Jan Fischer

Passive OT Monitoring: Detect attacks before they become critical

OT cybersecurity in brownfield environments. How Rhebo protects industrial networks through passive monitoring In this episode, Jan Fischer shows how companies can raise their OT security to a new level in a pragmatic way without putting production networks or critical infrastructure at risk. The starting point is historically grown brownfield networks that include legacy protocols such as Profibus or Modbus, unencrypted HTTP communication, forgotten printers or Raspberry Pis on the network, and security components with severely delayed updates. Rhebo’s solution is based on passive monitoring. The software taps into OT network traffic, distinguishes typical from atypical behavior patterns, and reports anomalies at an early stage. An assessment examines the existing infrastructure in depth. Warning signs include unexpected DHCP servers, the appearance of new protocols, data flows leaving the country, or compromised systems following social engineering attacks. A forensics and diagnostics team evaluates the findings and derives concrete actions, from closing security gaps to targeted security upgrades. Jan also addresses current developments such as NIS2, the Cyber Resilience Act, and the growing demand for European on-prem solutions, while explaining the limits of AI in OT security. The episode is aimed at operators of critical infrastructure, manufacturing and logistics companies, and OT leaders who want to harden their networks and detect real attacks early.