Consequence-Based Security

OT Security Built for Real-World Consequences

Assessment-ready consulting and low-friction OT tooling for visibility, risk assessment, and controlled testing without production drag, heavyweight agents, or vendor lock-in.

Request Software Access Book a Technical Call

MarlinSpike beta demand is active. Free seats are capped and fulfilled. New access requests are routed to the paid waitlist and practitioner licensing path.

Assessment-Ready / Low-Friction / Operator-Safe

What We Build For

Brownfield industrial environments where uptime, safety, and evidence matter more than polished demo dashboards.

200+ Site deployments across critical infrastructure

4,500 Field devices on a large cloud-connected industrial network

17+ yrs Industrial network architecture for control systems

-40°C to +40°C Extreme environments supported in the field

MarlinSpike demo view: asset inventory generated from a sanitized capture with classification, protocol visibility, and operator-usable context.

Why River Risk Partners Exists

Traditional IT security assumptions break down in plants, substations, mines, and remote industrial networks. River Risk applies consequence-based security so teams can act on what matters operationally.

Reality Over Theory

Brownfield-first execution

Built for existing plants, constrained networks, and mixed vendor environments instead of greenfield assumptions.

Uptime & Safety First

OT priorities stay intact

Preserve production and safety while building visibility, evidence, and response options for operators and plant leadership.

Actionable Independence

Operators keep sovereignty

Practical tooling and workflows for plant teams, assessors, and engineers who need results without heavy outside dependencies.

Software Ecosystem

MarlinSpike is the core product. Companion tools extend visibility, flow inspection, and emulation while controlled offensive testing remains restricted to vetted engagements.

View Software & Pricing Open Live Demo

Core Product

MarlinSpike

Passive OT topology mapping with Purdue level auto-classification and industrial protocol deconstruction from a single pcap. Zero external dependencies.

Single pcap Offline capable Assessment-ready IEC 62443 context

Open Live Demo Request Access

MarlinSpike dashboard showing scan progress and generated reports — **Dashboard and scan pipeline:** ingest, analyze, classify, and report workflow with report history visibility.

Companion Tooling

Prism + Artifice

OpenFlow visualization for deep inspection and a complete network emulator for planning, training, and DPI testing in controlled scenarios.

Flow analysis Network emulation Training support Planning workflows

Prism pipeline traffic sankey visualization — **Prism visualization:** pipeline and flow visuals for operator-readable analysis in companion workflows.

MarlinSpike project view with pcap upload and scan command selection — **MarlinSpike project workflow:** pcap intake, scan selection, and file management for repeated assessments.

Artifice topology editor for OT network emulation planning — **Artifice emulation:** topology editing and template-based OT environment planning.

Controlled offensive testing capability is available only through vetted inquiry and authorized consulting engagements. Public details are intentionally limited.

How MarlinSpike Works

Single pcap -> classify -> assess -> report

MarlinSpike is built to get operators and assessors to a usable outcome quickly. Start with captured traffic, generate classification context, and move into assessment-ready outputs without heavy deployment overhead.

Input

Single pcap ingest

Upload or load a packet capture from a controlled collection workflow.

Analyze

Protocol + asset classification

Extract vendor, protocol, service, and Purdue-level context from observed traffic.

Assess

Risk assessment workflows

Apply practical IEC 62443-informed assessment context in the practitioner/offline path.

Output

Report + action path

Generate outputs that support assessor decisions, remediation planning, and operator follow-through.

The live demo shows the interface and classification workflow. Practitioner and site licensing unlock the offline, assessment-ready path for real operational environments.

Open Live Demo Request Practitioner Access

Workflow Snapshots

MarlinSpike asset inventory showing classified OT assets, protocols, and service ports — **Classified asset inventory:** device, vendor, role, protocol, and service context from observed traffic.

MarlinSpike scan dashboard showing progress through ingest, analyze, classify, and report — **Pipeline status and report generation:** see where a scan sits and move from analysis into usable output.

Public Pricing for Qualified Buyers

Pricing is shown publicly to reduce noise and route serious users into the correct path: limited web access, practitioner offline licensing, or multi-site discovery.

Join Paid Waitlist

MarlinSpike Live

Web-Based Scanners

$29-$100 / month

Educational and lead-in tiers for sanitized capture uploads. No live capture, no local execution, and no assessment-ready reporting.

Basic: 50MB uploads, 10 generations / month
Pro: 200MB uploads, 10 generations / month
Power: 200MB uploads, unlimited generations (fair use)

Flagship Offline License

Practitioner License

$1,000 / year

Full offline Docker or bare metal deployment with live capture, passive mapping, protocol deconstruction, and IEC 62443 risk asset assessment workflows.

Built for field assessors, consultants, and plant engineers
No permanent production footprint required
Professional ROI vs. legacy enterprise platforms

Multi-Site Deployment

Site License

Contact Us bundled discovery

For organizations needing multi-site rollout, training, and consulting integration. Pricing is handled by discovery to scope deployment, support, and operational constraints.

Market Validation

Demand is real and visible

"Want to get my hands on this tool."

Launch momentum

Recent public release generated 140+ reactions and 31 comments from industrial security and controls practitioners. Messaging is now shifting from beta demand to paid access.

Training credibility

River Risk also validates expertise through custom OT security training delivery and published thought-leadership, including consequence-based security framing.

Fast Path

How buyers engage

Submit access request

Route to the correct tier: Live, Practitioner, Site, or consulting-led evaluation.

Technical qualification

Confirm environment, use case, and whether cloud upload restrictions require offline licensing.

Operator-safe onboarding

Deliver access path with clear boundaries, deployment guidance, and escalation support as needed.

Request Software Access See All Tiers