TroutTrout

Zero Trust for Water Utility Operations.

Remote access and new compliance mandates now reach the water utility: treatment plants, pumping stations, and remote monitoring networks, distributed infrastructure with no margin for error. Agentless Zero Trust enforcement. No disruption to water operations.

Upcoming webinars

Live sessions on securing water and wastewater OT and the new New York DEC and DOH rules.

Core Capabilities

Protect Water Systems. Maintain Reliability.

Five capabilities that protect water and wastewater OT, from treatment plants to remote pumping stations, without touching operational equipment.

Treatment Plant OT Protection

Protect dosing controllers, SCADA, PLCs, and process control systems at the network level. No agents installed on operational equipment. Operations continue without disruption.

Distributed Network Visibility

Automatic discovery across treatment plants, pumping stations, lift stations, and remote monitoring sites. Real-time inventory of every connected device across the full water network.

OT / IT Segmentation

Enforce strict micro-segmentation between process control OT and corporate IT networks. Overlay segmentation without VLAN restructuring, re-cabling, or operational changes.

Controlled Remote Access

On-premise bastion host for operators and OEM vendors. MFA-enforced, session-scoped, fully logged, no open VPN tunnels into process control systems.

NIS2 & IEC 62443 Compliance

Continuous control enforcement for NIS2 and IEC 62443. Assessment-ready documentation for regulatory audits on demand.

The second layer of value

Access Gate secures your assets first, then exposes the simple services your teams and vendors actually want, so they run through the sanctioned path, not around it.

OT runs through you, not around you.

Trusted by utilities and critical infrastructure operators.

STBMA
55

distributed sites protected across harsh operational environments, securing critical infrastructure without agents or downtime.

Read the case study

Trusted by leading companies

Thales
Orange Cyberdefense
John Cockerill
NeverHack
Kyron
Eden Cluster
Our substations run equipment from four different decades. Trout gave us segmentation and monitoring across all of them without a single firmware update or agent install.
O
OT Security Manager
Grid Operations, Regional Energy Provider

Ready to get started?

Talk to our team to see how the Trout Access Gate fits your environment.

Datasheet

Download the Access Gate Datasheet.

Get the complete product overview with technical capabilities, water utility deployment model, and NIS2 and IEC 62443 compliance alignment.

Done

What's Inside

Water utility deployment architecture, agentless OT protection for treatment plants and pumping stations, NIS2 and IEC 62443 compliance documentation.

4 pages

See It in Action

Request a live demo to see how the Access Gate deploys across your water network without impacting operations.

Request a Demo
FAQ

Common Questions About Water Utility Security.

0

agents required on PLCs, dosing controllers, or SCADA systems. The Access Gate protects water OT entirely from the network level.

Yes. The Access Gate operates at the network level, no agents are installed on PLCs, dosing controllers, SCADA servers, or any OT device. It protects everything connected to the network, regardless of age, firmware, or operating system.

No. The Access Gate installs inline on existing network infrastructure. No re-cabling, no process interruptions, no changes to control system configurations. Water operations continue normally during and after deployment.

The Access Gate creates encrypted overlay networks connecting all sites, treatment plants, pumping stations, lift stations, and control centers. Policy is managed centrally and enforced consistently at every location, including unmanned remote sites.

The Access Gate supports NIS2 (mandatory for water operators in the EU) and IEC 62443 for industrial security. It generates assessment-ready documentation and provides continuous control enforcement for regulatory audits.

Yes. The Access Gate enforces identity-based access policies, only authorized users can access specific process control systems. All sessions are authenticated with MFA, scoped to authorized resources, and fully logged. Unauthorized access attempts are detected and blocked in real time.

New York adopted first-in-nation water cybersecurity regulations on March 11, 2026. The DEC rules (6 NYCRR Parts 616, 650, and 750) require every SPDES-permitted wastewater system, of any size, to report cyber incidents within 24 hours, with access control, vulnerability management, network monitoring for POTWs at 10 MGD or more, and a response plan phased in by March 2027. The DOH rules (10 NYCRR Appendix 5-E) require community water systems serving more than 3,300 people to run an annual Cybersecurity Vulnerability Analysis and report incidents within 24 hours, with remaining controls due by January 1, 2027. Trout maps utility OT networks and enforces segmentation to meet these controls with no agents and no downtime.

The DEC and DOH requirements build on federal EPA obligations under America's Water Infrastructure Act, which already requires community water systems serving more than 3,300 people to include cybersecurity in their Risk and Resilience Assessments. To offset the cost, New York's EFC runs the SECURE grant program, with up to $50,000 for cybersecurity assessments and up to $100,000 for upgrades aligned to the new rules. Trout gives water and wastewater operators the network visibility, segmentation, and access control needed to pass a DOH Cybersecurity Vulnerability Analysis and satisfy DEC controls, deployed agentlessly on existing SCADA and OT infrastructure.

Commissioning a new utility site, or hardening an existing one?

Zero-Trust reference architecture for water and electric utilities. Identity-bound access, brokered sessions, tamper-evident audit. NIS2 + NERC CIP + CCCS coverage matrix.