Press Release

Industrial Defender Delivers Industry-First OT Machine Learning Engine Using Both Network and Endpoint Data

Industrial Defender's OTML supports machine learning at scale to mitigate cyber risks, including ransomware, for OT environments across the enterprise using Splunk’s Machine Learning Toolkit

Foxborough, MA – October 14, 2021 — Industrial Defender, an operational technology (OT) security pioneer, today announced another industry-first in their long line of innovations, a new OT Machine Learning (OTML) Engine. The OTML Engine is powered by Industrial Defender’s contextual OT endpoint and network data and uses the extensive Splunk Machine Learning Toolkit algorithms, to help businesses implement machine learning at scale across OT environments.

As cyberattacks grow increasingly sophisticated, businesses require centralized machine learning for IT and OT environments – both of which have generally remained disparate and siloed to date – to develop stronger, more accurate data models for detecting, investigating and responding to potential threats. Consuming OT asset and network data in Splunk supports the creation of incident response playbooks specifically for these systems to enable advanced use cases like SOAR.

“The centralization of machine learning is absolutely essential for it to be truly effective across any one organization – otherwise, it’s only useful for the particular system or plant in which it is currently being deployed,” said Peter Lund, Vice President of Product Management, Industrial Defender. “By marrying machine learning for both IT and OT environments in Splunk, our new OTML features enable predictive modeling and incident response for cyberattacks such as ransomware across the entire company, not just at the plant level.”

To successfully implement machine learning at scale, it is important to understand normal, operating baselines so that SOC teams can automate the identification of behavioral deviations and anomalies. Simplifying this process, Industrial Defender’s OTML Engine provides the necessary contextual endpoint data that is labeled appropriately and easy to visualize from an asset-centric point of view.

Key features of the new OTML Engine include:

  • Behavioral Ransomware Detection: Detect when an asset starts exhibiting behavior that is indicative of a ransomware attack.
  • Service and Conversation Anomalies: Detect when asset starts communication using a service(s) outside of the learned behavior for the asset or communicating with asset(s) that are outside of the learned behavior for the asset.
  • Communication Anomalies: Detect when external inbound and outbound communications are being made with an asset that is outside of the learned behavior for the asset.
  • Traffic Volume Anomalies: Detect when an asset is sending/receiving a volume of traffic that is outside of the learned behavior.
  • OT Network Visualizations: Visualize asset-based network connectivity.

To learn more about Industrial Defender’s OTML Engine powered by Splunk, view the solution brief here:

About Industrial Defender

Since 2006, Industrial Defender has been solving the challenge of safely collecting, monitoring, and managing OT asset data at scale, while providing cross-functional teams with a unified view of security. Their specialized solution is tailored to complex industrial control system environments by engineers with decades of hands-on OT experience. Easy integrations into the broader security and enterprise ecosystem empower IT teams with the same visibility, access, and situational awareness that they’re accustomed to on corporate networks. Learn more at

Media Contact:

Erin Anderson
Industrial Defender
Director of Marketing