Product Threat Intelligence Providers: 5 companies compared
Companies that provide threat intelligence focused on specific products, rather than general enterprise or network threat intelligence. This covers vulnerability intelligence tailored to a manufacturer's own tech stack, software…
Quick comparison
All product threat intelligence providers companies side by side, alphabetical.
| company | Founded | Engagement | Specialism | Standards / accreditations |
|---|---|---|---|---|
| Finite State | — | Not publicly disclosed | Manufacturers of connected devices across IoT, automotive, medical, and industrial sector… | — |
| Medcrypt | — | Not publicly disclosed | Medical device manufacturers needing to meet FDA and EU MDR cybersecurity requirements wi… | — |
| PCA Cyber Security | 2019 | Project-based engagements | Payment-device makers and operators wanting offensive, real-world security testing of ter… | — |
| Upstream Security | 2017 | Subscription (custom) | OEMs and fleet operators that want cloud-scale detection, response, and a managed Vehicle… | ISO/SAE 21434UNECE R155UNECE R156 |
| VicOne | 2022 | Subscription (custom) | OEMs and suppliers wanting a broad, lifecycle automotive security portfolio backed by an… | ISO/SAE 21434UNECE R155Automotive SPICE (ASPICE) Level 2 |
Finite State
Product Threat IntelligenceManufacturers of connected devices across IoT, automotive, medical, and industrial sectors needing firmware-level vulnerability and exploit intelligence tied to compliance evidence.
Finite State positions itself as the "Product Security OS for Connected Devices," analyzing firmware, binaries, and source code to generate SBOMs, identify vulnerabilities, and produce compliance evidence, embedded directly into release workflows. Its threat intelligence capability centers on exploitability-based prioritization and execution-aware reachability analysis, aimed at cutting through vulnerability noise to surface findings that are actually reachable and exploitable. It covers IoT and embedded systems, automotive and connected vehicles, medical devices, industrial control systems, and energy and utilities infrastructure, and supports EU Cyber Resilience Act, FDA, and NIST compliance frameworks.
Medcrypt
Product Threat IntelligenceMedical device manufacturers needing to meet FDA and EU MDR cybersecurity requirements with product-specific security intelligence.
Medcrypt provides a Product Security Intelligence Platform built specifically for medical device manufacturers. It benchmarks a manufacturer's cybersecurity processes against internal business units and industry peers, translates technical vulnerabilities into financial risk to prioritize mitigation, and provides SBOM validation and monitoring, vulnerability management, threat modeling, and cryptography and PKI analysis. It is positioned around FDA, EU MDR, and Health Canada compliance requirements rather than general enterprise security.
PCA Cyber Security
Payment Device Security TestingPayment-device makers and operators wanting offensive, real-world security testing of terminals beyond baseline PCI PTS certification
PCA Cyber Security is a Munich-based penetration-testing and security-research firm with a dedicated payment-device practice. It performs real-world security testing of payment terminals, PIN pads, unattended and self-service terminals, and fuel-pump and EV-charging payment systems, testing beyond PCI PTS certification to find vulnerabilities even in approved devices. PCA became a PCI SSC Associate Participating Organisation in 2026 and also runs a strong automotive and embedded security practice.
Upstream Security
Automotive CybersecurityOEMs and fleet operators that want cloud-scale detection, response, and a managed Vehicle SOC for connected fleets
Upstream Security operates a cloud-native, agentless AI platform purpose-built for connected vehicles and mobility IoT. It ingests telematics, OTA, diagnostic, and dealership data to deliver cybersecurity detection and response (V-XDR), automotive threat intelligence, and data-driven applications. Upstream pairs its platform with a managed 24/7 Vehicle Security Operations Center and monitors tens of millions of vehicles, making it one of the largest-scale players in connected-vehicle security. Because it works server-side without in-vehicle agents, it is typically deployed alongside embedded ECU protection rather than replacing it.
VicOne
Automotive CybersecurityOEMs and suppliers wanting a broad, lifecycle automotive security portfolio backed by an established cybersecurity parent
VicOne is a wholly-owned subsidiary of Trend Micro dedicated exclusively to automotive cybersecurity for connected and electric vehicles. It leverages Trend Micro's 30-plus years of security expertise and the Zero Day Initiative's vulnerability research network. The same program behind Pwn2Own Automotive. To give OEMs and suppliers lifecycle protection from development and production through in-vehicle operation. Its portfolio covers an in-vehicle IDPS, a managed VSOC, threat intelligence, SBOM and vulnerability management, and penetration testing services.
Related guides
Other categories you might be evaluating alongside product threat intelligence providers.
About this listing
Product Threat Intelligence Providers companies, listed alphabetically and compared on public information. How we work →