Xona Systems launched Active Defense, a new feature that allows organizations to automatically block threats in real time during remote access sessions in operational technology (OT) environments. Traditionally, the time between detecting suspicious activity and taking action can range from minutes to hours, leaving attackers connected to critical systems. Active Defense eliminates this delay, stopping threats immediately.
Remote connectivity is now essential for operating and maintaining critical infrastructure across sectors, including energy, manufacturing, transportation, and water utilities. At the same time, remote access pathways are frequently targeted by attackers seeking to gain entry into operational environments. Recent advisories from CISA have highlighted nation-state actors specifically targeting remote access pathways into water, energy, and other critical infrastructure sectors, making the ability to act on detection signals in real time an operational necessity.
“Detection without enforcement leaves critical infrastructure exposed,” said Raed Albuliwi, Chief Product Officer at Xona Systems. “Active Defense gives security teams the ability to act in the same moment a threat is identified, not after a manual process has run its course.”
The capability integrates with OT Asset Visibility & Vulnerability Platforms, connecting OT detection signals directly to session-level enforcement through the Xona Secure Remote Access platform. When suspicious behavior is identified, detection events are correlated and evaluated against policy before enforcement actions are applied, including step-up authentication, session suspension, scoped access restrictions, or session termination.
The system also supports correlation-driven escalation, allowing multiple lower-severity events to combine into higher-severity enforcement decisions. By evaluating patterns, frequency, and recency of security events, organizations can apply proportional responses to suspicious activity while reducing the likelihood of false positives.
Unlike approaches that rely on network-level controls that can disrupt sensitive operational systems, Active Defense allows organizations to intervene through secure remote access session management while minimizing the risk of operational disruption.
Active Defense is available as part of the Xona Secure Remote Access platform, which supports deployments in on-premises and hybrid OT environments.
Xona will showcase Active Defense at the upcoming RSA Conference, where attendees can learn more about how organizations are strengthening defenses around remote access to critical infrastructure systems.
Related News:
Nozomi Networks: OT/IoT Cybersecurity Enters Next Growth Phase After Acquisition
Nozomi Networks Named Leader in CPS Protection Platforms Magic Quadrant
