Software Ecosystem

Low-Friction OT Tooling Built from Field Work

MarlinSpike is the core product. Prism and Artifice extend visualization and emulation workflows. Controlled offensive testing capabilities are available only through vetted inquiry and authorized consulting engagements.

MarlinSpike

Passive OT topology mapper with Purdue level auto-classification and industrial protocol deconstruction from a single pcap. Zero external dependencies and assessment-ready outputs.

What It Solves

Immediate network visibility

Generate usable topology views quickly from packet captures without agent rollout projects.

Assessment-ready context

Support practical risk workflows, including IEC 62443-informed assessment context in the practitioner path.

Operator-safe deployment model

Cloud entry tiers for sanitized captures, plus offline professional licensing for real sites.

Why Buyers Upgrade
  • Production capture upload restrictions prevent cloud-only use
  • Live web tiers intentionally cap upload size and generations
  • Offline license enables local execution, live capture, and full reporting workflows
  • Practitioner license is priced as a professional tool, not a hobby utility
  • Discovery-led site licensing supports multi-site deployment and training bundles

MarlinSpike Interface Snapshots

Screens from the current product experience showing the asset inventory workflow, scan pipeline status, and project-based pcap processing. Shown here from demo and controlled usage contexts.

MarlinSpike asset inventory table view with OT device details, protocols, and service ports
Asset Inventory: filtered inventory output with device, vendor, Purdue level, protocol, and connection context from a single pcap.
MarlinSpike dashboard showing scan stages, running jobs, and generated reports
Scan Pipeline Dashboard: ingest, analyze, classify, and report progress with report history visibility.
MarlinSpike project view showing pcap upload, scan command selection, and file list
Project Workflow: project-scoped pcap intake and scan execution with file management for iterative analysis.

Public Pricing

Pricing is public by design to qualify buyers quickly and reduce low-fit inbound inquiries. All access requests are manually reviewed and routed through the fastest appropriate path.

MarlinSpike Live / Web-Based Scanners

Live Basic

Students and entry-level lab users.

$29 / month
  • 50MB maximum upload size
  • 10 generations per month
  • Sanitized pcap upload workflow
  • No live capture or local execution

Live Pro

Researchers and advanced home labs.

$49 / month
  • 200MB maximum upload size
  • 10 generations per month
  • Sanitized pcap upload workflow
  • No assessment-ready reporting included

Live Power

Heavy web usage on sanitized captures.

$100 / month
  • 200MB maximum upload size
  • Unlimited generations (fair use)
  • Cloud compute protected by usage policy
  • No live capture or offline runtime
Offline Professional

Practitioner License

Independent OT consultants, field assessors, and plant engineers.

$1,000 / year
  • Offline Docker or bare metal access
  • Live capture + passive topology mapping
  • Industrial protocol deconstruction
  • IEC 62443 risk asset assessment workflow
  • No permanent production footprint required

Built for professionals who need practical context to apply IEC 62443 safely and effectively on-site.

Enterprise / Multi-Site

Site License

For organizations bundling deployment, training, and consulting support.

Contact Us discovery required
  • Multi-site rollout planning
  • Operational constraint review
  • Bundled consulting and training options
  • Vetted access to restricted capability (when applicable)

Enterprise pricing is held behind discovery to scope fit, risk, and operational support needs correctly.

Companion Tools

Additional River Risk software packages used for analysis, planning, training, and internal workflows.

Prism

OpenFlow Visualization Package

Deep flow inspection and visualization to support analysis workflows where packet-level context needs to be translated into operator-usable network understanding.

Flow analysis Visualization Inspection support
Prism flow analysis pipeline view with traffic sankey visualization
Prism pipeline view: flow analysis visualization for operator-readable traffic paths and control/data separation.
Artifice

Complete Network Emulator

Supports training, network planning, and DPI testing in controlled scenarios before high-consequence changes reach production environments.

Emulation Training labs Planning & validation
Artifice topology editor showing emulated OT network configuration and template controls
Artifice topology editor: build and validate emulated industrial network layouts for planning and training workflows.
Prism 3D topology visualization mapped across Purdue levels
Prism 3D topology: layered visualization for spatial and Purdue-style network context.
Artifice traffic configuration interface showing protocol weights and simulated flow setup
Artifice traffic modeling: tune protocol mix and flow weights for training, DPI, and validation scenarios.
Restricted Capability

Controlled Offensive Testing (Inquiry Only)

River Risk supports vetted offensive testing workflows for authorized environments. Tool and exploit platform details are intentionally kept behind an inquiry wall.

Authorized testing only. Access is vetted and restricted to approved use cases and customer-controlled environments.
Fast Qualification

What to include in your request

  • Role and organization type (asset owner, consultant, researcher)
  • Target license path (Live, Practitioner, Site)
  • Offline requirements or cloud-upload restrictions
  • Deployment timeline and number of users/sites
  • Need for training, assessments, or consulting support