This week's EmberOT article looks at OT credential abuse: when an attacker uses a legitimate account, vendor connection, remote-access pathway, or service credential to enter an industrial environment. The login may look authorized. The behavior afterward tells the real story. That matters because scanners are built to find broken things: exposed services, missing patches, weak configurations. They're not likely to catch a valid credential being used by the wrong person. In OT, the advantage is knowing what normal looks like. Which engineering workstation talks to which controllers. Which vendor account reaches which systems. Which commands belong, and which patterns do not. Credential abuse is hard to catch at the door. It becomes visible when teams can see what happens after the door opens. Read the article at https://lnkd.in/gyh-qSuA #OTsecurity #ICSsecurity #CredentialAbuse
About us
Visibility and Security for Critical Infrastructure
- Website
-
https://www.emberot.com/
External link for EmberOT
- Industry
- Computer and Network Security
- Company size
- 2-10 employees
- Headquarters
- Chandler
- Type
- Privately Held
- Specialties
- Cyber Security, Cybersecurity, Industrial Cybersecurity, OT Security, and OT Visibility
Locations
-
Primary
Get directions
Chandler, US
Updates
-
“AI-powered” doesn't tell an OT defender enough. A statistical rule, a machine learning model, an AI-driven workflow, and an LLM often get grouped under the same label. But in an industrial environment, the differences matter. When will it alert? Why did it fire? Could a safety engineer sign off on that answer? Those questions matter more as a system gets closer to the physical process. In this week's EmberOT article, Rishabh Das, Ph.D. looks at statistics, machine learning, AI, and LLMs through what he calls the transparency curve: as capability and pattern-finding power increase, the ability to point to a single, auditable reason often decreases. Read the full article at https://lnkd.in/gzUfvPRC #OTsecurity #ICSsecurity #AIinOT
-
-
Agentic AI is moving into operational workflows quickly. That creates a real opportunity for OT teams, but it also creates a new identity problem. In this week's EmberOT article, Jori VanAntwerp uses a Mega Man analogy to make the point: the helpers you bring in to make work easier can become risky fast when they're over-permissioned, untracked, or trusted without monitoring. The discipline around identity, least privilege, and passive visibility is what keeps the AI helpers from becoming someone else’s tools down the road. https://lnkd.in/gfuGyuYW #OTsecurity #ICSsecurity #Ember #AI
-
-
AI in OT security has become one of the loudest topics in the room. In his latest article, Rishabh Das, Ph.D. brings the conversation back to practical use cases across the Purdue Model. The key point: LLMs in OT security are most useful as a translation and synthesis layer. They help humans make sense of existing detections faster by turning logs, alerts, historian data, and model outputs into language operators and analysts can use. That matters at every layer, from PLC logic review and alarm flood summarization to incident timelines, IOC enrichment, and natural-language queries over OT data. For teams evaluating AI in OT, this is a grounded look at where LLMs fit, where existing ML already does the detection work, and why human understanding still matters closest to the process. 🔗 https://lnkd.in/gHEpKr8C #Ember #AI #OTsecurity #ICSsecurity #AIinOT
-
-
INSM conversations can get crowded fast: NERC, FERC, NIST, NIS2, CIP-015-1, CIP-015-2, trust zones, east-west flows, retention, evidence protection. The work gets clearer when teams start by drawing the map. Our latest article looks at how to map INSM in OT environments in a way that supports both security operations and regulatory expectations. The focus is on four practical questions: Where are your trust zones? What flows inside them? What does normal look like? What happens when something meaningful deviates? For many teams, the hardest part is naming the dark territory honestly: remote sites, Level 1 and 2 networks, vendor-managed segments, legacy systems, and places where the physical process lives but visibility is thin. October 1, 2028 is closer than it feels. The teams that will be ready are the ones mapping now. https://lnkd.in/dhWpvFgs #OTsecurity #ICSsecurity
-
-
In Part 2 of our series on the Purdue Model and IEC 62443, we look at what strong OT segmentation actually does in real environments: separates systems by risk, controls communication between zones, supports containment, creates visibility across conduits, and leaves behind documentation that survives staff turnover. Most mature programs are not pure Purdue or pure IEC 62443. They're hybrids shaped by sector requirements, operational constraints, regulatory pressure, and the systems already in place. The important question isn't which framework looks best on a slide. It's whether your segmentation is effective. Read Part 2 here: https://lnkd.in/gSuJqwx3
-
-
The Purdue Model and IEC 62443 often show up in the same OT security conversations, especially around segmentation. They are not interchangeable. Purdue gives teams a shared architecture language. IEC 62443 gives teams a security methodology with zones, conduits, and security levels based on risk. Both are useful. Confusing their roles can lead to messy conversations, weak assumptions, and security plans that look structured without being specific enough. In Part 1 of this series, we explain what each framework actually does, where they overlap, and why teams need both vocabulary and methodology when building segmentation strategies. Read the article here: https://lnkd.in/gxiJvihr #OTsecurity #IEC62443
-
-
CIP-015 compliance is already creating hard conversations for utilities, especially when the first quotes come back loaded with hardware, SPAN port work, enterprise licensing, and consulting costs. For mid-size co-ops, municipal utilities, and G&Ts, the path forward doesn't have to start with a massive rollout. Jori VanAntwerp shares a more rational way to approach CIP-015 and internal network security monitoring without cold-lifting a 500-pound program on day one. Read the article at https://lnkd.in/g_MFXXGS #OTsecurity #CIP015 #ICSsecurity
-
-
Perimeter defenses got many OT security programs through the early game, and the "final boss" for true visibility is east-west traffic. In his latest article, Jori VanAntwerp writes about the lateral communication inside the OT trust zone: PLC to PLC, HMI to RTU, SCADA to field devices, engineering workstations to protective relays. That is where operations live. It's also where many monitoring programs have the least visibility. Jori covers why traditional IT flow monitoring often misses the point in OT, why Purdue Levels 1 and 2 matter so much, and why continuous visibility needs to work passively without creating new risk for the process. https://lnkd.in/gjtxziVt #OTsecurity #ICSsecurity
-
-
The OT analyst role is changing, and the teams that recognize it early will have an advantage. In this week's article (part 2 of the series), Jori VanAntwerp makes the case for the cross-disciplinary OT analyst: someone who can combine cybersecurity fundamentals, OT and ICS depth, and AI/data fluency. That mix is going to matter as AI accelerates vulnerability discovery and analysis. The bottleneck for OT teams lies not in finding more issues, but in validating what matters, understanding the operational context, and choosing mitigations that work in actual environments. The strongest defense is still human judgment, especially when that judgment is grounded in process knowledge, protocol fluency, and the ability to challenge AI output instead of accepting it at face value. https://lnkd.in/eGhgp3SV #OTsecurity #ICSsecurity
-