Industrial IoT Security: A Next‑Generation Blueprint – Part 2

Trevor Daughney, VP of Product Marketing at Exabeam

The digital transformation of industrial assets has made it clear that protecting connected OT environments is essential. Cyberattacks that halt production, damage plant equipment, or expose sensitive data are increasingly targeting industrial control systems (ICS). Trevor Daughney, Vice President of Product Marketing at Exabeam, emphasizes that the stakes are higher than ever.

In the first part of this series, we highlighted the growing threat landscape. Now we explore how IT and OT teams can break down silos, identify vulnerabilities, and close gaps together. A collaborative approach gives each team a holistic view of the OT–IT interdependencies and the wider industrial ecosystem—including suppliers, vendors, and partners.

Air‑Gapped Systems Are Not a Long‑Term Solution

Many organizations still rely on air‑gapping—isolating legacy OT systems from networks—to counter cyber threats. While this can offer short‑term protection, it falls short in the face of sophisticated malware. The Stuxnet worm, for instance, bypassed an air‑gap via an infected USB stick, demonstrating that isolation alone is insufficient.

Moreover, air‑gapping severely limits the ability to leverage real‑time data that can reduce costs, cut downtime, and boost efficiency. Modern architectures often connect legacy OT to the internet for advanced command and control, and statistics show that 40% of industrial sites have at least one direct link to the public internet—exposing OT networks to adversaries and malware.

Confronting Complexity in OT Environments

Security solutions built for corporate IT environments were never designed to manage the intricacies of today’s connected OT ecosystems. Industrial IoT (IIoT) devices operate on specific ports, IP ranges, and schedules—behaviors that are invisible to traditional IT monitoring tools. Without visibility into OT network events, organizations lack a comprehensive view of risks, vulnerabilities, and potential infiltration points, weakening their rapid threat detection and response capabilities.

Security teams are now facing a growing number of threat actors that target control systems across multiple industries.

Mitigating Device Risks with UEBA

Effective OT device monitoring is achievable through User Entity Behaviour Analytics (UEBA). These devices exhibit predictable patterns—specific ports, IP addresses, and operating times. UEBA models a baseline of normal behavior across users and devices, and then flags anomalies that deviate from this baseline.

When integrated with a Security Information and Event Management (SIEM) platform, UEBA provides comprehensive, real‑time monitoring of both IT and OT assets. This eliminates the need to manually sift through thousands of logs per second from a single OT control point, accelerating the detection of indicators of compromise.

Adopting an Integrated Security Strategy

To protect industrial operations, companies must move beyond point solutions and embrace an integrated security architecture that combines UEBA with a modern SIEM. This delivers an enterprise‑wide view of IT and OT security, enabling centralized monitoring that captures sophisticated threat techniques such as lateral movement.

With this approach, a single Security Operations Center (SOC) can ingest and analyze data from all sources, providing real‑time visibility into every device in the OT environment.

The author is Trevor Daughney, vice president of Product Marketing at Exabeam.