EN / DE
Screen preview —
◉ CYJAN · IDS · SENTRY MODE
FOR OT NETWORKS · 2025
CYJAN® SENTRY MODE

Next-Generation
OT Network Protection.

Passive Intrusion Detection · real-time anomaly detection · OT/ICS protocol analysis — built for critical infrastructure, manufacturing plants, and essential utility networks.

PROTECT DETECT RESPOND
PROJECT BROCHURE · EN · 2025
CYJAN · SENTRY MODE
PAGE 02 · OVERVIEW & FEATURES
01 · Passive Network Monitoring

Intrusion detection for industrial control networks — fully passive.

CYJAN Sentry Mode is a highly specialised Intrusion Detection System for OT/ICS environments. The system runs fully passive — without interfering with running processes — and detects threats, anomalies, and unauthorised access in real time. Designed for critical infrastructure, manufacturing plants, and essential utility networks.

FEAT

Integrated Functions & Features

Passive, non-invasive network monitoring
Real-time intrusion detection
Multi-stage cognitive anomaly detection
OT/ICS protocol analysis (PROFINET, Modbus, S7)
Asset discovery & inventory
Behaviour-based baseline analysis
Integration: SIEM / SOC / MSSP
Deep packet inspection for OT protocols
Detection of zero-day attack patterns
Hardened Linux OS — tamper-resistant
Throughput up to 1 Gbps (peak)
2× mirror / SPAN port support
Encrypted communication (SNMPv3, TLS)
Compliance-ready alert management
CORE

CYJAN Sentry Mode — Core Capabilities

MODULE · 01

Threat Intelligence Engine

  • Continuous signature updates against known ICS/SCADA attack vectors
  • Correlation of network events across segments and time zones
  • Detection of lateral movement, credential harvesting, and C2 communication
MODULE · 02

OT Protocol Analysis

  • Native support: EtherCAT, BACnet, PROFINET, Modbus TCP, S7Comm, DNP3
  • Detection of illegitimate commands and value changes in control protocols
  • Session reconstruction and forensic PCAP capture
MODULE · 03

Management & Analysis Console (MAC)

  • Graphical network topology with real-time threat visualisation
  • Risk classification per CVSS and IEC 62443
  • Alert delivery via SMTP, SFTP, REST, Syslog, OPC UA DA, dry contact
  • Automated audit reports for BSI Baseline Protection, NIS2, ISO 27001
DEPL

Deployment Sectors

Energy & Utilities
Manufacturing & Production
Water & Wastewater
Transport & Logistics
CYJAN SENTRY MODE · OPEN-SOURCE PROJECT
02 / 04
CYJAN · SENTRY MODE
PAGE 03 · TECHNICAL DATA
02 · Specifications

Industrial appliance
for 24/7 operation in harsh environments.

4× 1GbE 2× SFP USB · HDMI · Serial CYJAN SENTRY · 1HE 445 × 44 × 280 mm · 3.2 kg · fanless
THROUGHPUT1 Gbps peak / port
PORTS4× RJ45 · 2× SFP
TEMP−20 … +70 °C
RATINGIP20 (IP40/65 opt.)
POWERmax. 45 W
VOLTAGE12–48 V DC · 100–240 V AC
Form factor Industrial appliance · fanless · 19″ rack / DIN rail
Dimensions & weight 445 × 44 × 280 mm (1 U) · 3.2 kg
Power input DC 12 V–48 V / AC 100–240 V (redundant optional)
Power draw max. 45 W
Ingress rating IP20 (IP40 / IP65 on request)
Temperature Operating −20 … +70 °C · Storage −20 … +70 °C
Humidity 10–90 % rel. RH, non-condensing
Ethernet ports 4× 1 GbE RJ45 (1× management · 3× monitor/SPAN)
Other interfaces 2× SFP · 2× USB 3.0 · 1× HDMI · 2× serial
Max. throughput 1 Gbps per port (peak)
Alerting SMTP · SFTP · REST API · Syslog · OPC UA DA · dry contact (opt.)
Export formats PCAP · CSV · XLSX · PDF · ODT · XML · CRYPTED
Communication HTTPS · SFTP · SSH · SNMPv3 · NTP · IRMA® Guard-compatible
Analysed protocols EtherCAT · BACnet · PROFINET · Modbus TCP · S7Comm · DNP3 · IEC 104 (complete list on request)
CYJAN SENTRY MODE · OPEN-SOURCE PROJECT
03 / 04
CYJAN · SENTRY MODE
PAGE 04 · REFERENCE SETUP & CONTACT
03 · Recommendations

Reference setup
& hardware sizing.

BUILD

Recommended build

  • Sentry appliance (fanless 1U server or DIN-rail PC with equivalent I/O)
  • EU power cord, 4× Cat6 RJ45 patch cables (1.5 m) for mirror / SPAN ports
  • Optional: potential-free contacts (4× 30 V / 2 A), LTE module, redundant PSU
SIZE

Hardware sizing

SMALL
Small to mid-size OT networks, single site
up to 250 assets
MEDIUM
Mid-size production environments, several lines
up to 500 assets
LARGE
Larger critical-infrastructure or multi-site deployments
up to 1,000 assets
Special environments (Ex-rated, marine, vibration-resistant) are doable in principle — I'm happy to discuss hardware choices, tuning, and integration directly per project via email.
◉ CONTACT
CYJAN IDS — open-source project
Maintained by Jan Kaluza · Hamburg Metropolitan Region, Germany
[email protected] · www.cyjan.dev
CYJAN SENTRY MODE · [email protected] · www.cyjan.dev
04 / 04