Nation-State<\/strong>: Notable campaigns include Voltzite OT information theft and the IOControl campaign.<\/li>\n<\/ul>\nThis threat landscape was notably depicted by Chris Sistrunk, ICS\/OT Technical Leader at Mandiant, Google Cloud Security, at Black Hat 2025:<\/p>\n
![\"\"](\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2025\/09\/SOCOT1_EN14.png\")
<\/p>\n
Given this increasing threat landscape targeting OT, continuous monitoring is essential. So, we know why industrial information systems need to be closely monitored, and we also know that our clients are actively working toward that goal. But one key question remains: how do we measure the effectiveness of detection?<\/strong><\/em> And how can we improve it?<\/p>\nHow to assess the effectiveness and improve detection on industrial perimeter?<\/h1>\n
To answer that question, we developed a methodology aimed at evaluating detection capabilities within industrial SOCs.<\/p>\n
The evaluation was built around the core activities of a SOC, structured into four pillars:<\/p>\n
![\"\"](\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2025\/09\/SOCOT1_EN1.png\")
<\/p>\n
Using this framework, we assessed ~15 industrial clients<\/strong> to better understand their level of maturity. In this article, we\u2019ll share the key trends and insights that emerged<\/strong>, focusing specifically on detection-related questions. Two follow-up articles will be published: one delving into the effectiveness of various detection strategies and solutions, and another explaining how to test detection capabilities in industrial environments with purple teaming and the custom modules developed for that purpose.<\/p>\nGovernance & Strategy<\/h2>\n
The first question we focused on was whether industrial sites monitoring is handled by a dedicated team using specialized tools \u2014 or if, on the contrary, it’s integrated into a broader, centralized SOC approach.<\/p>\n
Responses are unanimous:<\/p>\n
![\"\"](\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2025\/09\/SOCOT1_EN2-1.png\")
<\/p>\n
These figures can be explained by several factors. One key reason is financial rationalization<\/strong>. Maintaining two separate teams with similar skill sets: managing alerts, configuring tools, duplicating capabilities\u2026 is costly. However, a unified SOC implies an extended scope to cover OT<\/strong>, but not the presence of OT-specific tools or expertise and in the end, OT detection capabilities.<\/p>\nEven if this approach does not guarantee effective detection and response across the OT scope, a unified SOC can manage OT incidents efficiently, under the right conditions:<\/p>\n
End-to-end monitoring<\/h3>\n
If we look closely at the simplified threat landscape, cyberattacks might not be IT or OT-specific. Cybercrime such as ransomware, the dominant threat today, is not limited to IT or OT alone. It often spreads across both, making it essential for alerts to be followed from end-to-end.<\/p>\n
In the end, unifying the detection teams & tools make sense as attacks are not necessarily exclusively IT or OT. <\/strong><\/p>\nLink with industrial sites<\/h3>\n
Response time & information sharing is crucial in cyber incidents. As most security teams are centralized in a unique location, there is a need for a link between central security teams and local industrial sites<\/strong> in cyber incident response process:<\/p>\n\n- This relay is familiar with industrial sites, their specific characteristics, operational context, and modes of functioning<\/li>\n
- They also maintain contact on-site to quickly gather the information required for triage, doubt resolution or investigation<\/li>\n
- In addition, in global organizations, having resources in the right time zones and ability to communicate in the local language is key, especially in the industrial world<\/li>\n<\/ul>\n
Referred to as Cyber-OT Referents, these relays play an active role in the incident resolution process<\/strong>, particularly during investigation and remediation:<\/p>\n![\"\"](\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2025\/09\/SOCOT1_EN3.png\")
<\/p>\n
In conclusion, even though unified SOC covering IT and OT<\/strong> are often driven by cost optimization, the model makes sense considering that many threats span both domains. Still, this must not be treated as a simple extension of the perimeter to cover, dedicated OT relays and expertise are essential<\/strong> to properly handle industrial-specific contexts.<\/p>\nTooling<\/h2>\n
When it comes to tooling, we observed that 100% of our clients have detection tools deployed on the IT side. However, only one-third extend monitoring down to the lower layers of the industrial environment.<\/p>\n
![\"\"](\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2025\/09\/SOCOT1_EN4.png\")
<\/p>\n
Detection sources covering different levels of the Purdue model<\/em><\/p>\nWe will focus on popular solutions to address detection in industrial environments: EDR and OT probes.<\/p>\n
2.2.1 EDR<\/h3>\n
Few figures regarding EDR:<\/p>\n
![\"\"](\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2025\/09\/SOCOT1_EN5.png\")
<\/p>\n
Most of our clients have started deploying EDR in their industrial environments.<\/p>\n
However, this does not mean that 100% of EDR-compatible OT machines are covered.<\/p>\n
For environments that support it, extending EDR coverage allows to:<\/p>\n
\n- Address low maturity: Start with tools that are easier to implement and require less maturity.<\/li>\n
- Broad coverage: Focus on quickly covering a wide range of systems, sites, and critical applications.<\/li>\n
- Leverage IT tools: Use IT-based solutions like EDR for effective detection without heavy infrastructure requirements.<\/li>\n<\/ul>\n
To do so, most organizations opt to use the same EDR solution for both IT and OT environments. It enables faster rollout thanks to a known and already-integrated tool. Depending on needs and\u00a0available resources, a different solution may be selected to improve resilience and OT-compatibility.<\/p>\n
![\"\"](\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2025\/09\/SOCOT1_EN6-e1758784575390.png\")
<\/p>\n
To conclude, with IT\/OT convergence, deploying EDR Agents on OT Servers and Workstations<\/strong> is becoming increasingly relevant, and a quick win for OT detection<\/strong>, according to our clients\u2019 feedback.<\/p>\nOT Probes<\/h3>\n
Few figures regarding probes:<\/p>\n
![\"\"](\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2025\/09\/SOCOT1_EN7.png\")
<\/p>\n
When it comes to probes, the gap between these two figures highlights the challenge of deploying probes at scale<\/strong> and effectively using them for detection in industrial networks.<\/p>\nIndeed, probes collect and correlate information through network traffic capture. To be effective, their deployment requires carefully selecting listening points based on the intended targets. Listening points need to be tailored to each site architecture, often limited by local team’s knowledge and lack of documentation.<\/p>\n
Operating these probes also comes with challenges and requires a significant workload<\/strong>. They tend to generate a high number of false positives, which means teams must create tailored detection rules and playbooks to filter and respond effectively.<\/p>\nIn the end, OT Probes may be popular, but deployment and tuning costs and resources limit their full utilization.<\/strong><\/p>\nStart basic with OT detection tools<\/h3>\n
In the end, for OT detection, we believe in starting basic by leveraging \u201cIT\u201d tools to ensure a first level of coverage across all sites, critical apps, and infrastructure:<\/p>\n
\n- Prioritize critical assets<\/strong>: Focus on key systems (MES, safety tools, network) essential for production, ensuring they are closely monitored before extending deployment to the lower levels of the Purdue model.<\/li>\n
- Implement basic detection<\/strong>: Establish foundational detection across sites and infrastructure for early issue identification, before advancing to complex OT solutions.<\/li>\n<\/ul>\n
Training & Testing<\/h2>\n
Detection does not rely on deploying tools alone; we will focus here on team’s ability to use them effectively.<\/p>\n
A need for more OT-specific knowledge<\/h3>\n
Benchmark figures revealed a limited understanding and adaptation of both teams and processes to industrial environments:<\/p>\n
![\"\"](\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2025\/09\/SOCOT1_EN8.png\")
<\/p>\n
To bridge the gap, teams need training tailored to industrial contexts, basic for all SOC analysts, and in-depth for OT specialists.<\/p>\n
![\"\"](\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2025\/09\/SOCOT1_EN9.png\")
<\/p>\n
In the same way, investigation and response processes must also be adapted<\/strong> to address the specific needs of industrial environments, where priorities such as availability differ from those in the IT world.<\/p>\n![\"\"](\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2025\/09\/SOCOT1_EN10.png\")
<\/p>\n
Test your detection!<\/h3>\n
Finally, improving detection starts with evaluating it but today \u2026<\/p>\n
![\"\"](\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2025\/09\/SOCOT1_EN11-1.png\")
<\/p>\n
Only a small minority test their real detection capabilities, but we believe that there is room for purple team exercise in OT<\/strong>. These collaborative exercises with the OT SOC, tailored to its maturity and goals, can test and enhance both detection tools and OT SOC processes.<\/strong><\/p>\n![\"\"](\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2025\/09\/SOCOT1_EN12.png\")
<\/p>\n
It can start simple: by selecting appropriate production environments and performing a few basic tests like inserting a USB key with a standard malware sample or attempting a couple of privilege escalation actions\u2026 we can evaluate whether the EDR deployed on a workstation connected to your SOC will trigger an investigation.<\/p>\n
This exercise helps identify the blind spots and adjust tooling, process and playbooks<\/strong> accordingly.<\/p>\nConclusion: How to enhance the overall low maturity in detection for industrial systems?<\/h1>\n
The benchmark\u2019s first conclusion is clear: maturity levels are low<\/strong>, and this is a consistent answer across all collected responses. How to enhance this overall low maturity in detection for industrial systems?<\/p>\nHere are the key outcomes<\/strong> regarding the three topics covered in this article:<\/p>\n![\"\"](\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2025\/09\/SOCOT1_EN13.png\")
<\/p>\n
Do not hesitate to reach out to discuss how you can strengthen your detection capabilities<\/strong> and measure your maturity against the market<\/strong>!<\/p>\n","protected":false},"excerpt":{"rendered":"OT, lower exposure but higher vulnerability Operational Technology, while overall less impacted than IT, is not exempt from cyberthreats & not immune to cyberattacks. Let\u2019s take a closer look at a simplified view of the threat landscape for industrial environments:…<\/p>\n","protected":false},"author":20,"featured_media":27784,"comment_status":"open","ping_status":"closed","sticky":false,"template":"page-templates\/tmpl-one.php","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[2777,3274],"tags":[],"coauthors":[780,4526],"class_list":["post-27774","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cybersecurity-digital-trust","category-manufacturing-industry-4-0-en"],"acf":[],"yoast_head":"\n
Cybersecurity monitoring for OT - Current situation & perspectives - RiskInsight<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.riskinsight-wavestone.com\/en\/2025\/09\/cybersecurity-monitoring-for-ot-current-situation-perspectives\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Cybersecurity monitoring for OT - Current situation & perspectives - RiskInsight\" \/>\n<meta property=\"og:description\" content=\"OT, lower exposure but higher vulnerability Operational Technology, while overall less impacted than IT, is not exempt from cyberthreats & not immune to cyberattacks. Let\u2019s take a closer look at a simplified view of the threat landscape for industrial environments:...\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.riskinsight-wavestone.com\/en\/2025\/09\/cybersecurity-monitoring-for-ot-current-situation-perspectives\/\" \/>\n<meta property=\"og:site_name\" content=\"RiskInsight\" \/>\n<meta property=\"article:published_time\" content=\"2025-09-25T11:20:39+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2025-09-25T11:20:41+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2025\/09\/lianhao-qu-LfaN1gswV5c-unsplash-scaled.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"2560\" \/>\n\t<meta property=\"og:image:height\" content=\"1721\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Arnaud Soulli\u00e9, Juliette BARBIER\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Arnaud Soulli\u00e9, Juliette BARBIER\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"11 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/2025\/09\/cybersecurity-monitoring-for-ot-current-situation-perspectives\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/2025\/09\/cybersecurity-monitoring-for-ot-current-situation-perspectives\/\"},\"author\":{\"name\":\"Arnaud Soulli\u00e9\",\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/#\/schema\/person\/8ba5826fcf8223b1c6c350c1d1fffc79\"},\"headline\":\"Cybersecurity monitoring for OT – Current situation & perspectives\",\"datePublished\":\"2025-09-25T11:20:39+00:00\",\"dateModified\":\"2025-09-25T11:20:41+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/2025\/09\/cybersecurity-monitoring-for-ot-current-situation-perspectives\/\"},\"wordCount\":1405,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/#organization\"},\"image\":{\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/2025\/09\/cybersecurity-monitoring-for-ot-current-situation-perspectives\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2025\/09\/lianhao-qu-LfaN1gswV5c-unsplash-scaled.jpg\",\"articleSection\":[\"Cybersecurity & Digital Trust\",\"Manufacturing & Industry 4.0\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\/\/www.riskinsight-wavestone.com\/en\/2025\/09\/cybersecurity-monitoring-for-ot-current-situation-perspectives\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/2025\/09\/cybersecurity-monitoring-for-ot-current-situation-perspectives\/\",\"url\":\"https:\/\/www.riskinsight-wavestone.com\/en\/2025\/09\/cybersecurity-monitoring-for-ot-current-situation-perspectives\/\",\"name\":\"Cybersecurity monitoring for OT - Current situation & perspectives - RiskInsight\",\"isPartOf\":{\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/2025\/09\/cybersecurity-monitoring-for-ot-current-situation-perspectives\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/2025\/09\/cybersecurity-monitoring-for-ot-current-situation-perspectives\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2025\/09\/lianhao-qu-LfaN1gswV5c-unsplash-scaled.jpg\",\"datePublished\":\"2025-09-25T11:20:39+00:00\",\"dateModified\":\"2025-09-25T11:20:41+00:00\",\"breadcrumb\":{\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/2025\/09\/cybersecurity-monitoring-for-ot-current-situation-perspectives\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.riskinsight-wavestone.com\/en\/2025\/09\/cybersecurity-monitoring-for-ot-current-situation-perspectives\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/2025\/09\/cybersecurity-monitoring-for-ot-current-situation-perspectives\/#primaryimage\",\"url\":\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2025\/09\/lianhao-qu-LfaN1gswV5c-unsplash-scaled.jpg\",\"contentUrl\":\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2025\/09\/lianhao-qu-LfaN1gswV5c-unsplash-scaled.jpg\",\"width\":2560,\"height\":1721},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/2025\/09\/cybersecurity-monitoring-for-ot-current-situation-perspectives\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Accueil\",\"item\":\"https:\/\/www.riskinsight-wavestone.com\/en\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Cybersecurity monitoring for OT – Current situation & perspectives\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/#website\",\"url\":\"https:\/\/www.riskinsight-wavestone.com\/en\/\",\"name\":\"RiskInsight\",\"description\":\"The cybersecurity & digital trust blog by Wavestone's consultants\",\"publisher\":{\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.riskinsight-wavestone.com\/en\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/#organization\",\"name\":\"Wavestone\",\"url\":\"https:\/\/www.riskinsight-wavestone.com\/en\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2021\/08\/Monogramme\u2013W\u2013NEGA-RGB-50x50-1.png\",\"contentUrl\":\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2021\/08\/Monogramme\u2013W\u2013NEGA-RGB-50x50-1.png\",\"width\":50,\"height\":50,\"caption\":\"Wavestone\"},\"image\":{\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/#\/schema\/logo\/image\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/#\/schema\/person\/8ba5826fcf8223b1c6c350c1d1fffc79\",\"name\":\"Arnaud Soulli\u00e9\",\"url\":\"https:\/\/www.riskinsight-wavestone.com\/en\/author\/arnaud-soullie\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Cybersecurity monitoring for OT - Current situation & perspectives - RiskInsight","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.riskinsight-wavestone.com\/en\/2025\/09\/cybersecurity-monitoring-for-ot-current-situation-perspectives\/","og_locale":"en_US","og_type":"article","og_title":"Cybersecurity monitoring for OT - Current situation & perspectives - RiskInsight","og_description":"OT, lower exposure but higher vulnerability Operational Technology, while overall less impacted than IT, is not exempt from cyberthreats & not immune to cyberattacks. Let\u2019s take a closer look at a simplified view of the threat landscape for industrial environments:...","og_url":"https:\/\/www.riskinsight-wavestone.com\/en\/2025\/09\/cybersecurity-monitoring-for-ot-current-situation-perspectives\/","og_site_name":"RiskInsight","article_published_time":"2025-09-25T11:20:39+00:00","article_modified_time":"2025-09-25T11:20:41+00:00","og_image":[{"width":2560,"height":1721,"url":"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2025\/09\/lianhao-qu-LfaN1gswV5c-unsplash-scaled.jpg","type":"image\/jpeg"}],"author":"Arnaud Soulli\u00e9, Juliette BARBIER","twitter_misc":{"Written by":"Arnaud Soulli\u00e9, Juliette BARBIER","Est. reading time":"11 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.riskinsight-wavestone.com\/en\/2025\/09\/cybersecurity-monitoring-for-ot-current-situation-perspectives\/#article","isPartOf":{"@id":"https:\/\/www.riskinsight-wavestone.com\/en\/2025\/09\/cybersecurity-monitoring-for-ot-current-situation-perspectives\/"},"author":{"name":"Arnaud Soulli\u00e9","@id":"https:\/\/www.riskinsight-wavestone.com\/en\/#\/schema\/person\/8ba5826fcf8223b1c6c350c1d1fffc79"},"headline":"Cybersecurity monitoring for OT – Current situation & perspectives","datePublished":"2025-09-25T11:20:39+00:00","dateModified":"2025-09-25T11:20:41+00:00","mainEntityOfPage":{"@id":"https:\/\/www.riskinsight-wavestone.com\/en\/2025\/09\/cybersecurity-monitoring-for-ot-current-situation-perspectives\/"},"wordCount":1405,"commentCount":0,"publisher":{"@id":"https:\/\/www.riskinsight-wavestone.com\/en\/#organization"},"image":{"@id":"https:\/\/www.riskinsight-wavestone.com\/en\/2025\/09\/cybersecurity-monitoring-for-ot-current-situation-perspectives\/#primaryimage"},"thumbnailUrl":"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2025\/09\/lianhao-qu-LfaN1gswV5c-unsplash-scaled.jpg","articleSection":["Cybersecurity & Digital Trust","Manufacturing & Industry 4.0"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/www.riskinsight-wavestone.com\/en\/2025\/09\/cybersecurity-monitoring-for-ot-current-situation-perspectives\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/www.riskinsight-wavestone.com\/en\/2025\/09\/cybersecurity-monitoring-for-ot-current-situation-perspectives\/","url":"https:\/\/www.riskinsight-wavestone.com\/en\/2025\/09\/cybersecurity-monitoring-for-ot-current-situation-perspectives\/","name":"Cybersecurity monitoring for OT - Current situation & perspectives - RiskInsight","isPartOf":{"@id":"https:\/\/www.riskinsight-wavestone.com\/en\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.riskinsight-wavestone.com\/en\/2025\/09\/cybersecurity-monitoring-for-ot-current-situation-perspectives\/#primaryimage"},"image":{"@id":"https:\/\/www.riskinsight-wavestone.com\/en\/2025\/09\/cybersecurity-monitoring-for-ot-current-situation-perspectives\/#primaryimage"},"thumbnailUrl":"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2025\/09\/lianhao-qu-LfaN1gswV5c-unsplash-scaled.jpg","datePublished":"2025-09-25T11:20:39+00:00","dateModified":"2025-09-25T11:20:41+00:00","breadcrumb":{"@id":"https:\/\/www.riskinsight-wavestone.com\/en\/2025\/09\/cybersecurity-monitoring-for-ot-current-situation-perspectives\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.riskinsight-wavestone.com\/en\/2025\/09\/cybersecurity-monitoring-for-ot-current-situation-perspectives\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.riskinsight-wavestone.com\/en\/2025\/09\/cybersecurity-monitoring-for-ot-current-situation-perspectives\/#primaryimage","url":"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2025\/09\/lianhao-qu-LfaN1gswV5c-unsplash-scaled.jpg","contentUrl":"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2025\/09\/lianhao-qu-LfaN1gswV5c-unsplash-scaled.jpg","width":2560,"height":1721},{"@type":"BreadcrumbList","@id":"https:\/\/www.riskinsight-wavestone.com\/en\/2025\/09\/cybersecurity-monitoring-for-ot-current-situation-perspectives\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Accueil","item":"https:\/\/www.riskinsight-wavestone.com\/en\/"},{"@type":"ListItem","position":2,"name":"Cybersecurity monitoring for OT – Current situation & perspectives"}]},{"@type":"WebSite","@id":"https:\/\/www.riskinsight-wavestone.com\/en\/#website","url":"https:\/\/www.riskinsight-wavestone.com\/en\/","name":"RiskInsight","description":"The cybersecurity & digital trust blog by Wavestone's consultants","publisher":{"@id":"https:\/\/www.riskinsight-wavestone.com\/en\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.riskinsight-wavestone.com\/en\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.riskinsight-wavestone.com\/en\/#organization","name":"Wavestone","url":"https:\/\/www.riskinsight-wavestone.com\/en\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.riskinsight-wavestone.com\/en\/#\/schema\/logo\/image\/","url":"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2021\/08\/Monogramme\u2013W\u2013NEGA-RGB-50x50-1.png","contentUrl":"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2021\/08\/Monogramme\u2013W\u2013NEGA-RGB-50x50-1.png","width":50,"height":50,"caption":"Wavestone"},"image":{"@id":"https:\/\/www.riskinsight-wavestone.com\/en\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/www.riskinsight-wavestone.com\/en\/#\/schema\/person\/8ba5826fcf8223b1c6c350c1d1fffc79","name":"Arnaud Soulli\u00e9","url":"https:\/\/www.riskinsight-wavestone.com\/en\/author\/arnaud-soullie\/"}]}},"_links":{"self":[{"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/posts\/27774","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/users\/20"}],"replies":[{"embeddable":true,"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/comments?post=27774"}],"version-history":[{"count":18,"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/posts\/27774\/revisions"}],"predecessor-version":[{"id":27817,"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/posts\/27774\/revisions\/27817"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/media\/27784"}],"wp:attachment":[{"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/media?parent=27774"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/categories?post=27774"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/tags?post=27774"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/coauthors?post=27774"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}