OT Monitoring

Operational Technology (OT) refers to technology that monitors and controls specific devices and processes within industrial workflows.

Compared with IT, OT is unique in the aspect that related hardware and software is usually designed to accomplish specific tasks, such as heat controlling, monitoring mechanical performance, triggering emergency shutoffs, etc. Typically, this is done through industrial control systems (ICS) and supervisory control and data acquisition (SCADA). While the risks for protecting OT systems and networks are just as high — for example, the integrity of the power grid is essential to national security — the closed nature of most OT systems has made them less susceptible to bad actors. However, that’s quickly changing as the boundaries between IT and OT begin to crumble.



During the last few years, an increase in cybersecurity breaches overall and specifically in OT environments is observed. Naturally, and despite their rather isolated nature of their environment, OT targets are the most sensitive and strategic for attackers. Yet, they are far behind in terms of security due to their nature and because traditional security tools and methodologies cannot always be applied to them. The undisrupted functioning of OT processes is crucial for the operational flow of the organization. Since even a slight deviation from the initial configuration may create significant obstruction in the robustness of the organisational procedures, effectively protecting the OT environment becomes a fundamental element for unobstructed operations.


Key Features

The combination of assets and events so as to profile attackers and track their paths, facilitates the accurate classification of alerts according to the respective degree of risk. From unique OT features such as SCADA- and PLC-aware functionalities, to broader concepts, such as zone access control and centralized management, logging and reporting is performed in a way that allows for solid integrations with the existing SOC workflows and for the provision of efficient threat recommendations and their subsequent elimination.

When dealing with OT systems, an individual has to take into account the peculiarities of OT infrastructure, such as vast geography, environment complexity, coexistence with IT components, segmentations with limited connectivity, etc. With the aforementioned specs taken into consideration, Obrela’s OT solution integrated with our Managed Detection and Response (MDR) service provides insights to questions such as:

  • A potential new asset or SCADA traffic from any existing computer is initiated across several production areas.
  • A PLC process has changed to a value that is beyond the PLC configuration according to the recorded business process baseline by a legitimate asset.
  • An attack is under way to gain access to PLC and modify configuration or attempt change of it process cycle
  • Threat Intelligence reveals an expected malware written for Siemens PLC used massively across plants. The methodology used from detection until remediation is summarized in the following points.
    • Threat risk analysis
    • Preparation of the in-scope systems to plants
    • Plants’ monitoring for IoCs
    • Mitigation of a realized security incident
  • A system critical for the Plant Network Segregation DMZ and under the scope of SoC services is identified not to be compliant with defined security company policy


Obrela Factor

Obrela is integrating and monitoring a versatile IT and OT environment, cloud and on-promises infrastructure, in order to gain complete visibility and analyze, predict and prevent cyber security threats in real time. Formulating a robust umbrella of protection against advanced threats, Obrela also ensures for the highest level of resilience, should incidents occur, and security is compromised.

Integrated with our Managed Detection and Response (MDR) service, the OT solution provides advanced threat detection is combined with incident response and remediation including 24×7 monitoring and proactive threat hunting, when needed, in order to significantly reduce the mean time to detect and respond to cyberattacks. Third part leading ICS threat monitoring technology (Scadafence, Claroty) is implemented and effectively integrated with MDR stack and 24×7 operations. The services’ offering includes

  • 24x7x365 Threat Monitoring
  • Incident Detection and Analysis
  • Advanced Threat Analytics
  • Post incident investigation
  • Remote SIRT until incident closure
  • Incident case management system
  • Customer-specific content (use cases) development
  • Log Retention
  • Custom collection components development


If you are interested in a quote please email or give us a call at +44 (0) 203 397 8723

Get a Quote!