Firewall on the Factory Floor: NetWitness and DeepInspect Join Forces to Unmask Hidden Industrial Threats

When a railway operator’s control system is just as vulnerable as its HR email server, the stakes for cybersecurity reach a new high. In a move that signals the end of “business as usual” for critical infrastructure security, NetWitness and DeepInspect have announced a partnership to unify threat detection across both enterprise IT and the industrial world of operational technology (OT).

Fast Facts

• NetWitness and DeepInspect are integrating their platforms to monitor both IT and OT environments.
• The partnership enables real-time analysis of industrial protocol telemetry within the NetWitness system.
• Unified detection helps identify attacks moving laterally between enterprise and industrial networks.
• The solution aligns with every stage of the NIST Cybersecurity Framework, ensuring operational compliance.
• Already deployed in critical infrastructure, including a major railway operator.

Bridging the Cybersecurity Gap Between IT and OT

For decades, industrial operators assumed their networks were safe behind physical barriers and proprietary protocols. But as factories, railways, and power grids connect to corporate IT systems for efficiency, they also inherit the same cyber risks that plague office networks - from ransomware to nation-state hackers.

NetWitness, a long-time player in threat detection, and DeepInspect, known for its expertise in industrial networks, are now combining strengths. The core of the partnership is technical integration: DeepInspect’s specialized sensors capture granular OT data, including industrial protocol traffic. This telemetry is then fed directly into the NetWitness platform, where advanced analytics correlate it with traditional IT logs and network packets.

The result? Security teams can, for the first time, view suspicious commands on a factory floor and anomalous logins in the back office from a single dashboard. This unified view is crucial, as attackers increasingly exploit the “soft underbelly” of OT to pivot into enterprise systems - or vice versa - often leaving defenders blind to their movements.

“Organizations can no longer treat IT and operational technology as separate security domains,” says John Pirc, NetWitness’s chief product and technology officer. Instead, the new integration brings context and speed: alerts, investigations, and forensic data from both worlds are consolidated, reducing the time it takes to spot and stop a breach that could halt production lines or compromise public safety.

Marco Lombardi, CEO of DeepInspect, underscores the urgency: “The integrated solution meets the growing need for unified IT and OT security and has already proven its value in real-world deployments, securing key industrial infrastructures.”

The approach is more than just compliance theater. By mapping directly to the Identify, Detect, Protect, Respond, and Recover stages of the NIST Cybersecurity Framework, the solution promises not just theoretical security, but real, operational resilience.

Looking Ahead: A New Security Playbook for Industry

As the line between IT and OT blurs, the old playbooks are obsolete. This NetWitness–DeepInspect partnership is an early warning: industrial operators must prepare for a new era where cyberattacks don’t just threaten data, but the machinery and services society relies on. The firewall, it seems, must now extend to the factory floor.

WIKICROOK

• Operational Technology (OT): Operational Technology (OT) includes computer systems that control industrial equipment and processes, often making them more vulnerable than traditional IT systems.
• Telemetry: Telemetry is the automated sending of data from devices or software to monitor performance and security in real time, aiding quick issue detection.
• Lateral Movement: Lateral movement is when attackers, after breaching a network, move sideways to access more systems or sensitive data, expanding their control and reach.
• NIST Cybersecurity Framework: A set of guidelines by NIST to help organizations identify, manage, and reduce cybersecurity risks across industries and sectors.
• Packet Analytics: Packet analytics is the examination of network data packets to detect anomalies, threats, or malicious activity for improved cybersecurity and network performance.