and behaviors. Edge builds a per-segment baseline of protocols, function codes, and peer relationships.

Key Capabilities

Baselines generated without security engineer intervention

Per-asset specificity instead of one-size-fits-all

40,000+ OT application repository accelerates endpoint baselining

Updates as authorized changes occur

Protocol-Aware Behavioral Inspection

CPSDR runs at the network layer with deep inspection of 180+ industrial protocols. It detects abnormal Modbus function codes, unexpected S7 block transfers, and out-of-pattern EtherNet/IP commands that IT tools cannot even parse, much less evaluate for anomaly.

Key Capabilities

180+ industrial protocols inspected at command level

Distinguishes authorized engineer changes from attack behavior

Blocks abnormal protocol usage inline in sub-seconds

Protocol-level context reduces false positives

Inline Enforcement, Not Alert-Only

When CPSDR detects a baseline deviation, it blocks it. Sub-second enforcement at the appliance or endpoint, without a 35-45 minute coordination window between a detection platform and a firewall. Hardware bypass on Edge guarantees that if the appliance fails, traffic continues flowing so your production line does not stop.

Key Capabilities

Sub-second inline blocking at wire speed

Hardware bypass fail-safe on Edge

Application lockdown on Stellar prevents execution

No dependency on external enforcement vendors

L

Legacy-System Coverage IT EDR Cannot Deliver

CPSDR runs on Stellar agents that cover Windows 2000 through Windows 11, including Windows XP and Windows 7 systems IT EDR has dropped. Behavioral baselines protect the legacy endpoints that attackers target first, extending secure life 7-10 years while avoiding $2-5M per-system replacement cost.

Key Capabilities

Windows 2000 through Windows 11 behavioral coverage

95% attack surface reduction on legacy assets

$2-5M cost avoidance per legacy system

7-10 year secure life extension

Automated Per-Asset Baseline Generation

CPSDR learns each asset's normal behavior automatically. No manual rule authoring, no golden-image catalogs to maintain. Stellar builds a per-endpoint baseline of allowed applications, processes, and behaviors. Edge builds a per-segment baseline of protocols, function codes, and peer relationships.

Key Capabilities

Baselines generated without security engineer intervention

Per-asset specificity instead of one-size-fits-all

40,000+ OT application repository accelerates endpoint baselining

Updates as authorized changes occur

Outcomes

01 / 04

Sub-second

Inline blocking on baseline deviation

Sub-second

Inline blocking on baseline deviation

OT-native threat signatures

OT applications in recognition repository

Minute ransomware execution window

Minute detection-to-enforcement gap without CPSDR

Why CPSDR for OT Behavioral Detection

OT environments need detection designed for machine behavior, not user behavior, and enforcement that acts before operational impact.

TXOneOperations-first

IT behavioral analytics model user behavior and break on deterministic machines. CPSDR models each machine's authorized behavior and flags the deviation that a user-baseline model cannot see.

VS

Machine Baseline, Not User Baseline