PurdueGuard federates OT scanning tools and IT discovery agents into one shared web console, enforces Purdue model zone boundaries, and fires AI-driven cross-boundary anomaly alerts before threats escalate.
Operational technology environments run Modbus, PROFINET, and DNP3. IT runs TCP/IP. Legacy SCADA systems were never designed for enterprise visibility. PurdueGuard bridges that gap with a federated inventory engine, an AI classification layer, and a compliance framework anchored to the Purdue Reference Model — giving security teams a single source of truth across every zone from Level 0 field devices to Level 4 enterprise systems.
Six foundational capabilities that make OT-IT convergence safe, auditable, and operationally sustainable.
Aggregate asset records from heterogeneous OT scanners and IT discovery tools into a normalized, deduplicated inventory with full lifecycle provenance.
Auto-classify devices to their correct Purdue zone (Levels 0–4) and enforce network segmentation policies with continuous compliance drift detection.
Machine-learning models trained on OT protocol signatures, vendor OUIs, and behavioral telemetry auto-classify unknown devices with confidence scoring.
A single REST/gRPC API surface aggregates telemetry from every connected sensor, scanner, and discovery agent — pre-normalized and schema-validated.
Real-time detection of unauthorized lateral movement between OT zones and IT segments, with configurable severity tiers and SOAR-ready webhook payloads.
A role-aware, browser-native dashboard lets OT engineers and IT security analysts collaborate on the same live data without needing separate tooling stacks.
Every design decision in PurdueGuard traces back to the ISA-95 / IEC 62443 Purdue hierarchy, ensuring your network segmentation is defensible during audits and operational under real-world conditions.
Passive and active scanning modes support Modbus, DNP3, EtherNet/IP, BACnet, and PROFINET without disrupting fragile field device cycles.
Native connectors for NMAP, Nessus, CrowdStrike, Microsoft Defender for IoT, and Claroty feed directly into the federated inventory.
Define allowed communication paths per Purdue level. Any device attempting inter-zone communication outside the whitelist triggers an immediate alert.
One-click export of IEC 62443, NIST CSF, and NERC CIP compliance posture reports aligned to your federated device inventory state.
PurdueGuard deploys as a virtual appliance or SaaS tenant. Most production environments reach full inventory coverage within 72 hours.
Point existing OT scanners and IT discovery agents at the PurdueGuard federation endpoint using our pre-built adapter library or REST API.
The classification engine ingests raw asset records, resolves duplicates across sources, and assigns each device to a Purdue level with a confidence score.
Use the policy wizard to set inter-zone communication rules, approved vendors per level, and alert thresholds aligned to your ICS security requirements.
The shared console surfaces real-time anomalies. Alerts route to your SIEM or SOAR via webhook, and compliance posture updates continuously.
All modules share the same federated inventory core and can be combined. Pricing is per active managed device per month.
Unified device inventory federation across all OT and IT discovery sources. Normalized schema, deduplication engine, and a full asset lifecycle audit trail.
AI-powered Purdue level assignment, zone policy enforcement, inter-zone whitelist management, and continuous compliance drift alerts for IEC 62443 / NERC CIP.
Real-time behavioral baselining and anomaly scoring for cross-boundary lateral movement. SOAR-ready webhook payloads and SIEM-compatible CEF log export.
All modules unified — federated inventory, Purdue segmentation, anomaly detection, compliance reporting, and dedicated solution engineering support.
Most IT security tools break OT environments. PurdueGuard was engineered from the ground up for the constraints of industrial control systems — passive where necessary, non-disruptive always.
No active probes sent to Level 0–1 field devices. Traffic analysis only — zero risk of PLC disruption.
On-premise deployment option with no cloud telemetry egress. Meets requirements for critical infrastructure operators.
Pre-built adapters for 40+ OT and IT tools. No forklift replacement of existing scanning infrastructure.
Compliance posture reports aligned to IEC 62443, NIST CSF 2.0, NERC CIP, and NIS2 — generated in minutes, not days.
A mid-size regional power transmission operator was managing over 14,000 OT devices across three control centers with four separate scanning tools and no unified inventory. PurdueGuard federated all sources, auto-classified every asset to its Purdue level, and delivered the operator's first complete IEC 62443 gap report within the first week of deployment.
"PurdueGuard gave us something we never had before — a single inventory that both our OT engineers and IT security team trust. The Purdue zone mapping was accurate enough to use as the basis for our IEC 62443 gap assessment on day one."
"We had four OT scanning tools generating conflicting data. PurdueGuard's federation layer resolved every duplicate and gave our NOC a clean, authoritative asset list within 48 hours of connecting our first data source."
"The cross-boundary anomaly detection caught a misconfigured historian server reaching into Level 1 — something our SIEM had been missing for months. The alert fired in under two minutes of the connection attempt."
No. PurdueGuard defaults to passive traffic analysis for all Level 0 and Level 1 devices. Active probing is available as an opt-in capability for Level 2 and above, and is always disabled for field devices where a probe could trigger an unexpected control action. This passive-first approach ensures zero risk to your operational processes.
PurdueGuard ships with pre-built adapters for Claroty, Dragos, Nozomi Networks, Fortinet FortiSIEM, Tenable OT Security (formerly Indegy), Armis, and Radiflow, among others. A universal REST adapter allows any tool with a JSON export to feed into the federation layer without custom development.
Yes. PurdueGuard is available as an on-premise virtual appliance (VMware ESXi / KVM / Hyper-V) with no required cloud connectivity. License validation, AI model updates, and threat intelligence feeds can all operate on a scheduled one-way transfer via portable media for fully air-gapped deployments. This is the default configuration for critical infrastructure operators in highly regulated sectors.
Unknown devices are assigned a provisional classification based on protocol behavior, vendor OUI, port fingerprint, and communication pattern analysis. A confidence score is surfaced alongside the classification. Devices below your configured confidence threshold are flagged for manual review in the console, and any manual correction is fed back into the model as a training signal to improve future accuracy.
Built-in compliance report templates cover IEC 62443 (all parts), NIST CSF 2.0, NIST SP 800-82 (Rev. 3), NERC CIP (v7), EU NIS2 Directive, and ICS-CERT recommended practices. Custom framework mapping is available for enterprise customers with bespoke regulatory requirements.
Request a personalized demo or speak with a solutions engineer about your specific OT-IT convergence and compliance requirements.
