Product Threat Intelligence Providers: 5 companies compared

Companies that provide threat intelligence focused on specific products, rather than general enterprise or network threat intelligence. This covers vulnerability intelligence tailored to a manufacturer's own tech stack, software…

5 companies

Quick comparison

All product threat intelligence providers companies side by side, alphabetical.

companyFoundedEngagementSpecialismStandards / accreditations
Finite StateNot publicly disclosedManufacturers of connected devices across IoT, automotive, medical, and industrial sector…
MedcryptNot publicly disclosedMedical device manufacturers needing to meet FDA and EU MDR cybersecurity requirements wi…
PCA Cyber Security2019Project-based engagementsPayment-device makers and operators wanting offensive, real-world security testing of ter…
Upstream Security2017Subscription (custom)OEMs and fleet operators that want cloud-scale detection, response, and a managed Vehicle…ISO/SAE 21434UNECE R155UNECE R156
VicOne2022Subscription (custom)OEMs and suppliers wanting a broad, lifecycle automotive security portfolio backed by an…ISO/SAE 21434UNECE R155Automotive SPICE (ASPICE) Level 2

Finite State

Product Threat Intelligence
Best fit for

Manufacturers of connected devices across IoT, automotive, medical, and industrial sectors needing firmware-level vulnerability and exploit intelligence tied to compliance evidence.

Finite State positions itself as the "Product Security OS for Connected Devices," analyzing firmware, binaries, and source code to generate SBOMs, identify vulnerabilities, and produce compliance evidence, embedded directly into release workflows. Its threat intelligence capability centers on exploitability-based prioritization and execution-aware reachability analysis, aimed at cutting through vulnerability noise to surface findings that are actually reachable and exploitable. It covers IoT and embedded systems, automotive and connected vehicles, medical devices, industrial control systems, and energy and utilities infrastructure, and supports EU Cyber Resilience Act, FDA, and NIST compliance frameworks.

Engagement

Not publicly disclosed

Medcrypt

Product Threat Intelligence
Best fit for

Medical device manufacturers needing to meet FDA and EU MDR cybersecurity requirements with product-specific security intelligence.

Medcrypt provides a Product Security Intelligence Platform built specifically for medical device manufacturers. It benchmarks a manufacturer's cybersecurity processes against internal business units and industry peers, translates technical vulnerabilities into financial risk to prioritize mitigation, and provides SBOM validation and monitoring, vulnerability management, threat modeling, and cryptography and PKI analysis. It is positioned around FDA, EU MDR, and Health Canada compliance requirements rather than general enterprise security.

Engagement

Not publicly disclosed

PCA Cyber Security

Payment Device Security Testing
Best fit for

Payment-device makers and operators wanting offensive, real-world security testing of terminals beyond baseline PCI PTS certification

PCA Cyber Security is a Munich-based penetration-testing and security-research firm with a dedicated payment-device practice. It performs real-world security testing of payment terminals, PIN pads, unattended and self-service terminals, and fuel-pump and EV-charging payment systems, testing beyond PCI PTS certification to find vulnerabilities even in approved devices. PCA became a PCI SSC Associate Participating Organisation in 2026 and also runs a strong automotive and embedded security practice.

Founded

2019

Engagement

Project-based engagements

Upstream Security

Automotive Cybersecurity
Best fit for

OEMs and fleet operators that want cloud-scale detection, response, and a managed Vehicle SOC for connected fleets

Upstream Security operates a cloud-native, agentless AI platform purpose-built for connected vehicles and mobility IoT. It ingests telematics, OTA, diagnostic, and dealership data to deliver cybersecurity detection and response (V-XDR), automotive threat intelligence, and data-driven applications. Upstream pairs its platform with a managed 24/7 Vehicle Security Operations Center and monitors tens of millions of vehicles, making it one of the largest-scale players in connected-vehicle security. Because it works server-side without in-vehicle agents, it is typically deployed alongside embedded ECU protection rather than replacing it.

Founded

2017

Engagement

Subscription (custom)

Standards & accreditations

ISO/SAE 21434UNECE R155UNECE R156

VicOne

Automotive Cybersecurity
Best fit for

OEMs and suppliers wanting a broad, lifecycle automotive security portfolio backed by an established cybersecurity parent

VicOne is a wholly-owned subsidiary of Trend Micro dedicated exclusively to automotive cybersecurity for connected and electric vehicles. It leverages Trend Micro's 30-plus years of security expertise and the Zero Day Initiative's vulnerability research network. The same program behind Pwn2Own Automotive. To give OEMs and suppliers lifecycle protection from development and production through in-vehicle operation. Its portfolio covers an in-vehicle IDPS, a managed VSOC, threat intelligence, SBOM and vulnerability management, and penetration testing services.

Founded

2022

Engagement

Subscription (custom)

Standards & accreditations

ISO/SAE 21434UNECE R155Automotive SPICE (ASPICE) Level 2TISAX Assessment Level 3

Related guides

Other categories you might be evaluating alongside product threat intelligence providers.

About this listing

Product Threat Intelligence Providers companies, listed alphabetically and compared on public information. How we work →

Frequently Asked Questions

Product threat intelligence is threat intelligence focused on a specific product or device line, rather than an organization's general network or enterprise environment. It typically covers vulnerabilities in a product's own software and hardware composition, supply chain risk via software composition analysis and SBOM validation, and monitoring for attack techniques and fraud trends targeting that product category, such as payment terminals or vehicle systems.

Enterprise threat intelligence tracks threats to an organization's networks, endpoints, and users, such as phishing campaigns or ransomware groups. Product threat intelligence instead tracks threats to a manufacturer's actual product: vulnerabilities in its firmware or software stack, supply chain components, and attack techniques specifically aimed at that device or product category.