Blog
Insights & Resources
Guidance on CMMC compliance, industrial cybersecurity, and OT network protection.
329 articles
MITRE ATT&CKICS threat detection
How to Use MITRE ATT&CK for ICS Threat Detection
Securing Industrial Control Systems (ICS) is critical. MITRE ATT&CK is a comprehensive framework designed to document and share knowledge about a...
ICS network designBest practices
Best Practices for Designing a Secure ICS Network
ICS network security is critical. As the backbone of critical infrastructure, ICS networks demand robust security measures to protec...
SegmentationNetwork Design
Breaking Down Broadcast Storms How Layer 3 Segmentation Saves Your Network
Broadcast storms are the silent saboteurs of network performance, wreaking havoc by flooding your system with an overwhelming amount of traffic. These storms can lead to significant downtime, producti...
OT SecurityBusiness Case
Building the Business Case for OT Network Segmentation
Your CISO knows segmentation matters. Your CFO wants to know what it costs and what it prevents. Here's how to build the business case.
CMMCManufacturing
CMMC Level 2 for Manufacturers: Why VLANs Are Not Enough for Shop Floor OT
VLANs segment traffic at the switch level. CMMC Level 2 requires identity-based access control, audit logging, and encryption. VLANs provide none of these. Here is what assessors actually look for on the shop floor.
CMMCNIS2
CMMC vs NIS2: One Compliance Architecture for Both Frameworks
Defense contractors operating in both the US and EU face CMMC and NIS2 simultaneously. The good news: a single on-premise architecture can satisfy both.
Flat networksSegmented networks
Flat Network vs Segmented Network in Industrial Environments
Flat network vs segmented network in OT: lateral-movement risk, compliance under CMMC, NIS2, and IEC 62443, and a migration path without production downtime.
CMMCEnduring Exception
How CMMC Handles Exceptions and Compensating Controls
CMMC Level 2 requires all 110 NIST 800-171 Rev 2 controls — but your CNC machines, PLCs, and legacy HMIs can't implement most of them. The Enduring Exception and Compensating Control mechanisms are how the framework handles that reality. Here's what the rule actually says, what a C3PAO will ask for, and what the Affirming Official is personally signing.
CMMCSSP
How to Write an SSP Section for a Network with Legacy PLCs
Your System Security Plan needs to describe how you protect assets that cannot protect themselves. Here is a practical template for documenting legacy PLC networks in your CMMC SSP.
Remote accessLegacy systems
Secure Remote Access for Legacy Systems
Securing remote access for legacy systems in operational technology (OT) environments presents unique challenges. These systems are crucial for industrial connectivity but often lack modern security f...
CMMCCompliance
What the CMMC Enduring Exception Actually Requires You to Document
The Enduring Exception is not a waiver. It requires specific documentation, compensating controls with evidence, and an Affirming Official signature. Miss any of it and you face False Claims Act exposure.
OT SecurityZero Trust
Why Your OT Network Has No Identity Layer (And What Happens When an Attacker Notices)
The moment an attacker reaches your OT network, they stop having to prove who they are. Flat Layer 2, PLCs that can't do MFA, trust-by-location — it's a lateral movement playground. The fix isn't rewiring the plant. It's putting an identity layer in front of the assets that can't enforce one themselves.
›Browse all posts (329)
- How to Use MITRE ATT&CK for ICS Threat Detection
- Best Practices for Designing a Secure ICS Network
- Breaking Down Broadcast Storms How Layer 3 Segmentation Saves Your Network
- Building the Business Case for OT Network Segmentation
- CMMC Level 2 for Manufacturers: Why VLANs Are Not Enough for Shop Floor OT
- CMMC vs NIS2: One Compliance Architecture for Both Frameworks
- Flat Network vs Segmented Network in Industrial Environments
- How CMMC Handles Exceptions and Compensating Controls
- How to Write an SSP Section for a Network with Legacy PLCs
- Secure Remote Access for Legacy Systems
- What the CMMC Enduring Exception Actually Requires You to Document
- Why Your OT Network Has No Identity Layer (And What Happens When an Attacker Notices)
- Zero Trust for Legacy PLCs: The Lollipop Architecture Explained
- Agent-Free Zero Trust: Why OT Environments Can't Use Endpoint Software
- What the New CISA Zero Trust OT Guide Means for On-Premise Deployments
- How to Segment a Flat OT Network Without VLANs or Downtime
- What a C3PAO Looks for in an OT Environment
- Zero Trust for Air-Gapped OT Networks: What Works and What Doesn't
- Cybersecurity for Police Evidence Systems: Sovereign, Auditable, On-Premise
- From Unboxing to Zero Trust in 4 Hours: What Deployment Actually Looks Like
- How Ski Resorts and Distributed Infrastructure Operators Deploy Zero Trust
- How to Evaluate OT Security Vendors: A Buyer's Checklist for 2026
- Multi-Site OT Security: How to Scale Zero Trust Across 50+ Locations
- Oil & Gas Pipeline Security: Protecting Distributed SCADA Across Vast Geographies
- Port & Maritime OT Security: Protecting Crane Control and Terminal Systems
- Power Grid Substation Security: Zero Trust for Distributed Energy OT
- Proxy-Based Security for OT: Why Proxies Succeed Where Agents Fail
- Rail Signaling Cybersecurity: Protecting Safety-Certified Infrastructure
- Session Recording for OT Compliance: Meeting CMMC and NIS2 Audit Requirements
- The True Cost of OT Security: TCO Comparison of Appliance vs Cloud Solutions
- Water Utility Cybersecurity: Securing SCADA from Treatment Plant to Tap
- Securing Airport Baggage Handling Systems Without Requalification
- AI-Powered Attacks on Industrial Networks: What OT Teams Should Prepare For
- How to Configure YubiKey with Trout Access Gate
- Supply Chain Attacks on OT: The PYROXENE Campaign and Lessons for Operators
- Overlay Networking vs VLANs: A Practical Comparison for OT Segmentation
- Why On-Premise OT Security Beats Cloud-Routed Solutions
- Nozomi Networks vs Access Gate: When Visibility Alone Isn't Enough
- Top OT Cyber Threats in 2026: What to Watch
- What Is MFA and Why Every Organization Needs It in 2026
- Introducing Open-CMMC: An Open-Source CUI Enclave for CMMC Level 2
- Claroty vs Access Gate: Monitoring vs Enforcement for OT Networks
- Control Loop Mapping: How Attackers Are Learning to Manipulate Physical Processes
- CUI Enclave Architecture: On-Premise Alternatives to GCC High
- Dragos 2026 Report: What the 3 New OT Threat Groups Mean for Your Factory
- NIS2 Management Liability: Why Executives Are Personally on the Hook
- The C3PAO Bottleneck: How to Prepare When There Aren't Enough Assessors
- Ransomware Targeting Manufacturing in 2026: A 49% Increase and What to Do About It
- NIS2 Enforcement Is Live: What Changed and What to Do First
- CMMC October 2026: What Defense Manufacturers Must Do Now
- Centralized Audit Logging for Multi-Site Operations
- CMMC Compliance for Defense Suppliers: Practical Guide
- Compliance Audit Readiness for Critical Infrastructure
- Cybersecurity for Naval Shipboard Systems
- Defense Contractor Facility Security: Beyond the Perimeter
- Detecting Anomalies in Industrial Protocols
- IEC 62443 Zones and Conduits Explained
- Microsegmentation in Industrial Environments
- Network Visibility: You Can't Protect What You Can't See
- NIS2 Operational Technology: What Manufacturers Need to Know
- OT Patch Management Challenges and Strategies
- Purdue Model Limitations and Alternatives for Modern OT
- Ransomware in Manufacturing: Lessons from Recent Attacks
- Remote Access: Biggest Attack Vector in OT
- Securing UAV Ground Stations: MAVLink Vulnerabilities
- Supply Chain Attacks Targeting Industrial Control Systems
- Bringing Two-Factor Authentication to the Factory Floor: Constraints and Practical Methods
- From Control Room to Field Device: Adapting Two-Factor Authentication to Industrial Reality
- OT and Legacy Systems impact on NIS2
- Air-Gapped But Not Safe: Misconceptions in Legacy Security
- Air-Gapped vs Layered Security Architectures
- Aligning Factory Networks with DoD Requirements
- Automating Compliance Monitoring in ICS
- Badge vs Password Why Physical Identity Matters for OT Cybersecurity
- Balancing Security and Uptime in Manufacturing
- Best Tools for Monitoring Industrial Protocol Security
- Beyond the Acronym How PLCs Became the Backbone of Modern Industrial Automation
- Breaking Down Data Silos How to Extract Maximum Value from Your PLC Networks
- Bridging IT and OT: A Step-by-Step Integration Guide
- Bridging Legacy Protocols and Cloud Architectures
- Building a SOC for OT: Tools and Tips
- Building Fault-Tolerant Network Paths in OT
- Building for Scalability in Industrial Networks
- Change Management for Industrial Network Security
- Change Management in ICS Environments
- Checklist for NERC CIP Compliance in Power Utilities
- Choosing Between Star and Ring Topologies in ICS
- CMMC 2.0: What Manufacturers Need to Know
- CMMC Level 2 Requirements for OT Specialized Assets
- CMMC Secure Specialized Assets
- Common Attack Vectors in Legacy ICS
- Common Language: How IT and OT Teams Can Align
- Common MFA Mistakes and How to Avoid Them
- Common Pitfalls in Achieving ISO 27001 for Industrial Networks
- Common Root Causes of OT Downtime
- Common Segmentation Mistakes in ICS Projects
- Compliant Remote Access Solutions for Manufacturers
- Continuous Verification in 24/7 Manufacturing Operations
- Creating Standard Operating Procedures for OT Security
- Daily Maintenance Tasks for OT Cybersecurity
- Data Diodes vs Firewalls for IT/OT Separation
- Dealing with Firmware Limitations in Legacy Equipment
- Deep Packet Inspection vs Flow-Based Monitoring What's Best for OT
- Deploying Firewalls Without Breaking ICS Traffic
- Design Patterns for Converged IT/OT Monitoring
- Designing for Predictable Network Behavior in OT
- Designing Redundant Communication Paths in OT
- Detecting and Responding to ICS Attacks in Real Time
- Device Authentication for Legacy Industrial Equipment
- Device Identity in Zero Trust Industrial Networks
- DNP3 Security Implementation in SCADA Systems
- Documenting Security Controls for Industrial Assessments
- Endpoint Visibility in IT/OT Convergence
- EtherNet/IP Vulnerability Assessment and Mitigation
- Failover Strategies for Mission-Critical OT Networks
- Failure Modes in SCADA Networks
- FIDO2 and Passkeys The Future of MFA for Critical Infrastructure
- Firewall Placement Strategies for Industrial Networks
- From Collision to Precision How Layer 3 Routing Eliminates Network Bottlenecks
- From Door to Data How Badge Access Enhances Cybersecurity in Industrial Environments
- From Factory Floor to Cloud Building Robust Data Pipelines from PLC Systems
- From SaaS Security to Factory Floor Security The Two Faces of Zero Trust
- GDPR and OT: What Data Privacy Means for Industrial Control Systems
- High Availability NAC Deployment for Continuous Operations
- HMI Network Isolation Strategies
- How Compliance Can Drive Better OT Security
- How Network Changes Affect PLC Performance
- How Network Segmentation Accelerates Compliance
- How Network Traffic Logs Help You Comply with CMMC and IEC 62443
- How to Add Visibility to Dark OT Networks
- How to Audit Industrial Protocol Traffic Effectively
- How to Benchmark ICS Network Performance
- How to Build a Resilient OT Backbone
- How to Build a Zero Trust Architecture for Manufacturing
- How to Build an Incident Response Plan for ICS
- How to Build an OT Cybersecurity Roadmap for Your Factory
- How to Comply with IEC 62443 in Practice
- How to Conduct a Post-Incident Analysis in OT
- How to Connect Sites Without Increasing Risk
- How to Correlate Network Traffic and Device Behavior in OT
- How to Create Secure Zones in SCADA Networks
- How to Design an ICS Network for High Availability
- How to Design VLANs for ICS Security
- How to Detect Anomalies in Modbus and DNP3 Traffic
- How to Enforce East-West Traffic Isolation in OT
- How to Implement Least Privilege Access in Industrial Networks
- How to Implement MFA in Legacy OT Environments Without Breaking Operations
- How to Integrate Zero Trust with Existing ICS Infrastructure
- How to Leverage IT Tooling in OT Networks
- How to Manage Passwords on Hundreds of ICS Devices
- How to Monitor Latency in ICS Networks
- How to Monitor SCADA Network Traffic Without Disrupting Operations
- How to Perform a Risk Assessment on Your OT Environment
- How to Roll Out MFA Without Frustrating Your Team
- How to Roll Out New OT Security Tech with Minimal Downtime
- How to Safely Route Business Data from ICS Systems
- How to Secure 20-Year-Old PLCs in Modern Networks
- How to Secure Legacy OT Systems Without Breaking Them
- How to Secure Modbus TCP: Best Practices for Modern ICS Networks
- How to Secure Shared Infrastructure Between IT and OT
- How to Segment Control and Safety Systems
- How to Spot Malicious Lateral Movement in OT Environments
- How to Train Operators on OT Security Best Practices
- How to Use NetFlow for Industrial Network Visibility
- ICS Honeypots: Revealing Real-World Attacks on Industrial Protocols
- ICS Network Design: Mistakes to Avoid
- ICS Protocol Deep Packet Inspection: Tools and Techniques
- ICS vs SCADA Security What You Need to Know
- IEC 62443 Zone Implementation with Network Access Control
- Implementing Network Traffic Analysis Without Slowing Down Production
- Implementing Zero Trust in Air-Gapped OT Networks
- Indicators of Compromise in SCADA Environments
- Industrial DMZ Design and Access Control
- Industrial Malware: Network-Based Detection Strategies
- Industrial Network Topology Discovery and Mapping
- Industry 4.0 Data Architecture Why Your PLC Strategy Determines Digital Transformation Success
- Insider Threat Detection in Manufacturing Environments
- Integrating Badge Access with Windows Login and Remote Sessions
- Integrating Serial Devices into IP Networks Securely
- Integrating Sysmon and OT Logging: A Unified View
- Inventory and Asset Management in ICS Operations
- ISA/IEC 62443 Asset Identification and Documentation
- Key Metrics to Track Zero Trust Adoption in OT
- Latency Requirements in Industrial Control Systems
- Lateral Movement Detection in Industrial Networks
- Layer 2 vs Layer 3 Why Your Network's Broadcast Domains Are Killing Performance
- Legacy Device Inventory: Where to Start
- Legacy OT Systems: Risks and Modern Mitigations
- Lessons Learned from the TRITON Malware Attack
- Maintenance Window Planning for Security Updates
- Managing Mixed IT/OT Device Inventories
- Mapping OT Controls to NIST SP 800-53
- MFA for Remote Access Securing VPNs RDP and Cloud Portals
- MFA for Service Accounts and Industrial Devices Is It Possible
- Microsegmentation for Manufacturing Networks: A Technical Guide
- Microsegmentation in OT: Practical Steps to Get Started
- NERC CIP Compliance: Network Security Monitoring Requirements
- Network Access Control (NAC) for SCADA and ICS
- Network Security Impact on Real-Time Control Loops
- Network Traffic Baselines Why They're Critical in Industrial Security
- Network Visibility Across Purdue Model Levels
- NIS2 Asset Inventory Requirements What You Need to Track and How to Do IT on Premise
- NIS2 Compliance a Practical Guide to Meeting Article 21 Security Obligations
- NIS2 Compliance for Manufacturing Securing OT Legacy Machines and on Premise Systems
- NIS2 Directive Explained: Requirements, Scope, and Who Must Comply in 2026
- NIST Cybersecurity Framework for Manufacturing Systems
- OPC-UA Authentication in Air-Gapped Environments
- OPC UA Security: What Every OT Engineer Should Know
- OT-Specific IDS: What to Look For
- OT vs IT CMMC Controls
- Overlay Networks for Industrial Security: Technical Deep Dive
- Passive vs Active Traffic Monitoring in ICS Networks
- Patch Management in Operational Environments
- Phased NAC Deployment in Live Manufacturing Environments
- PLC Data Security Protecting Critical Infrastructure in Connected Factories
- PLC Explained What Every Manufacturing Professional Should Know About Programmable Logic Controllers
- PLC vs SCADA vs DCS Understanding Industrial Control System Hierarchies
- Plug and Play NIS2 Compliance Achieving Coverage Without Agents or Cloud Dependency
- Protocol-Aware Firewalls for Industrial Control Systems
- Protocol Gateways: The Good, the Bad, and the Ugly
- Protocol Whitelisting: How to Reduce Attack Surface in OT
- Real-Time PLC Data Streaming OPC-UA Modbus and Modern Integration Patterns
- Real-World ICS Breaches and What We Can Learn
- Red Team vs Blue Team Exercises for Industrial Networks
- Redundant Link Design for OT Systems
- Redundant Network Design with Integrated Security Controls
- Reference Architectures for ICS Network Security
- Remote Access Security for Industrial Maintenance
- Remote Site Deployment Best Practices
- Retrofitting Security Controls in Brownfield Installations
- ROI of Network Segmentation The Business Case for Layer 3 Migration
- Role of QoS in ICS Communications
- Routed vs Switched Networks
- Scheduling Maintenance Windows in 24/7 Plants
- Secure Commissioning of New ICS Equipment
- Secure Workarounds for Unsupported Protocols
- Securing 20-Year-Old PLCs: Non-Intrusive Approaches
- Securing Industrial Ethernet/IP: A Practical Guide
- Securing Modbus TCP Networks: Beyond Basic Firewall Rules
- Securing the IT/OT Boundary: Technical Architecture Patterns
- Security Implications of Using PROFINET in Manufacturing
- Security Policies That Work Across IT and OT
- Security Risks of Uncontrolled IT/OT Interfaces
- Segmenting Legacy SCADA Systems Without Network Redesign
- Serial-to-Ethernet Gateway Security Considerations
- Simulating Cyberattacks on PLCs: Safe Testing Techniques
- Software-Defined Perimeter in Manufacturing
- Speed vs Security Why Layer 3 Networks Win at Both
- Strategies for Enabling Logging in Old ICS Devices
- The Case for Out-of-Band Management in OT
- The Complete Guide to Migrating from Switched to Routed Network Architecture
- The Difference Between IT and OT Cybersecurity Explained
- The Difference Between Secure Modbus and Modbus TCP
- The Difference Between Technical and Administrative Controls in OT
- The Future of Hybrid IT/OT Teams
- The Hidden Security Risks of Flat Switched Networks and How Layer 3 Routing Fixes Them
- The Impact of Broadcast Storms in ICS
- The Reliability Impact of Cybersecurity Controls
- The Role of Emulators in ICS Legacy Integration
- The Role of L3 Routing in OT Segmentation
- The Role of Layer 2 and Layer 3 Segmentation in ICS
- The Role of MFA in CMMC NIS2 and IEC 62443 Compliance
- The Role of Multi-Factor Authentication in OT
- The Role of Network Segmentation in OT Cyber Defense
- The Role of SIEMs in OT/IT Environments
- The Role of Syslog in Meeting CMMC Logging Requirements
- The Role of TLS in Securing OPC UA
- Tips for Upgrading Factory Network Infrastructure
- Top 10 Audit-Ready Controls for OT Networks
- Top 10 OT Cybersecurity Threats Facing Manufacturers in 2025
- Top 5 Benefits of Using Badge Access for ICS and SCADA Terminals
- Top 5 Metrics to Monitor in Industrial Network Traffic
- Top 5 MFA Methods Compared: SMS, TOTP, Biometrics, Hardware Keys & Push Notifications
- Top Frameworks for OT Cybersecurity IEC 62443 NIST and More
- Top Mistakes During IT/OT Network Mergers
- Top Vulnerabilities in DNP3 and How to Mitigate Them
- Topology Design for Monitoring and Visibility
- Training Operations Staff on Network Security Tools
- Training OT Operators on Network Hygiene
- Troubleshooting ICS Performance With Netflow
- Understanding NIS2 Requirements for ICS Networks
- Understanding SCADA Protocol Behavior for Better Defenses
- Understanding the Costs of Multi-Factor Authentication
- User Identity and Access in Air-Gapped Environments
- Using Demilitarized LANs to Isolate OT Assets
- Using NetFlow and Logs for ICS Threat Hunting
- Using Overlay Networks for Secure OT Access
- Using SNMP Effectively in OT Environments
- Using Software-Defined Networking (SDN) in OT
- Using Traffic Analysis for Incident Response in ICS
- Vendor Access Controls During Field Maintenance
- Vendor Access Risks in OT and How to Control Them
- What Is Badge Access for Digital Systems A Beginner's Guide for IT and OT Teams
- What Is Network Traffic Analysis A Guide for OT Engineers
- What Is OT Cybersecurity A Beginner's Guide for Industrial Teams
- What OT Security Teams Can Learn from IT Breach Reports
- When Flat Networks Fail 5 Warning Signs It's Time to Move to Layer 3
- When Never Trust Always Verify Meets Legacy PLCs
- Where the Packets Roam
- Why Air Gaps Are No Longer Enough in OT Security
- Why Early Detection is Key in OT Security
- Why IT/OT Convergence Fails Without Governance
- Why Jitter Matters in Real Time OT Traffic
- Why Legacy Protocols Pose a Risk in Modern OT Networks
- Why Microsegmentation is Critical for Zero Trust in ICS
- Why Patching Isn't Always an Option in OT
- Why Routed Networks Scale Better The Math Behind Layer 3 Performance Gains
- Why ZTNA in OT Isn't the Same as in IT
- Windows XP in Industrial Networks: Containment Strategies
- Wireless Design Considerations for Industrial Zones
- YubiKeys in Manufacturing Hands-On MFA for Shared Workstations
- Zero Downtime Deployment Techniques for Industrial Networks
- Zero Trust for Industrial Networks Using Overlay Networks for Secure OT Access
- Zero Trust in OT How to Get Started
- Zero Trust in OT: Why the Perimeter is Dead
- Zero Trust OT Gateways: What They Are and How They Work
- Zero Trust Policy Framework for Critical Infrastructure
- Zero Trust Principles Applied to PLC Communications
- Zero Trust Readiness Checklist for Industrial Environments
- Zero Trust Starts at Layer 3 How Routed Networks Enable Micro-Segmentation
- Zero Trust vs Traditional Firewalling: What's More Effective in OT?
- Zone and Conduit Architecture with Modern NAC Solutions
- Zone-Based Firewalling for ICS: Best Practices
- Alternatives to Zscaler for Securing On-Premise and Industrial Systems
- Why Zero Trust Matters for Manufacturing
- Trout Software and Carahsoft Partner to Deliver Zero Trust Security for Legacy and On-Premise Industrial Systems Across the Public Sector
- Preparing for the CMMC 2.0 Compliance Deadline
- Securing Legacy Manufacturing Equipment for CMMC
- On-Premise vs Cloud Enclave for CUI Protection