Xona Systems brings real-time threat response to OT remote access sessions
Xona Systems has introduced Active Defense, a new capability that enables organizations to stop threats during live remote access sessions in operational technology (OT) environments automatically, without waiting for manual intervention. In many environments, the gap between detecting suspicious activity and stopping an active session can stretch from minutes to hours, leaving adversaries connected to operational systems while a response is coordinated. Active Defense closes that window.
Remote connectivity is now essential for operating and maintaining critical infrastructure across sectors, including energy, manufacturing, transportation, and water utilities. At the same time, remote access pathways are frequently targeted by attackers seeking to gain entry into operational environments. Recent advisories from CISA have highlighted nation-state actors specifically targeting remote access pathways into water, energy, and other critical infrastructure sectors, making the ability to act on detection signals in real time an operational necessity.
“Detection without enforcement leaves critical infrastructure exposed,” said Raed Albuliwi, Chief Product Officer at Xona Systems. “Active Defense gives security teams the ability to act in the same moment a threat is identified, not after a manual process has run its course.”
The capability integrates with OT Asset Visibility & Vulnerability Platforms, connecting OT detection signals directly to session-level enforcement through the Xona Secure Remote Access platform. When suspicious behavior is identified, detection events are correlated and evaluated against policy before enforcement actions are applied, including step-up authentication, session suspension, scoped access restrictions, or session termination.
The system also supports correlation-driven escalation, allowing multiple lower-severity events to combine into higher-severity enforcement decisions. By evaluating patterns, frequency, and recency of security events, organizations can apply proportional responses to suspicious activity while reducing the likelihood of false positives.
Unlike approaches that rely on network-level controls that can disrupt sensitive operational systems, Active Defense allows organizations to intervene through secure remote access session management while minimizing the risk of operational disruption.
Active Defense is available as part of the Xona Secure Remote Access platform, which supports deployments in on-premises and hybrid OT environments.