WHO TRUSTS US?!

A connected machine can be high-performance and still have a blind spot.

Without visibility and traceability at the digital layer, cybersecurity remains reactive. Product trust is harder to defend. The CRA now makes this a formal requirement and a market differentiator.

Connected machines carry a new responsibility

Scandinavian manufacturers have a strong reputation for reliability. Connectivity adds a digital layer that must be designed, monitored, and documented, or it becomes a product weakness.

CRA enforcement is active and rising

Nordic CRA searches are rising fast, 1,000–5,000/month for "CRA compliance manufacturing IoT" driven by active enforcement. Customers in regulated sectors ask for evidence before signing.

Lifecycle quality now includes digital resilience

CRA requires manufacturers to support, patch, and document products for a minimum of five years. Without a system for managing this, lifecycle commitments become a compliance liability.

Cybersecurity as part of lifecycle quality IS not a separate afterthought.

Logbot mactool

Machine & Installation Risk Assessment

For engineering teams who want to make digital risk visible, documentable, and operationally credible, not just a policy document.
  • Guided IEC 62443-3-2 risk assessment, structured, repeatable
  • Visual zone & conduit architecture editor
  • Automated technical file and audit documentation
  • On-premise, no cloud exposure of sensitive architecture data
  • Reusable across machine variants and product families
Book Now
logbot protool

Product Security Lifecycle Management

For Nordic product development teams who want to embed responsible security into their product from design through end-of-life.
  • Local AI threat modelling, no data leaves your environment
  • SBOM generation and continuous vulnerability monitoring
  • Five-year lifecycle security commitment documentation
  • CRA vulnerability reporting workflow (Art. 13)
  • Integrates with existing product development processes
Book Now



Let's review your machine's digital lifecycle together.

Logbot will assess your connected machine portfolio against CRA requirements and show you how to build cybersecurity into your product quality story, sustainably and in-house.
CRM form will load here

FAQ

What is MACTool?

MACTool is the tool dedicated to cyber risk analysis in IACS, machine, and plant environments. It allows you to define the System Under Consideration, manage perimeter, assumptions, and dependencies, build the inventory of hardware and software assets, model interfaces and data flows, document zoning and conduits, and set up the risk assessment with related justification for the Security Level.

> What activities does it specifically cover?

MACTool covers the key activities of the OT cyber assessment process: analysis scope, asset inventory, interfaces, data flows, zoning and conduits, threat and impact assessment, initial and residual risk definition, gap analysis, and mitigation plan. In practice, it helps transform a complex assessment into a structured, traceable, and reusable process.

What regulations does it help meet?

MACTool directly covers the work required for IEC 62443-3-2 and IEC 62443-3-3, i.e., the machine/plant/IACS system level: zoning and conduits, risk assessment, security level definition and justification, gap analysis, and remediation.

For CRA and the New Machinery Regulation, MACTool is very useful because it produces and organises the technical evidence, risk structure, and documentation needed to support the machine's compliance process.

For NIST, MACTool is an excellent operational foundation for Identify, Protect, and risk management activities, thanks to the management of assets, perimeter, scenarios, gaps, and mitigations.

> How does risk assessment work with MACTool?

The methodology is consistent with IEC 62443-3-2 and includes: definition of the SUC and assumptions, identification of threats and scenarios, assessment of impacts and probabilities with a 4x5 risk matrix, determination of initial and residual risk, treatment via gap analysis and mitigations on the 62443-3-3 control matrix. Outputs include a scenario log, risk matrix, decisions, and rationale.

> How are Security Levels defined?

MACTool allows you to document both the Security Level Target, defined by zone or conduit based on scenarios and risk, and the Security Level Achieved, tracked through met requirements, tests, configurations, reports, and collected evidence. This provides the client with a clear view of open gaps and associated remediation actions.

> What outputs does it produce?

MACTool generates PDF reports and structured extracts; it also produces asset inventories in JSON and CSV formats, and machine reports in Markdown, PDF, and HTML. This makes it easier to share data with non-technical stakeholders and for operational reuse by engineering, OT, and compliance teams.

> Where does the data reside?

In the standard configuration, the project and repository reside on-premises on the customer's system. Configurable versioning and audit trail policies with JSON export are also available, allowing for in-house control, traceability, and governance of the project.

> Is the data still portable?

Yes, you can export to open text formats such as JSON, Markdown, CSV, and HTML. You can also export project data and export each complete project while maintaining its logical reference. This reduces the risk of lock-in and ensures continuity of work over time.

> Does the customer retain control of the data?

Yes, the customer retains ownership of the data, models, and configurations, and the data remains solely on-prem in the described configuration. This is an important point for those working with sensitive machine, plant, and OT architecture information.

> Is it suitable for multiple machines or product group?

Yes, a "project" is defined as a product line or family of machines containing multiple releases, and releases are not counted as separate projects. Growth paths to higher tiers and multi-PC configurations are also provided, so as to naturally accompany the expansion of the scope.

> Is initial training provided?

Yes. Training sessions and workshops are planned with materials such as slides, quick-starts, and operational templates. Objectives include understanding the regulatory context, applying IEC 62443, understanding IT/OT critical issues, and designing a technically effective security program.
We use cookies
Cookie preferences
Below you may find information about the purposes for which we and our partners use cookies and process data. You can exercise your preferences for processing, and/or see details on our partners' websites.
Analytical cookies Disable all
Functional cookies
Other cookies
Accetto i Termini d'uso Learn more about our cookie policy.
Accept all Decline all Change preferences
Cookies