What is Active Defense?
Active Defense, a new capability that enables organizations to stop threats during live remote access sessions in operational technology (OT) environments, automatically and without waiting for manual intervention. In many environments, the gap between detecting suspicious activity and stopping an active session can stretch from minutes to hours, leaving adversaries connected to operational systems while a response is coordinated. Active Defense closes that window.
How it works: The capability integrates with OT Asset Visibility & Vulnerability Platforms, connecting OT detection signals directly to session-level enforcement. When suspicious behavior is identified, detection events are correlated and evaluated against policy before enforcement actions are applied — including step-up authentication, session suspension, scoped access restrictions, or session termination. The system also supports correlation-driven escalation, allowing multiple lower-severity events to combine into higher-severity enforcement decisions. By evaluating patterns, frequency, and recency of security events, organizations can apply proportional responses to suspicious activity while reducing the likelihood of false positives.
