OT & IT Convergence: Defending the Industrial Attack Surface in 2025

In 2025, the boundary between IT and operational technology (OT) is more porous than ever. What once were siloed environments are now deeply intertwined—creating new opportunities for efficiency, but also a vastly expanded attack surface. For industrial, manufacturing, energy, and critical infrastructure operators, the stakes are high: disruption in OT is real-world damage, not just data loss.

PLC

This article lays out the problem space, dissecting how adversaries move, where visibility fails, and what defense strategies are maturing in this fraught environment.


The Convergence Imperative — and Its Risks

What Is IT/OT Convergence?

IT/OT convergence is the process of integrating information systems (e.g. ERP, MES, analytics, control dashboards) with OT systems (e.g. SCADA, DCS, PLCs, RTUs). The goal: unify data flows, enable predictive maintenance, real-time monitoring, control logic feedback loops, operational analytics, and better asset management.

Yet, as IT and OT merge, their worlds’ assumptions—availability, safety, patch cycles, threat models—collide. OT demands always-on control; IT is optimized for data confidentiality and dynamic architecture. Bridging the two without opening the gates to compromise is the core challenge.

Why 2025 Is Different (and Dangerous)

  • Attacks are physical now. The 2025 Waterfall Threat Report shows a dramatic rise in attacks with physical consequences—shut-downs, equipment damage, lost output. Waterfall Security Solutions

  • Ransomware and state actors converge on OT. OT environments are now a primary target for adversaries aiming for disruption, not just data theft. zeronetworks.com+2Industrial Cyber+2

  • Device proliferation, blind spots. The explosion of IIoT/OT-connected sensors and actuators means incremental exposures mount. Nexus+2IAEE+2

  • Legacy systems with little guardrails. Many OT systems were never built with security in mind; patching is difficult or impossible. SSH+2Industrial Cyber+2

  • Stronger regulation and visibility demands. Critical infrastructure sectors face growing pressure—and liability—for cyber resilience. Honeywell+2Fortinet+2

  • Maturing defenders. Some organizations are already reducing attack frequency through segmentation, threat intelligence, and leadership-driven strategies. Fortinet


Attack Flow: From IT to OT — How the Adversary Moves

Understanding attacker paths is key to defending the convergence.

  1. Initial foothold in IT. Phishing, vulnerabilities, supply chain, remote access are typical vectors.

  2. Lateral movement toward bridging zones. Jump servers, VPNs, misconfigured proxies, flat networks let attackers pivot. Industrial Cyber+2zeronetworks.com+2

  3. Transit through DMZ / industrial demilitarized zones. Poorly controlled conduits allow protocol bridging, data transfer, or command injection. iotsecurityinstitute.com+2Palo Alto Networks+2

  4. Exploit OT protocols and logic. Once in the OT zone, attackers abuse weak or proprietary protocols (Modbus, EtherNet/IP, S7, etc.), manipulate command logic, disable safety interlocks. arXiv+2iotsecurityinstitute.com+2

  5. Physical disruption or sabotage. Alter sensor thresholds, open valves, shut down systems, or destroy equipment.

Because OT environments often have weaker monitoring and fewer detection controls, malicious actions may go unnoticed until damage occurs.


The Visibility & Inventory Gap

You can’t protect what you can’t see.

  • Publicly exposed OT devices number in the tens of thousands globally—many running legacy firmware with known critical vulnerabilities. arXiv

  • Some organizations report only minimal visibility into OT activity within central security operations. Nasstar

  • Legacy or proprietary protocols (e.g. serial, Modbus, nonstandard encodings) resist detection by standard IT tools.

  • Asset inventories are often stale, manual, or incomplete.

  • Patch lifecycle data, firmware versions, configuration drift are poorly tracked in OT systems.

Bridging that visibility gap is a precondition for any robust defense in the converged world.


Architectural Controls: Segmentation, Microperimeters & Zero Trust for OT

You must treat OT not as a static, trusted zone but as a layered, zero-trust-aware domain.

1. Zone & Conduit Model

Apply segmentation by functional zones (process control, supervisory, DMZ, enterprise) and use controlled conduits for traffic. This limits blast radius. iotsecurityinstitute.com+2Palo Alto Networks+2

2. Microperimeters & Microsegmentation

Within a zone, restrict east-west traffic. Only permit communications justified by policy and process. Use software-defined controls or enforcement at gateway devices.

3. Zero Trust Principles for OT

  • Least privilege access: Human, service, and device accounts should only have the rights they need to perform tasks. iotsecurityinstitute.com+1

  • Continuous verification: Authenticate and revalidate sessions, devices, and commands.

  • Context-based access: Enforce access based on time, behavior, process state, operational context.

  • Secure access overlays: Replace jump boxes and VPNs with secure, isolated access conduits that broker access rather than exposing direct paths. Industrial Cyber+1

4. Isolation & Filtering of Protocols

Deep understanding of OT protocols is required to permit or deny specific commands or fields. Use protocol-aware firewalls or DPI (deep packet inspection) for industrial protocols.

5. Redundancy & Fail-Safe Paths

Architect fallback paths and redundancy such that the failure of a security component doesn’t cascade into OT downtime.


Detection & Response in OT Environments

Because OT environments are often low-change, anomaly-based detection is especially valuable.

Anomaly & Behavioral Monitoring

Use models of normal process behavior, network traffic baselines, and device state transitions to detect deviations. This approach catches zero-days and novel attacks that signature tools miss. Nozomi Networks+2zeronetworks.com+2

Protocol-Aware Monitoring

Deep inspection of industrial protocols (Modbus, DNP3, EtherNet/IP, S7) lets you detect invalid or dangerous commands (e.g. disabling PLC logic, spoofing commands).

Hybrid IT/OT SOCs & Playbooks

Forging a unified operations center that spans IT and OT (or tightly coordinates) is vital. Incident playbooks should understand process impact, safe rollback paths, and physical fallback strategies.

Response & Containment

  • Quarantine zones or devices quickly.

  • Use “safe shutdown” logic rather than blunt kill switches.

  • Leverage automated rollback or fail-safe states.

  • Ensure forensic capture of device commands and logs for post-mortem.


Patch, Maintenance & Change in OT Environments

Patching is thorny in OT—disrupting uptime or control logic can have dire consequences. But ignoring vulnerabilities is not viable either.

Risk-Based Patch Prioritization

Prioritize based on:

  1. Criticality of the device (safety, control, reliability).

  2. Exposure (whether reachable from IT or remote networks).

  3. Known exploitability and threat context.

Scheduled Windows & Safe Rollouts

Use maintenance windows, laboratory testing, staged rollouts, and fallback plans to apply patches in controlled fashion.

Virtual Patching / Compensating Controls

Where direct patching is impractical, employ compensating controls—firewall rules, filtering, command-level controls, or wrappers that mediate traffic.

Vendor Coordination & Secure Updates

Work with vendors for safe update mechanisms, integrity verification, rollback capability, and cryptographic signing of firmware.

Configuration Lockdown & Hardening

Disable unused services, remove default accounts, enforce least privilege controls, and lock down configuration interfaces. Industrial Cyber


Operating in Hybrid Environments: Best Practices & Pitfalls

  • Journeys, not Big Bangs. Start with a pilot cell or site; mature gradually.

  • Cross-domain teams. Build integrated IT/OT guardrails teams; train OT engineers with security awareness and IT folk with process sensitivity. iotsecurityinstitute.com+2Secomea+2

  • Change management & governance. Formal processes must span both domains, with risk acceptance, escalation, and rollback capabilities.

  • Security debt awareness. Legacy systems will always exist; plan compensating controls, migration paths, or compensating wrappers.

  • Simulation & digital twins. Use testbeds or digital twins to validate security changes before deployment.

  • Supply chain & third-party access. Strong control over third-party remote access is essential—no direct device access unless brokered and constrained. Industrial Cyber+2zeronetworks.com+2


Governance, Compliance & Regulatory Alignment

  • Map your security controls to frameworks such as ISA/IEC 62443NIST SP 800‑82, and relevant national ICS/OT guidelines. iotsecurityinstitute.com+2Tenable®+2

  • Develop risk governance that includes process safety, availability, and cybersecurity in tandem.

  • Align with critical infrastructure regulation (e.g. NIS2 in Europe, SEC cyber rules, local ICS/OT mandates). Honeywell+1

  • Build executive visibility and metrics (mean time to containment, blast radius, safety impact) to support prioritization.


Roadmap: From Zero → Maturity

Here’s a rough maturation path you might use:

Phase Focus Key Activities
Pilot / Awareness Reduce risk in one zone Map asset inventory, segment pilot cell, deploy detection sensors
Hardening & Control Extend structural defenses Enforce microperimeters, apply least privilege, protocol filtering
Detection & Response Build visibility & control Anomaly detection, OT-aware monitoring, SOC integration
Patching & Maintenance Improve security hygiene Risk-based patching, vendor collaboration, configuration lockdown
Scale & Governance Expand and formalize Extend to all zones, incident playbooks, governance models, metrics, compliance
Continuous Optimization Adapt & refine Threat intelligence feedback, lessons learned, iterative improvements

Start small, show value, then scale incrementally—don’t try to boil the ocean in one leap.


Use Case Scenarios

  1. Remote Maintenance Abuse
    A vendor’s remote access via a jump host is compromised. The attacker uses that jump host to send commands to PLCs via an unfiltered conduit, shutting down a production line.

  2. Logic Tampering via Protocol Abuse
    An attacker intercepts commands over EtherNet/IP and alters setpoints on a pressure sensor—causing shock pressure and damaging equipment before operators notice.

  3. Firmware Exploit on Legacy Device
    A field RTU is running firmware with a known remote vulnerability. The attacker exploits that, gains control, and uses it as a pivot point deeper into OT.

  4. Lateral Movement from IT
    A phishing campaign generates a foothold on IT. The attacker escalates privileges, accesses the central historian, and from there reaches into OT DMZ and onward.

Each scenario highlights the need for segmentation, detection, and disciplined control at each boundary.


Checklist & Practical Guidance

  • ⚙️ Inventory & visibility: Map all OT/IIoT devices, asset data, communications, and protocols.

  • 🔒 Zone & micro‑segment: Enforce strict controls around process, supervisory, and enterprise connectivity.

  • ✅ Least privilege and zero trust: Limit access to the minimal set of rights, revalidate often.

  • 📡 Protocol filtering: Use deep packet inspection to validate or block unsafe commands.

  • 💡 Anomaly detection: Use behavioral models, baselining, and alerts on deviations.

  • 🛠 Patching strategy: Risk-based prioritization, scheduled windows, fallback planning.

  • 🧷 Hardening & configuration control: Remove unused services, lock down interfaces, enforce secure defaults.

  • 🔀 Incident playbooks: Include safe rollback, forensic capture, containment paths.

  • 👥 Cross-functional teams: Co-locate or synchronize OT, IT, security, operations staff.

  • 📈 Metrics & executive reporting: Use security KPIs contextualized to safety, availability, and damage containment.

  • 🔄 Continuous review & iteration: Ingest lessons learned, threat intelligence, and adapt.

  • 📜 Framework alignment: Use ISA/IEC 62443, NIST 800‑82, or sector-specific guidelines.


Final Thoughts

As of 2025, you can’t treat OT as a passive, hidden domain. The convergence is inevitable—and attackers know it. The good news is that mature defense strategies are emerging: segmentation, zero trust, anomaly-based detection, and governance-focused integration.

The path forward is not about plugging every hole at once. It’s about building layered defenses, prioritizing by criticality, and evolving your posture incrementally. In a world where a successful exploit can physically damage infrastructure or disrupt a grid, the resilience you build today may be your strongest asset tomorrow.

More Info and Assistance

For discussion, more information, or assistance, please contact us. (614) 351-1237 will get us on the phone, and info@microsolved.com will get us via email. Reach out to schedule a no-hassle and no-pressure discussion. Put out 30+ years of OT experience to work for you! 

 

 

* AI tools were used as a research assistant for this content, but human moderation and writing are also included. The included images are AI-generated.

Utility Tabletop Cybersecurity Exercises

Recently, a group of federal partners, comprised of the Federal Energy Regulatory Commission (FERC), North American Reliability Corporation (NERC) and it’s regional entities released their Cyber Planning for Response and Recovery Study (CYPRES). The report was based on a review and analysis of the incident response and recovery capabilities of a set of their member’s cyber security units, and is a great example of some of the information sharing that is increasing in the industry. The report included reviews of eight utility companies’ incident response plans for critical infrastructure environments, and the programs reviewed varied in their size, complexity and maturity, though all were public utilities.

Though the specific tactics suggested in the report’s findings have come under fire and criticism, a few items emerged that were of broad agreement. The first is that most successful programs are based on NIST 800-61, which is a fantastic framework for incident response plans. Secondly, the report discusses how useful tabletop exercises are for practicing responses to cybersecurity threats and re-enforcing the lessons learned feedback loop to improve capabilities. As a result, each public utility should strongly consider implementing periodic tabletop exercises as a part of their cyber security and risk management programs.

Tabletop Exercises from MSI

At MicroSolved, we have been running cyber security tabletop exercises for our clients for more than a decade. We have a proprietary methodology for building out the role playing scenarios and using real-world threat intelligence and results from the client’s vulnerability management tools in the simulation. Our scenarios are developed into simulation modules, pre-approved by the client, and also include a variety of randomized events and nuances to more precisely simulate real life. During the tabletop exercise, we also leverage a custom written gaming management system to handle all event details, track game time and handle the randomization nuances.

Our tabletop exercise process is performed by two MSI team members. The first acts as the simulation moderator and “game master”, presenting the scenarios and tracking the various open threads as the simulation progresses. The second team member is an “observer” and they are skilled risk management team members who pre-review your incident response policies, procedures and documentation so that they can then prepare a gap analysis after the simulation. The gap analysis compares your performance during the game to the process and procedure requirements described and notes any differences, weaknesses or suggestions for improvement.

Target scenarios can be created to test any division of the organization, wide scale attacks or deeply nuanced compromises of specific lines of business. Various utility systems can be impacted in the simulation, including business networks, payment processing, EDI/supply chain, metering/AMI/smart grid, ICS/SCADA or other mission critical systems.Combination and cascading failures, disaster recovery and business continuity can also be modeled. In short, just about any cyber risks can be a part of the exercise.

Tabletop Exercise Outcomes and Deliverables

Our tabletop exercises result in a variety of detailed reports and a knowledge transfer session, if desired. The reports include the results of the policy/procedure review and gap analysis, a description of the simulated incident and an action plan for future improvements. If desired, a board level executive summary can also be included, suitable for presentation to boards, management teams, direct oversight groups, Public Utility Commission and Homeland Security auditors as well.

These reports will discuss the security measures tested, and provide advice on proactive controls that can be implemented, enhanced, matured or practiced in order to display capabilities in future incidents that reflect the ability to perform more rapid and efficient recovery.

The knowledge transfer session is your team’s chance to ask questions about the process, learn more about the gaps observed in their performance and discuss the lessons learned, suggestions and controls that call for improvement. Of course the session can include discussions of related initiatives and provide for contact information exchange with our team members, in the event that they can assist your team in the future. The knowledge transfer session can also be performed after your team has a chance to perform a major review of the reports and findings.

How to Get Started on Tabletop Exercises from MSI

Tabletop exercises are available from our team for cyber security incidents, disaster preparedness and response or business continuity functions. Exercises are available on an ad-hoc, 1 year, 2 year or 3 year subscription packages with frequencies ranging from quarterly to twice per year or yearly. Our team’s experience is applicable to all utility cyber programs and can include any required government partners, government agencies or regulators as appropriate.

Our team can help develop the scope of threats, cyber attacks or emergency events to be simulated. Common current examples include ransomware, phishing-based account compromises, cyber attacks that coincide with catastrophic events or service disruptions, physical attacks against substations or natural gas pipelines, data breach and compromise of various parts of the ICS/SCADA infrastructure. Our team will work with you to ensure that the scenario meets all of your important points and concerns.

Once the scenario is approved, we will schedule the simulation (which can be easily performed via web-conference to reduce travel costs and facilitate easy team attendance) and build the nuances to create the effects of a real event. Once completed, the reporting and knowledge transfer sessions can follow each instance.

Tabletop exercises can go a long way to increasing cybersecurity preparedness and re-enforcing the cybersecurity mindset of your team. It can also be a great opportunity for increasing IT/OT cooperation and strengthening relationships between those team members.

To get started, simply contact us via this web form or give us a call at (614) 351-1237. We would love to discuss tabletop exercises with you and help you leverage them to increase your security posture.

 

WARNING: Migrate Windows Server 2003 Immediately

Believe it or not, we still get queries from a few utility companies that have operational processes locked on Windows Server 2003 as a platform. Most of the time, these are legacy applications associated with some form of ICS device or data management system that they have not been able to afford to replace.

Windows 2003 Server end-of-life searches are still among the most popular searches on our StateOfSecurity.com blog, receiving more than 200 queries most months. Keep in mind, this is an operating system that patches haven’t been released for since 2015. According to Spiceworks, an online community for IT professionals, the Windows 2003 Server operating system still enjoys a market share of 17.9%, though we could not validate the time frames of their claim.

But, just in the last year or so, we have seen it alive and well in natural gas, energy and the communications infrastructures, both foreign and domestic. So, we know it is still out there, and still being used in seemingly essential roles.

I’m not going to lecture you about using a system that is unmatched for 5 years. That’s just common sense. Instead, what I am going to do is make three quick suggestions for those of you who can’t get rid of this zombie OS. Here they are:

1. Install a firewall or other filtering device between the legacy system and the rest of your environment. This firewall should reduce the network traffic allowed to the system down to only specifically required ports and source addresses. It should also restrict all unneeded outbound traffic from the device to anything else in the network or the world. The device should be monitored for anomalies and security IOCs.

2. If the hardware is becoming an issue, as well, consider virtualizing the system using a modern virtualization solution. Then apply the firewalling above. Server 2003 seems to be easily virtualized and most modern solutions can handle it trivially.Hardware failure of many of these aging systems is their largest risk in terms of availability.

3. Eliminate the need AS SOON AS POSSIBLE. Even with the firewalling and filtering, these systems have high risk. You might also consider if you can migrate portions of the services from Windows 2003 to a more recent system or platform. This isn’t always possible, but everything you can move from Windows 2003 to a supported OS is likely to let you crank down your filtering even more.

Lastly, if you’re still trapped on Windows 2003, make sure you review this every quarter with the application owners and management. Keep it on their mind and on the front burner. The sooner you can resolve it, the better. 

If you need more help or advice on risk mitigation or minimization, get in touch. We’d love to help! Just email us at info@microsolved.com and we can connect.

EDI – The Often Overlooked Critical Process in Utilities

EDI (Electronic Data Interchange) is an often forgotten underpinning of many utility companies, even though many of its functions are likely to be critical to the operation. In many states, EDI is a mandated operation for commercial bill pay and meter reading data exchange with third party services. In fact, between the Gas Industry (GISB) and North American Energy (NAESB) Standards Boards, a substantial set of requirements exist for industry use of EDI.

Data

While EDI exists as a specific set of functions for exchanging digital data, it is often managed through third party applications and networks. These operations carry several different threat models, from disruption of service and outages that impact the data availability, to tampering and compromise of the data in transit. As such, it is essential that utilities have performed business function and application specific risk assessment on EDI implementations.

Additionally, many of our clients have performed EDI-focused penetration testing and technical application assessments of their EDI translators and network interconnects. Some clients still utilize a Value Added Network (VAN) or other service provider for EDI transmissions, and MSI can work with your VAN to review their security program and the configuration of your interconnections to ensure maximum security and regulatory compliance.

Lastly, our team has been very successful doing tabletop incident response and disaster recovery/business continuity exercises involving modeling EDI outages, failures and data corruption. Impacts identified in these role playing exercises have ranged from critical outages to loss of revenue.

If you’d like to learn more about our EDI services and capabilities, give us a call at 614-351-1237 or drop us a line at info@microsolved.com. We’d love to talk with you about our nearly 30 years of experience in EDI, information security and critical infrastructure.

 

 

 

Introducing AirWasp from MSI!

NewImage

For over a decade, HoneyPoint has been proving that passive detection works like a charm. Our users have successfully identified millions of scans, probes and malware infections by simply putting “fake stuff” in their networks, industrial control environments and other strategic locations. 

 

Attackers have taken the bait too; giving HoneyPoint users rapid detection of malicious activity AND the threat intelligence they need to shut down the attacker and isolate them from other network assets.

 

HoneyPoint users have been asking us about manageable ways to detect and monitor for new WiFi networks and we’ve come up with a solution. They wanted something distributed and effective, yet easy to use and affordable. They wanted a tool that would follow the same high signal, low noise detection approach that they brag about from their HoneyPoint deployments. That’s exactly what AirWasp does.

 

We created AirWasp to answer these WiFi detection needs. AirWasp scans for and profiles WiFi access points from affordable deck-of-cards-sized appliances. It alerts on any detected access points through the same HoneyPoint Console in use today, minimizing new cost and management overhead. It also includes traditional HoneyPoints on the same hardware to help secure the wired network too!

 

Plus, our self-tuning white list approach means you are only alerted once a new access point is detected – virtually eliminating the noise of ongoing monitoring. 

 

Just drop the appliance into your network and forget about it. It’ll be silent, passive and vigilant until the day comes when it has something urgent for you to act upon. No noise, just detection when you need it most.

 

Use Cases:

 

  • Monitor multiple remote sites and even employee home networks for new Wifi access points, especially those configured to trick users
  • Inventory site WiFi footprints from a central location by rotating the appliance between sites periodically
  • Detect scans, probes and worms targeting your systems using our acclaimed HoneyPoint detection and black hole techniques
  • Eliminate monitoring hassles with our integration capabilities to open tickets, send data to the SIEM, disable switch ports or blacklist hosts using your existing enterprise products and workflows

More Information

 

To learn how to bring the power and flexibility of HoneyPoint and AirWasp to your network, simply contact us via email (info@microsolved.com) or phone (614) 351-1237.


 

We can’t wait to help you protect your network, data and users!


Clients Finding New Ways to Leverage MSI Testing Labs

Just a reminder that MSI testing labs are seeing a LOT more usage lately. If you haven’t heard about some of the work we do in the labs, check it out here.

One of the ways that new clients are leveraging the labs is to have us mock up changes to their environments or new applications in HoneyPoint and publish them out to the web. We then monitor those fake implementations and measure the ways that attackers, malware and Internet background radiation interacts with them.

The clients use these insights to identify areas to focus on in their security testing, risk management and monitoring. A few clients have even done A/B testing using this approach, looking for the differences in risk and threat exposures via different options for deployment or development.

Let us know if you would like to discuss such an approach. The labs are a quickly growing and very powerful part of the many services and capabilities that we offer our clients around the world! 

MachineTruth As a Validation of Segmentation/Enclaving

If you haven’t heard about our MachineTruth™ offering yet, check it out here. It is a fantastic way for organizations to perform offline asset discovery, network mapping and architecture reviews. We also are using it heavily in our work with ICS/SCADA organizations to segment/enclave their networks.

Recently, one of our clients approached us with some ideas about using MachineTruth to PROVE that they had segmented their network. They wanted to reduce the impacts of several pieces of compliance regulation (CIP/PCI/etc.) and be able to prove that they had successfully implemented segmentation to their auditors.

The project is moving forward and we have discussed this use case with several other organizations to date. If you would like to talk with us about it, and learn more about MachineTruth and our new bleeding edge capabilities, give us a call at 614-351-1237 or drop us a line via info <at> microsolved <dot> com.  

State of Security Podcast Episode 5 Available

This is one of my favorite episodes so far! I spend about 45 minutes with Josh Anderson, who riffs on IT and ICS/SCADA security threats, career advice, how he compares his life to characters on TV’s “24” and a whole lot more. Very relaxed, generous in time and content, this interview with one of America’s Premier ICS Security Gurus (I just gave him that title…) is fun and lively. 

Special shout out to Kent King for his mentorship in this episode, as well. 
 
Let us know what you think Twitter. Thanks for listening! 

Operation Hardened Buckeye

MSI is pleased to announce the immediate formation and availability of Operation Hardened Buckeye!

This special program is dedicated to assisting Ohio’s Rural Electrical Cooperatives.

MSI will set up aggregated groups of Electrical Cooperatives and perform services and offer tools to the groups en-masse at discounted rates, as if they were one large company. Essentially, this allows the co-ops to leverage group buying, while still receiving individual reports, software licenses and overall group-level intelligence & metrics.

MSI will offer a package consisting of the following:

  • External Vulnerability Assessment with aggregated executive level reports/metrics & individual technical detail reports
  • An aggregated Targeted Threat Intelligence engagement with individual notifications of critical findings and an aggregated intelligence report for the group
  • 3 HoneyPoint Agent licenses and a console license per co-op that participates
  • Deep discounts to individual co-ops who desire application assessment, internal vulnerability assessments, wireless assessments or other MSI professional services (including MSI::Vigilance & ICS Network Segregation Services)
  • Deep discounts for ongoing assessments and targeted threat intelligence as a service

Caveats: All assessments will be performed at the same time. Co-ops must each sign onto a common MSA. Each co-op will be billed for the total of the package divided by the number of participating co-ops. Co-ops must provide accurate IP address ranges for their external assessment.

This enables the co-ops to have a security baseline of their security posture performed, including aligning their current status against that of their peers. It also allows for each of the co-ops to deploy a HoneyPoint Agent in their DMZ, business network and control network for detection capabilities. The targeted threat intelligence will provide them with an overall threat assessment, as well as identifying individual targets that have either already been attacked or are likely to provide easy/attention raising targets for future attacks.

We will be holding a webinar for those interested in participating on Thursday, May 21, 2015. You can register for this event here. You can also download the flyer about the program here.

For more information, please contact Allan Bergen via the email below or call (513) 300-0194 today! 

Email: sales@microsolved.com

Co-Op & Municipal Utilities Get Discounts in July

Attention Co-Op & Municipal utilities — MSI is offering discounts to your organizations on professional services (policy/process, assessments, pen-testing, etc.), lab services (device & AMR/AMI assessments, threat assessments, etc.) and HoneyPoint Security Server for the month of July. Book the business before July 31’st and have the work/implementation completed before December 31st of 2014 and you receive a discount up to 30% off!

Do you need pen-testing against your business network? Need web app assessments on billing or payment systems? Have a call for risk assessments, smart grid device testing or fraud testing against your meters and field gear? All of this and more qualifies!

Check out our ICS/SCADA specific services by clicking here!

Give Allan Bergen a call today at 513-300-0194 to learn more about our program. We truly appreciate the hard work and dedication that Co-op and Municipal utility teams do, and we look forward to working with you!