Insights, updates, and practical takeaways for teams managing infrastructure, operations, and critical systems.
Welcome to the inaugural edition of the VigilantGrid Newsletter.
We’re launching this newsletter to keep you connected with the latest developments, practical updates, and platform enhancements that matter to your work.
In this first edition, we’re spotlighting new capabilities, recent improvements, and a few things we think are worth your time. Let’s get into it.
Meet Theia – Your AI Powered Assistant
We are proud to introduce VigilantGrid’s own Generative AI, Theia. Named after the Greek goddess of divine sight and brilliance, Theia is meant to be your intelligent assistant- helping you make sense of your data, understand your devices on the go, and gain clearer insight into your network and operations.
In its current state Theia offers two core services: a general-use assistant and a device-specific feature.
The device-specific option allows you to instantly access detailed information about an asset in the field — without digging through manuals or documentation.
As Theia enters beta testing, we would like to invite you to help shape what Theia becomes. Every interaction contributes to refining and expanding its capabilities — making Theia smarter, more useful, and better aligned with the real needs of our users.
Gain Critical Weather Insights with VigilantGrid
We’re excited to share a new capability we’ve added—real-time weather data! This feature is all about helping you stay one step ahead by improving situational awareness and response. With proactive weather monitoring, you’ll be better equipped to protect grid resilience and keep critical infrastructure safe.
For example – let’s say a severe thunderstorm is heading towards a substation, you can switch to the Base Reflectivity Radar layer to visually track the storm’s intensity and movement in real time. This allows you to make informed decisions—like preparing crews or delaying field work.
There are plenty of additional weather layers to explore. Curious? Just log in to your Vigilant Grid instance to check them out! I think the lighting overlay is quite useful, what do you think?
PCAP, Upgraded – Out with the Old, In with the New
We’re excited to introduce a smarter, more flexible way to analyze PCAP files in their entirety.
You’re in control — choose exactly what endpoint you want to analyze from the network map and narrow it down to specific IP addresses and timeframes using the added capability of crafting your own BPF (Berkley Packet Filter).
The best part, you can use any PCAP file analyzer you prefer. VigilantGrid streamlines the process, generating the file instantly for you to download and review.
Volt Typhoon recently breached the Littleton Electric Light and Water Department (LELWD) — through a server in their enterprise environment and pivoting to their OT environment, highlighting just how vulnerable critical infrastructure can be to advanced and state-sponsored cyber threats*.
If you’re not familiar, Volt Typhoon is a cyber espionage group linked to the Chinese government. They’re known for targeting U.S. infrastructure using stealthy, low-profile techniques that often go unnoticed such as using legitimate credentials and living off the land tactics to evade detection.
In this case, the group maintained undetected access to LELWD’s systems for over 300 days, collecting operational data and mapping out the layout of the electric grid. They were discovered through their C2 infrastructure which included communications from within the network out to a Public IP.
So how could have VigilantGrid have helped?
Three of Vigilant Grids core components can help you discover a threat actor such as Volt Typhoon in your environment.
- VGs beaconing alerts in the collector – The collector module continuously monitors network traffic for signs of beaconing – small, repeated messages often used by hackers to stay connected to infected systems. When this behavior is evident, VigilantGrid has the ability to alert the team so they can take a closer look.
- Public IP communication badges in the network map – The Network Map shows who is talking to who across your systems. It highlights any communication with public IP addresses, including ones that are unusual or unexpected.
- The ability to get a PCAP file from the communication in question – Once a suspicious communication is identified, VigilantGrid provides the capability to retrieve the associated PCAP file. This enables deep packet-level inspection of the traffic where you can analyze the data and understand if there is anything suspicious going on.
* Montalbano, Elizabeth. “Volt Typhoon Strikes Massachusetts Power Utility.” Dark Reading, 12 Mar. 2025, https://www.darkreading.com/cyberattacks-data-breaches/volt-typhoon-strikes-massachusetts-power-utility
You’re monitoring a network when you notice this traffic pattern: One device is sending out small packets at precisely regular intervals, the destination is a single public IP and the total bandwidth used is minimal, but the communication never stops.
What kind of threat behavior might this indicate?
A) DDoS Attack
B) Beaconing
C) Broadcast Storm
D) Port Scanning
Stay Tuned- the answer will be revealed in our next newsletter!