EmberOT’s cover photo
EmberOT

EmberOT

Computer and Network Security

About us

Visibility and Security for Critical Infrastructure

Website
https://www.emberot.com/
Industry
Computer and Network Security
Company size
2-10 employees
Headquarters
Chandler
Type
Privately Held
Specialties
Cyber Security, Cybersecurity, Industrial Cybersecurity, OT Security, and OT Visibility

Locations

Updates

  • This week's EmberOT article looks at OT credential abuse: when an attacker uses a legitimate account, vendor connection, remote-access pathway, or service credential to enter an industrial environment. The login may look authorized. The behavior afterward tells the real story. That matters because scanners are built to find broken things: exposed services, missing patches, weak configurations. They're not likely to catch a valid credential being used by the wrong person. In OT, the advantage is knowing what normal looks like. Which engineering workstation talks to which controllers. Which vendor account reaches which systems. Which commands belong, and which patterns do not. Credential abuse is hard to catch at the door. It becomes visible when teams can see what happens after the door opens. Read the article at https://lnkd.in/gyh-qSuA #OTsecurity #ICSsecurity #CredentialAbuse

    • Industrial control system workstation and network equipment. Text reads: “OT Credential Abuse: They Logged In. They Didn’t Break In.” EmberOT logo in lower right.
  • “AI-powered” doesn't tell an OT defender enough. A statistical rule, a machine learning model, an AI-driven workflow, and an LLM often get grouped under the same label. But in an industrial environment, the differences matter. When will it alert? Why did it fire? Could a safety engineer sign off on that answer? Those questions matter more as a system gets closer to the physical process. In this week's EmberOT article, Rishabh Das, Ph.D. looks at statistics, machine learning, AI, and LLMs through what he calls the transparency curve: as capability and pattern-finding power increase, the ability to point to a single, auditable reason often decreases. Read the full article at https://lnkd.in/gzUfvPRC #OTsecurity #ICSsecurity #AIinOT

    • Blog title graphic with a close-up of a computer keyboard. Text reads: “The Transparency Curve: Understanding Statistics, Machine Learning, LLMs, and AI in OT Cybersecurity.” Features Dr. Rishabh Das and the EmberOT logo.
  • Agentic AI is moving into operational workflows quickly. That creates a real opportunity for OT teams, but it also creates a new identity problem. In this week's EmberOT article, Jori VanAntwerp uses a Mega Man analogy to make the point: the helpers you bring in to make work easier can become risky fast when they're over-permissioned, untracked, or trusted without monitoring. The discipline around identity, least privilege, and passive visibility is what keeps the AI helpers from becoming someone else’s tools down the road. https://lnkd.in/gfuGyuYW #OTsecurity #ICSsecurity #Ember #AI

    • A warm amber-toned title graphic with a softly blurred industrial or operational technology background featuring vertical equipment silhouettes. Centered text reads: “Agentic AI in OT: An Army of Helpers You Never Hired.” In the lower-left corner is a headshot of Jori VanAntwerp with the text: “EmberOT Founder & CEO.” The EmberOT logo appears in the lower-right corner.
  • AI in OT security has become one of the loudest topics in the room. In his latest article, Rishabh Das, Ph.D. brings the conversation back to practical use cases across the Purdue Model. The key point: LLMs in OT security are most useful as a translation and synthesis layer. They help humans make sense of existing detections faster by turning logs, alerts, historian data, and model outputs into language operators and analysts can use. That matters at every layer, from PLC logic review and alarm flood summarization to incident timelines, IOC enrichment, and natural-language queries over OT data. For teams evaluating AI in OT, this is a grounded look at where LLMs fit, where existing ML already does the detection work, and why human understanding still matters closest to the process. 🔗 https://lnkd.in/gHEpKr8C #Ember #AI #OTsecurity #ICSsecurity #AIinOT

    • A dark, technology-themed title graphic featuring a glowing abstract neural network or AI visualization radiating outward from a central sphere on a black background. Overlaid text reads: “LLMs in OT Security: Translation Layer, Not Detection Layer.” In the lower-left corner is a headshot of Dr. Rishabh Das with the text: “Critical Infrastructure Cybersecurity Researcher, Assistant Professor, Ohio University.” The EmberOT logo appears in the lower-right corner.
  • INSM conversations can get crowded fast: NERC, FERC, NIST, NIS2, CIP-015-1, CIP-015-2, trust zones, east-west flows, retention, evidence protection. The work gets clearer when teams start by drawing the map. Our latest article looks at how to map INSM in OT environments in a way that supports both security operations and regulatory expectations. The focus is on four practical questions: Where are your trust zones? What flows inside them? What does normal look like? What happens when something meaningful deviates? For many teams, the hardest part is naming the dark territory honestly: remote sites, Level 1 and 2 networks, vendor-managed segments, legacy systems, and places where the physical process lives but visibility is thin. October 1, 2028 is closer than it feels. The teams that will be ready are the ones mapping now. https://lnkd.in/dhWpvFgs #OTsecurity #ICSsecurity

    • A dark amber-toned image of an urban rail or transit infrastructure corridor at dusk. Overhead electrical lines, utility poles, and rail signaling equipment create a network of intersecting lines against a glowing sunset sky. Silhouetted buildings frame the scene on both sides, while illuminated infrastructure elements draw the eye toward the horizon. Overlaid text reads: “Lighting the Map: Mapping INSM in OT.” The EmberOT logo appears in the lower-right corner.
  • In Part 2 of our series on the Purdue Model and IEC 62443, we look at what strong OT segmentation actually does in real environments: separates systems by risk, controls communication between zones, supports containment, creates visibility across conduits, and leaves behind documentation that survives staff turnover. Most mature programs are not pure Purdue or pure IEC 62443. They're hybrids shaped by sector requirements, operational constraints, regulatory pressure, and the systems already in place. The important question isn't which framework looks best on a slide. It's whether your segmentation is effective. Read Part 2 here: https://lnkd.in/gSuJqwx3

    • EmberOT-branded blog header image with a dark navy industrial/cyber-style background and abstract fiber-optic lines. Centered white text reads, “OT Segmentation: Why the Framework Matters Less Than the Discipline.” The EmberOT logo appears near the bottom right.
  • The Purdue Model and IEC 62443 often show up in the same OT security conversations, especially around segmentation. They are not interchangeable. Purdue gives teams a shared architecture language. IEC 62443 gives teams a security methodology with zones, conduits, and security levels based on risk. Both are useful. Confusing their roles can lead to messy conversations, weak assumptions, and security plans that look structured without being specific enough. In Part 1 of this series, we explain what each framework actually does, where they overlap, and why teams need both vocabulary and methodology when building segmentation strategies. Read the article here: https://lnkd.in/gxiJvihr #OTsecurity #IEC62443

    • Inside a warm, bustling fantasy tavern lit by lanterns and fireplaces, a group of adventurers gathers around a large wooden table covered with maps, notes, dice, and planning tools. One character points at the map while the others study routes and discuss strategy, symbolizing collaborative planning and phased execution. A glowing phoenix perched above the group illuminates the room with EmberOT’s signature orange glow. The tavern is filled with additional travelers, wooden beams, banners, clocks, and intricate fantasy décor, creating the feeling of a central planning hub before a major quest.
  • CIP-015 compliance is already creating hard conversations for utilities, especially when the first quotes come back loaded with hardware, SPAN port work, enterprise licensing, and consulting costs. For mid-size co-ops, municipal utilities, and G&Ts, the path forward doesn't have to start with a massive rollout. Jori VanAntwerp shares a more rational way to approach CIP-015 and internal network security monitoring without cold-lifting a 500-pound program on day one. Read the article at https://lnkd.in/g_MFXXGS #OTsecurity #CIP015 #ICSsecurity

    • Graphic for the CIP-015 Compliance on a Budget blog shows a scene inside a warm, bustling fantasy tavern lit by lanterns and fireplaces, where a group of adventurers gathers around a large wooden table covered with maps, notes, dice, and planning tools. One character points at the map while the others study routes and discuss strategy, symbolizing collaborative planning and phased execution. A glowing phoenix perched above the group illuminates the room with EmberOT’s signature orange glow. The tavern is filled with additional travelers, wooden beams, banners, clocks, and intricate fantasy décor, creating the feeling of a central planning hub before a major quest.
  • Perimeter defenses got many OT security programs through the early game, and the "final boss" for true visibility is east-west traffic. In his latest article, Jori VanAntwerp writes about the lateral communication inside the OT trust zone: PLC to PLC, HMI to RTU, SCADA to field devices, engineering workstations to protective relays. That is where operations live. It's also where many monitoring programs have the least visibility. Jori covers why traditional IT flow monitoring often misses the point in OT, why Purdue Levels 1 and 2 matter so much, and why continuous visibility needs to work passively without creating new risk for the process. https://lnkd.in/gjtxziVt #OTsecurity #ICSsecurity

    • Image for the EmberOT East-West Traffic blog that depicts an epic fantasy-style industrial city stretches across the horizon at sunrise, filled with towering smokestacks, pipes, bridges, and sprawling infrastructure that resembles a massive steampunk OT environment. In the foreground, three adventurers stand on a stone overlook surveying the city below. One warrior has a glowing phoenix perched on their shoulder, while another carries a staff and the third holds a sword and wears a flowing red cape. A second phoenix flies high above the city in the golden sky. The image symbolizes the complexity and scale of east-west OT traffic inside operational environments, portraying the “final boss” challenge as navigating the vast interconnected systems hidden within critical infrastructure networks.
  • The OT analyst role is changing, and the teams that recognize it early will have an advantage. In this week's article (part 2 of the series), Jori VanAntwerp makes the case for the cross-disciplinary OT analyst: someone who can combine cybersecurity fundamentals, OT and ICS depth, and AI/data fluency. That mix is going to matter as AI accelerates vulnerability discovery and analysis. The bottleneck for OT teams lies not in finding more issues, but in validating what matters, understanding the operational context, and choosing mitigations that work in actual environments. The strongest defense is still human judgment, especially when that judgment is grounded in process knowledge, protocol fluency, and the ability to challenge AI output instead of accepting it at face value. https://lnkd.in/eGhgp3SV #OTsecurity #ICSsecurity

    • A futuristic industrial environment where a technician stands inside a dark OT facility surrounded by electrical equipment, control systems, and glowing instrumentation. In front of the operator is a large holographic-style network visualization composed of orange data lines, diagrams, and connected nodes forming the shape of a phoenix. The technician reaches toward the glowing display as if interacting with a live OT monitoring or analytics system.

Similar pages

Browse jobs