Physical infrastructure and hardware is increasingly being connected to the internet – and this is introducing virtual vulnerabilities.

Exalens believes that traditional security controls and vulnerability management tools aren’t enough to protect manufacturing companies from attacks that could cause safety issues or affect a long supply chain.

At the same time, SME manufacturers struggle to afford the tools and expertise that would enable them to detect and respond to threats. Existing tools tend to be expensive and aren’t tailored to the environment an SME is operating in.

On top of this, Exalens believes that security often takes a backseat in manufacturing because it’s seen as something that creates delays.

“The SME market is hugely under-served but, because of digital transformation, they are also starting to face the problems enterprise IT have been dealing with such as phishing and ransomware”

– Dr Ryan Heartfield, head of cybersecurity research and innovation, Exalens

Exalens’ Digital Companion acts as a virtual in-house security analyst that’s able to sense, track and respond to cyber-physical threats automatically and integrate into an SME’s unique environment.

It can automatically spot infected endpoints, secure them and let operational engineers know about the threat before it becomes a safety incident.

Since most SMEs won’t have their own security analyst, Exalens has codified and automated the workflows an analyst would use. Its aim is to make this level of protection as easy for SME manufacturers to use as most consumer-facing antivirus solutions.

The startup doesn’t believe there can be a silver bullet in cyber and isn’t boxed in to a static, rigid architecture. Instead, its threat fabric automatically and dynamically stitches together different threat detection and response workflows. It uses a combination of algorithms, heuristics and machine learning techniques based on the type of behaviour a system is exhibiting.

For example, if machine learning is required to help define an aspect of threat behaviour, it will be used. But if a rule is sufficient to capture the right information, it might not be.

Founded by a team of cybersecurity researchers in 2015, the startup has fuelled its growth with over EUR 4m in European grant funding.


Exalens is keen to tailor and iterate its minimum viable product based on insights from the NCSC into cybersecurity breaches in industrial control systems.

The startup wants to connect with stakeholders in the industry to validate its technology. It would also benefit from the NCSC reviewing its technology and
advising on:

• how it can achieve a close product-market fit
• whether a feature is scalable
• what aspects of threat detection it should prioritise

“We don’t want to launch an amorphous technology beast onto the market, we want to test each feature, get feedback and tailor as we go along”

– Dr Ryan Heartfield, head of cybersecurity research and innovation, Exalens